Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Name Not Available Virus [Solved]

Virus name not available malware

  • This topic is locked This topic is locked

#1
orlando123

orlando123

    Member

  • Member
  • PipPip
  • 13 posts

Hello, I have the 'Name Not Available' virus on my computer and i cant get it off. None of the antivirus software that i have used has found it or got rid of it. None of the internet tutorials on how to remove it work. If ever i manage to remove it with an antivirus it will come straight back the next time i turn my PC on. I'm really confused because i cant get rid of it.

 

Thanks


Edited by orlando123, 12 May 2015 - 08:56 AM.

  • 0

Advertisements


#2
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Hi orlando123

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.

Let's get started....

Please follow the steps here (if needed) and provide the logs indicated. Thanks.


  • 0

#3
orlando123

orlando123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hello, thank you for the reply.

 

I followed the steps and these are the two reports

 

FRST: 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Emilio (administrator) on EMILIO-PC on 13-05-2015 15:47:07
Running from C:\Users\Emilio\Desktop
Loaded Profiles: Emilio (Available profiles: Emilio)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(                                                                                                    ) C:\Windows\Temp\mrt7C31.tmp\stdrt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Spotify Ltd) C:\Users\Emilio\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SndVol.exe
(BitTorrent Inc.) C:\Users\Emilio\AppData\Roaming\uTorrent\uTorrent.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682656 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1331456 2015-02-04] (Bogdan Sharkov)
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Run: [Spotify Web Helper] => C:\Users\Emilio\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-28] (Spotify Ltd)
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\MountPoints2: {9d43fbe7-3029-11e4-a90a-60a44c36ee16} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\MountPoints2: {d9007310-03a2-11e4-99f5-60a44c36ee16} - F:\HTC_Sync_Manager_PC.exe
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-06-30] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2658099409-1986326302-2669528513-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-06-30] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-06-30] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-30]
 
Chrome: 
=======
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Profile 1 -> http://ssmsp.ask.com...q={searchTerms}
CHR Profile: C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
CHR Extension: (YouTube) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
CHR Extension: (Google Search) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
CHR Extension: (AdBlock) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-16]
CHR Extension: (Bookmark Manager) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR Extension: (Gmail) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [1202396 2015-04-22] (                                                                                                    ) [File not signed] <==== ATTENTION
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-30] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-24] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [72264 2014-11-28] (360.cn)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-30] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [986688 2015-03-19] (TENCENT)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-12] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-13 15:47 - 2015-05-13 15:47 - 00017232 _____ () C:\Users\Emilio\Desktop\FRST.txt
2015-05-13 15:46 - 2015-05-13 15:47 - 00000000 ____D () C:\FRST
2015-05-13 15:46 - 2015-05-13 15:46 - 02102784 _____ (Farbar) C:\Users\Emilio\Desktop\FRST64.exe
2015-05-13 15:19 - 2015-05-13 15:19 - 00000000 ____D () C:\Users\Emilio\Desktop\Crap
2015-05-12 19:44 - 2015-05-12 19:48 - 00000000 ____D () C:\AdwCleaner
2015-05-12 19:44 - 2015-05-12 19:44 - 02209792 _____ () C:\Users\Emilio\Downloads\adwcleaner_4.204.exe
2015-05-10 22:31 - 2015-05-12 00:19 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-10 22:31 - 2015-05-10 22:54 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-10 22:30 - 2015-05-10 22:30 - 16937048 _____ () C:\Users\Emilio\Downloads\RogueKiller.exe
2015-05-10 22:18 - 2015-05-10 22:18 - 00852630 _____ () C:\Users\Emilio\Downloads\SecurityCheck.exe
2015-05-10 22:14 - 2015-05-10 22:14 - 00092392 _____ () C:\Users\Emilio\Documents\cc_20150510_221421.reg
2015-05-10 21:40 - 2015-05-10 21:40 - 00000000 ____D () C:\Windows\pss
2015-05-10 20:33 - 2015-05-12 00:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-05-10 20:33 - 2015-05-10 20:33 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\SUPERAntiSpyware.com
2015-05-10 20:33 - 2015-05-10 20:33 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-05-10 20:33 - 2015-05-10 20:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-05-08 22:10 - 2015-05-08 22:19 - 00000000 ____D () C:\Users\Emilio\Desktop\MC Server
2015-05-08 22:10 - 2015-05-08 22:11 - 10173586 _____ () C:\Users\Emilio\Downloads\minecraft_server.1.8.4.exe
2015-05-06 23:18 - 2015-05-06 23:19 - 00018511 _____ () C:\Windows\DirectX.log
2015-05-04 17:08 - 2015-05-13 13:59 - 00001232 _____ () C:\Windows\setupact.log
2015-05-04 17:08 - 2015-05-04 17:08 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-23 01:38 - 2015-05-12 16:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 01:37 - 2015-04-23 01:37 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-23 01:37 - 2015-04-23 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-23 01:37 - 2015-04-23 01:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-23 01:37 - 2015-04-23 01:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-23 01:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-23 01:37 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-23 01:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-23 00:28 - 2015-04-23 00:28 - 00000000 _____ () C:\autoexec.bat
2015-04-23 00:26 - 2015-04-23 00:26 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Emilio\Downloads\SpyHunter-Installer.exe
2015-04-23 00:26 - 2015-04-23 00:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-22 20:08 - 2015-04-22 20:08 - 00001720 _____ () C:\Windows\SysWOW64\${LOGFILE}
2015-04-22 20:07 - 2015-05-13 15:46 - 00000105 _____ () C:\Windows\SysWOW64\get.dat
2015-04-22 20:06 - 2015-04-22 20:06 - 00001798 _____ () C:\Windows\SysWOW64\soft.exe
2015-04-22 20:05 - 2015-04-22 20:05 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-22 20:05 - 2015-04-22 20:05 - 00000000 _____ () C:\Windows\SysWOW64\x64.txt
2015-04-22 19:36 - 2015-04-22 19:36 - 00003150 _____ () C:\Windows\System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C}
2015-04-22 19:35 - 2015-04-22 19:51 - 00000057 _____ () C:\momotor.txt
2015-04-22 19:32 - 2015-04-22 19:32 - 00000000 ____D () C:\Users\Emilio\Documents\Optimizer Pro
2015-04-22 19:17 - 2015-04-22 19:17 - 01202396 _____ ( ) C:\Windows\SysWOW64\lnsecsl.exe
2015-04-22 15:39 - 2015-04-22 15:39 - 00000000 ____D () C:\Users\Emilio\Tracing
2015-04-19 13:20 - 2015-04-19 13:20 - 00005872 _____ () C:\Users\Emilio\AppData\Roaming\TWFCU6vfpOHoAjRSLhIoV0
2015-04-19 13:20 - 2015-04-19 13:20 - 00005872 _____ () C:\Users\Emilio\AppData\Roaming\qo7Uxtf4X
2015-04-16 17:01 - 2015-03-25 04:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-16 17:01 - 2015-03-25 04:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-16 17:01 - 2015-03-25 04:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-16 17:01 - 2015-03-25 04:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-16 17:01 - 2015-03-25 04:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-16 17:01 - 2015-03-25 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-16 17:01 - 2015-03-25 04:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-16 17:01 - 2015-03-25 04:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-16 17:01 - 2015-03-25 04:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-16 17:01 - 2015-03-25 04:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-16 17:01 - 2015-03-25 04:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-16 17:01 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-16 17:01 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-16 17:01 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-16 17:01 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-16 17:01 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-16 17:01 - 2015-03-23 04:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 17:01 - 2015-03-23 04:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 17:01 - 2015-03-23 04:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 17:01 - 2015-03-23 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 17:01 - 2015-03-23 04:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 17:01 - 2015-03-23 04:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-16 17:01 - 2015-03-23 04:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 17:01 - 2015-03-23 04:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 17:01 - 2015-03-17 06:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 17:01 - 2015-03-17 06:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 17:01 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-04-16 17:01 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-04-16 17:01 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-04-16 17:01 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-04-16 17:00 - 2015-04-02 01:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-16 17:00 - 2015-04-02 00:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-16 17:00 - 2015-03-17 06:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-16 17:00 - 2015-03-17 06:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-16 17:00 - 2015-03-17 06:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 17:00 - 2015-03-17 06:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 17:00 - 2015-03-17 06:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-16 17:00 - 2015-03-17 06:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-16 17:00 - 2015-03-17 06:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-16 17:00 - 2015-03-17 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 17:00 - 2015-03-17 06:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-16 17:00 - 2015-03-17 06:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-16 17:00 - 2015-03-17 06:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-16 17:00 - 2015-03-17 06:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-16 17:00 - 2015-03-17 06:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 06:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-16 17:00 - 2015-03-17 06:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-16 17:00 - 2015-03-17 05:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 17:00 - 2015-03-17 05:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-16 17:00 - 2015-03-17 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-16 17:00 - 2015-03-17 05:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-16 17:00 - 2015-03-17 05:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-16 17:00 - 2015-03-17 05:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-16 17:00 - 2015-03-17 05:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-16 17:00 - 2015-03-17 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-16 17:00 - 2015-03-17 05:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-16 17:00 - 2015-03-17 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 17:00 - 2015-03-17 05:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-16 17:00 - 2015-03-17 05:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-16 17:00 - 2015-03-17 05:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-16 17:00 - 2015-03-17 05:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-16 17:00 - 2015-03-17 05:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 17:00 - 2015-03-17 05:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-16 17:00 - 2015-03-17 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 17:00 - 2015-03-17 05:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-16 17:00 - 2015-03-17 05:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 04:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 17:00 - 2015-03-17 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 17:00 - 2015-03-17 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 17:00 - 2015-03-17 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 17:00 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 17:00 - 2015-03-13 05:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-16 17:00 - 2015-03-13 05:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-16 17:00 - 2015-03-13 05:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-16 17:00 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 17:00 - 2015-03-13 05:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-16 17:00 - 2015-03-13 05:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-16 17:00 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 17:00 - 2015-03-13 05:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-16 17:00 - 2015-03-13 05:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-16 17:00 - 2015-03-13 04:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-16 17:00 - 2015-03-13 04:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-16 17:00 - 2015-03-13 04:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-16 17:00 - 2015-03-13 04:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-16 17:00 - 2015-03-13 04:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-16 17:00 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 17:00 - 2015-03-13 04:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-16 17:00 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-16 17:00 - 2015-03-13 04:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-16 17:00 - 2015-03-13 04:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-16 17:00 - 2015-03-13 04:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-16 17:00 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-16 17:00 - 2015-03-13 04:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-16 17:00 - 2015-03-13 04:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-16 17:00 - 2015-03-13 04:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-16 17:00 - 2015-03-13 04:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-16 17:00 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 17:00 - 2015-03-13 04:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-16 17:00 - 2015-03-13 04:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-16 17:00 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-16 17:00 - 2015-03-13 04:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-16 17:00 - 2015-03-13 04:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-16 17:00 - 2015-03-13 04:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-16 17:00 - 2015-03-13 04:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-16 17:00 - 2015-03-13 04:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-16 17:00 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 17:00 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 17:00 - 2015-03-13 04:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-16 17:00 - 2015-03-13 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-16 17:00 - 2015-03-13 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-16 17:00 - 2015-03-13 04:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-16 17:00 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 17:00 - 2015-03-13 03:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-16 17:00 - 2015-03-13 03:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-16 17:00 - 2015-03-13 03:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-16 17:00 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-16 17:00 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 17:00 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-16 17:00 - 2015-03-13 03:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-16 17:00 - 2015-03-13 03:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-16 17:00 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-16 17:00 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 17:00 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-16 17:00 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-16 17:00 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-16 17:00 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-16 17:00 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 17:00 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-16 17:00 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-16 17:00 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-16 17:00 - 2015-03-05 06:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 17:00 - 2015-03-05 05:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-16 17:00 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 16:59 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 16:59 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 16:59 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 16:52 - 2015-04-16 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-04-16 16:52 - 2009-04-06 15:24 - 00013368 _____ () C:\Windows\SysWOW64\Drivers\AsIO.sys
2015-04-16 16:52 - 2006-01-10 17:50 - 00024576 _____ () C:\Windows\SysWOW64\AsIO.dll
2015-04-16 16:52 - 2004-02-27 00:00 - 00962612 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42d.dll
2015-04-16 16:52 - 2004-02-17 00:00 - 00434252 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL
2015-04-16 16:51 - 2015-04-16 16:52 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-04-16 16:51 - 2008-01-04 13:34 - 00011832 _____ () C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2015-04-16 16:51 - 2008-01-04 13:34 - 00010216 _____ () C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
2015-04-16 16:50 - 2015-04-16 16:50 - 05922831 _____ () C:\Users\Emilio\Downloads\AMDCoolnQuiet_Utility_V21801_XPVistaWin7.zip
2015-04-16 16:50 - 2009-07-22 10:09 - 00000000 ____D () C:\Users\Emilio\Desktop\AMDCoolnQuiet_Utility_V21801_XPVistaWin7
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-13 15:42 - 2014-07-21 16:26 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\uTorrent
2015-05-13 15:39 - 2014-06-30 15:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-13 15:32 - 2009-07-14 05:45 - 00027888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-13 15:32 - 2009-07-14 05:45 - 00027888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-13 15:19 - 2014-11-02 17:34 - 00000000 ____D () C:\Users\Emilio\Desktop\Torrent
2015-05-13 15:19 - 2014-06-30 21:04 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\Skype
2015-05-13 15:18 - 2014-11-19 21:32 - 01472301 _____ () C:\Windows\WindowsUpdate.log
2015-05-13 15:18 - 2014-07-01 00:14 - 00000000 ____D () C:\Users\Emilio\Desktop\Folders
2015-05-13 15:15 - 2014-06-30 15:46 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-13 15:13 - 2009-07-14 06:13 - 00781522 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-13 15:04 - 2014-06-30 18:52 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-13 14:02 - 2014-10-30 18:48 - 00000000 ____D () C:\Users\Emilio\AppData\Local\HTC MediaHub
2015-05-13 14:02 - 2014-06-30 15:46 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-13 13:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-13 02:00 - 2014-07-08 17:32 - 00000000 ____D () C:\Users\Emilio\AppData\Local\Adobe
2015-05-12 00:54 - 2014-06-30 23:05 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\Spotify
2015-05-12 00:29 - 2014-06-30 23:05 - 00000000 ____D () C:\Users\Emilio\AppData\Local\Spotify
2015-05-11 15:56 - 2014-06-30 15:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-10 20:13 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-10 19:45 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-05-09 21:28 - 2014-07-05 16:12 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\.minecraft
2015-05-04 17:10 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-02 00:22 - 2014-11-20 20:02 - 00000000 ____D () C:\Users\Emilio\Desktop\Mimi's Edited Photos
2015-05-02 00:22 - 2014-11-10 21:59 - 00000000 ____D () C:\Users\Emilio\Desktop\New folder
2015-04-23 02:20 - 2014-07-27 17:37 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\Vso
2015-04-23 02:20 - 2014-07-27 17:37 - 00000000 ____D () C:\ProgramData\VSO
2015-04-23 02:12 - 2014-06-30 14:02 - 00001417 _____ () C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-23 02:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Vss
2015-04-23 02:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-22 20:10 - 2014-06-30 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-22 19:26 - 2009-07-14 03:34 - 00000580 _____ () C:\Windows\win.ini
2015-04-22 15:39 - 2014-06-30 14:01 - 00000000 ____D () C:\Users\Emilio
2015-04-22 15:38 - 2014-06-30 21:04 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-22 15:38 - 2014-06-30 21:04 - 00000000 ____D () C:\ProgramData\Skype
2015-04-20 20:38 - 2014-06-30 15:36 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-17 13:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-04-17 07:20 - 2015-02-19 02:03 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-17 07:20 - 2014-06-30 17:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-17 07:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-04-17 07:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-17 04:04 - 2014-07-27 17:40 - 00000000 ____D () C:\Users\Emilio\Documents\ConvertXtoDVD
2015-04-17 03:21 - 2014-06-30 17:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-17 03:20 - 2014-06-30 15:34 - 00765280 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-17 03:13 - 2014-06-30 18:19 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-17 03:06 - 2014-06-30 18:19 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-16 16:51 - 2014-09-04 21:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-14 20:39 - 2014-06-30 15:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 20:39 - 2014-06-30 15:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 20:39 - 2014-06-30 15:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
==================== Files in the root of some directories =======
 
2014-10-07 21:03 - 2014-11-13 16:37 - 0000132 _____ () C:\Users\Emilio\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-10-10 15:34 - 2014-11-16 16:49 - 0000033 _____ () C:\Users\Emilio\AppData\Roaming\AdobeWLCMCache.dat
2014-07-27 17:37 - 2014-07-27 17:50 - 0099384 _____ () C:\Users\Emilio\AppData\Roaming\inst.exe
2014-07-27 17:37 - 2014-07-27 17:50 - 0007859 _____ () C:\Users\Emilio\AppData\Roaming\pcouffin.cat
2014-07-27 17:37 - 2014-07-27 17:50 - 0001167 _____ () C:\Users\Emilio\AppData\Roaming\pcouffin.inf
2014-07-27 17:37 - 2014-07-27 17:50 - 0000055 _____ () C:\Users\Emilio\AppData\Roaming\pcouffin.log
2014-07-27 17:37 - 2014-07-27 17:50 - 0082816 _____ (VSO Software) C:\Users\Emilio\AppData\Roaming\pcouffin.sys
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Emilio\AppData\Roaming\qo7Uxtf4X
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Emilio\AppData\Roaming\TWFCU6vfpOHoAjRSLhIoV0
2015-03-19 18:42 - 2015-03-19 18:42 - 0000040 _____ () C:\ProgramData\DT0001.dat
 
Files to move or delete:
====================
C:\ProgramData\DT0001.dat
 
 
Some content of TEMP:
====================
C:\Users\Emilio\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Emilio\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Emilio\AppData\Local\Temp\OK_V17_10_SENTRA_4.exe
C:\Users\Emilio\AppData\Local\Temp\optprosetup.exe
C:\Users\Emilio\AppData\Local\Temp\Quarantine.exe
C:\Users\Emilio\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-06 15:54
 
==================== End Of Log ============================
 
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015
Ran by Emilio at 2015-05-13 15:47:48
Running from C:\Users\Emilio\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2658099409-1986326302-2669528513-500 - Administrator - Disabled)
Emilio (S-1-5-21-2658099409-1986326302-2669528513-1000 - Administrator - Enabled) => C:\Users\Emilio
Guest (S-1-5-21-2658099409-1986326302-2669528513-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )
Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version:  - Techland)
Deadlight (HKLM-x32\...\Steam App 211400) (Version:  - Tequila Works, S.L.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
LDC Driving Test Complete (HKLM-x32\...\LDC Driving Test Complete4.3) (Version: 4.3 - Teaching Driving Ltd)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.50.3 - Black Tree Gaming)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sniper Elite: [bleep] Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version:  - )
Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version:  - City Interactive)
Spotify (HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)
Theory Interactive (HKLM-x32\...\{9B97F3A0-993F-4453-BCA8-E0DAFBE57845}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.12 - VSO Software)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
05-05-2015 18:37:08 Windows Update
06-05-2015 23:18:13 Installed DirectX
12-05-2015 15:46:47 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1A953677-74E3-444F-8CC4-A912CE46DFE1} - System32\Tasks\{75309482-F371-47FE-8466-263D412CB69F} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {21C3F5F7-B4FD-42BA-9C7B-597860558FA5} - System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C} => pcalua.exe -a C:\Users\Emilio\AppData\Roaming\omniboxes\UninstallManager.exe -c  -ptid=amt
Task: {342E9D94-4F99-42AB-ADB9-D635119C62EB} - System32\Tasks\{9318126A-1876-49F3-89D4-55284053FB5C} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {5332F044-91FA-4C80-8B67-A114202D8DD0} - System32\Tasks\{ADCEA8CE-F70A-405A-9A78-A9F05ADF22A6} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {5BD50BA8-3F5B-4D0E-A220-9C853240A39C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {5ED59EF4-F8D3-4547-A7A0-A280AD3E4CEC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-30] (AVAST Software)
Task: {6EB71312-ED1A-4F37-9806-AA9153B3E0B1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {814A7705-9A7C-4AD7-8D9A-55829967F451} - System32\Tasks\{0697BA8E-138F-45D0-8245-085B244C50BB} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {9F10C1B2-F9EA-43F2-B502-A124E80AC246} - System32\Tasks\{D6E78667-6E26-432B-920C-780E8486E880} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {A464B143-B217-455D-B0E5-3EA1851A69C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
Task: {ADFE6323-3516-4B44-9498-2C90B54DB501} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {B0B9D2EC-E656-4C35-9CDB-994B83365100} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)
Task: {D60C4BAA-A88E-4FDB-AE99-E58FC18C9A00} - System32\Tasks\AdobeAAMUpdater-1.0-Emilio-PC-Emilio => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {D69CA724-1729-4179-BAC6-E469C73BB6B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E0E52A20-1F1F-4D48-B315-D7D356882973} - System32\Tasks\{2483EE97-4E99-486A-B365-AFB1D35A851E} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {E9296C6A-09F2-4BD0-9363-6E1563E1087F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {EA8B9034-A249-43D0-8EC5-48B905876E16} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {EC77DAC3-806E-4113-B2AC-5EB77050D35A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-04-17 22:29 - 2014-04-17 22:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2014-07-24 12:26 - 2014-07-24 12:26 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-08-06 14:42 - 2014-08-06 14:42 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2014-06-30 15:45 - 2014-06-30 15:45 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-05-12 23:53 - 2015-05-12 23:53 - 02927616 _____ () C:\Program Files\AVAST Software\Avast\defs\15051202\algo.dll
2015-05-13 13:59 - 2015-05-13 13:59 - 02927616 _____ () C:\Program Files\AVAST Software\Avast\defs\15051300\algo.dll
2015-05-13 15:18 - 2015-05-13 15:18 - 02927616 _____ () C:\Program Files\AVAST Software\Avast\defs\15051301\algo.dll
2015-05-13 13:59 - 2015-05-13 13:59 - 00307200 _____ () C:\Windows\TEMP\mrt7C31.tmp\MMFS2.dll
2015-05-13 13:59 - 2015-05-13 13:59 - 00021504 _____ () C:\Windows\TEMP\mrt7C31.tmp\Get.mfx
2015-05-13 13:59 - 2015-05-13 13:59 - 00059392 _____ () C:\Windows\TEMP\mrt7C31.tmp\Yaso.mfx
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-06 14:40 - 2014-08-06 14:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-08-06 14:41 - 2014-08-06 14:41 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-08-06 14:41 - 2014-08-06 14:41 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-08-06 14:41 - 2014-08-06 14:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-08-06 14:42 - 2014-08-06 14:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-08-06 14:44 - 2014-08-06 14:44 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-08-06 14:46 - 2014-08-06 14:46 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-30 15:45 - 2014-06-30 15:45 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-30 18:52 - 2015-03-10 07:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-20 00:43 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-20 00:43 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-20 00:43 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-06-30 18:52 - 2015-04-14 00:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-10 16:30 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-10 16:30 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-10 16:30 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-10 16:30 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-10 16:30 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-06-30 18:52 - 2015-04-14 00:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-04-30 16:16 - 2015-04-28 03:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll
2015-04-30 16:16 - 2015-04-28 03:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll
2014-06-30 18:52 - 2015-02-25 02:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-16 16:44 - 2015-02-25 02:58 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Emilio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hqghumeaylnlf.lnk => C:\Windows\pss\hqghumeaylnlf.lnk.Startup
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: Spotify => "C:\Users\Emilio\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Emilio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
==================== FirewallRules (whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
FirewallRules: [{65ECCB61-FFDC-484C-A04F-2316C07F5DC7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{85921019-0EEA-4D91-BB17-8510CC70ADEB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E7FCAC26-5872-4F7F-8A21-17493CD73956}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{02DC8146-01B6-4904-9ACE-F116613FD864}C:\users\emilio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emilio\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{2667B20E-26CE-438A-9A7E-7877D0C66095}C:\users\emilio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emilio\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A1E70487-E420-44AD-959F-891DF4913958}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{9922D69A-C86E-4FDA-98C7-6A89326C7D6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{DE605DA9-16A6-4B13-856A-D30D502F0CA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{BEC86C61-828B-4D26-A0D7-F4B9FCFF051D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{8287B411-DFF5-49A4-B608-A1492D1BFCC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite [bleep] Zombie Army 2\bin\NZA2.exe
FirewallRules: [{2E9C88AB-4767-45D9-B01F-BEFA2E60006B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite [bleep] Zombie Army 2\bin\NZA2.exe
FirewallRules: [TCP Query User{D7376767-BEE4-4619-B081-6B93A8257A93}C:\users\emilio\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\emilio\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{DE9E087A-5BC4-48D9-BCA8-9D224BA4BB44}C:\users\emilio\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\emilio\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{57A8E6CD-B7CE-4B0C-801C-65666E717879}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EBDAD1DF-C050-43E3-ABAF-C71E0C2F43B9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7EF33E20-E5B5-4AAF-8772-76F8965983B6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A03CB516-3FB8-40F2-8AC8-5B600E081303}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2DCAEF10-BFA1-40FF-B140-9F09828E4FE3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{B414BB56-BF85-4B2B-823A-0AC08E1EADCD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{F580C769-A46A-4C48-A727-8E28943FEC97}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{A46BA622-0DCE-486A-8337-D266E8D0ED07}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{A89F8A73-7765-456D-A6A7-A89D9DF2BAD8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F107676A-C646-48C4-B36B-D24849008D91}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{FCBEA891-9F0F-4B57-B140-25EDF8B10111}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{C2E64427-4592-42DC-86B6-0CDF612C511F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{822B5871-35FC-4C36-A405-079508DB699F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{864205DB-BF1E-4B27-9245-986B832D55E1}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{790BAF01-3317-4F09-9BC7-664A1DC31171}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{77F7E64E-47F2-484F-8662-7320BB85230A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{BDABB101-2EB1-4A0F-A25A-8044E964C83E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{7DB26379-D834-4B14-BBB3-FF56A549D61D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{D7AA3B08-1DED-4326-8707-B9D6A4842247}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\diriptide\DeadIslandGame_x86_rwdi.exe
FirewallRules: [{6A2C51DA-587C-4288-A8CE-6481C282C686}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{494499DD-23B8-4494-9BE6-74044E8D18FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{15454EAA-0036-4B46-9686-DA51C17D4E8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{37834BC6-5AA5-4082-8DD6-752353DB8A28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A7E400B3-1072-4004-93E3-7DE439D13C94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C018FB1E-9DC7-4835-B08D-EB067B36FEF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{56CCD0CE-3305-4C96-9B5D-1F9B9DDB2FB7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F330173A-5216-419B-BCA1-EEA3E2A2F9EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{90CA844A-5C8C-4B41-917B-B0CFBDF23050}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe
FirewallRules: [{4BA398B0-17CE-4965-9BF1-079A58106128}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe
FirewallRules: [{3EAA50EC-176C-4023-8A6B-BAA6B5E8A43E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe
FirewallRules: [{EDC18710-7FC9-4B76-AE1D-4270B12A04CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{D34248AA-28A5-46A3-A305-511B6DE6BFA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [TCP Query User{63D5F57E-1252-4771-83E3-F31B33F99FC1}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [UDP Query User{13526773-5DA9-4444-86F3-9D3EE1058F5F}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [{B5CBD7BB-6225-4920-891F-2D00E73C70D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{8E66BFC9-FCBF-439B-A095-DAC11D25EF66}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{A5F68190-4C20-4434-AFC2-E68C90819587}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{8536BAAF-12C4-45E0-A9C5-CA71B1D8CAB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe
FirewallRules: [{567F97D4-70E2-421B-B539-962B76C83592}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{46995CE3-26B5-4048-8237-B97272A97334}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe
FirewallRules: [{C24EA8DA-96C2-4A5C-B87A-5B6F5BDC1B8E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [{120F812C-3909-402F-9340-C2F455D3AFDD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe
FirewallRules: [TCP Query User{56CC843E-80AD-445E-98CE-C9E676643927}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{B479A9E1-1596-4D4B-8211-FD0BEE17423C}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{B887199F-0576-47E9-9855-86067EBB6AA3}] => (Allow) c:\users\emilio\appdata\roaming\tencent\使命召唤online\728aa386a04c6f426fb1029594f009ae\teniodl\teniodl.exe
FirewallRules: [{7F72AED9-F4C1-45F8-AA15-E8C5FC7A1A03}] => (Allow) c:\users\emilio\appdata\roaming\tencent\使命召唤online\728aa386a04c6f426fb1029594f009ae\teniodl\teniodl.exe
FirewallRules: [{1D331076-35CB-420F-8D31-A79F8A184179}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{338460CE-3BC7-4E5C-A778-A7C6A6729E4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{CF74A246-FB1C-4068-85FE-F0A206D783ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AC7D87FF-C1A1-45A5-A599-57A941933AFB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{587D2BB5-9A9C-4365-95CE-71CA5B47D952}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{95FA3280-A7FC-4C9A-A8B1-68029CF02FE2}C:\users\emilio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emilio\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DE9CC62E-D3F6-4CB4-AAD9-BA2B6C78FF99}C:\users\emilio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emilio\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{AB959236-51E6-4E52-8129-238837551AAD}C:\users\emilio\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\emilio\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{AC2FB2B7-9EB0-48E2-BD2D-6D51D5F8F67D}C:\users\emilio\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\emilio\appdata\roaming\utorrent\utorrent.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/13/2015 03:47:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (05/13/2015 02:47:42 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (05/13/2015 02:02:39 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.
 
Error: (05/13/2015 02:00:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/13/2015 04:08:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error: (05/13/2015 03:38:31 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (05/13/2015 02:38:31 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (05/13/2015 01:38:31 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (05/13/2015 00:38:31 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
Error: (05/12/2015 11:38:31 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:
0x80070005
 
 
System errors:
=============
Error: (05/13/2015 02:47:42 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
 
Error: (05/13/2015 01:59:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Licensing Console service failed to start due to the following error: 
%%1053
 
Error: (05/13/2015 01:59:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Licensing Console service to connect.
 
Error: (05/12/2015 08:38:30 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
 
Error: (05/12/2015 07:50:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Adobe Licensing Console service failed to start due to the following error: 
%%1053
 
Error: (05/12/2015 07:50:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Licensing Console service to connect.
 
Error: (05/12/2015 07:48:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/12/2015 07:48:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/12/2015 07:48:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/12/2015 07:48:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: AMD FX™-4100 Quad-Core Processor 
Percentage of memory in use: 32%
Total physical RAM: 8174.12 MB
Available physical RAM: 5508.27 MB
Total Pagefile: 16346.43 MB
Available Pagefile: 13493.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:581.88 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 46DD1228)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

#4
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

FIRST >>>>


:upset: :upset: :upset: ALERT!!! P2P WARNING ALERT!!! :upset: :upset: :upset:



You have a P2P / file sharing application on your system!! While this may not be a surprize to you (most likely installed by you or another user on the system) and the file sharing application itself may be safe, the files shared could be a little more than you hoped for. File sharing has been shown to be a major source for trojans, virii, worms and webbot attacks to spread on the internet. There are exploits in file sharing software that can be used to compromise your system and personal information. You may be sharing a lot more than just a little bandwidth to 'help the community share' information.

Geeks to Go recommends that you uninstall your P2P software; you have to have open pathways (network ports) in and out of your system and you could be helping to move illegal files (copyrighted material (software, movies, video, etc.) even if you don't 'download' them yourself.

If you choose to keep your P2P program installed, I must ask that you de-activate / shutdown the software and not use it until the cleaning of your system is done.

Application to uninstall: µTorrent

Need more info? Read these:

 

 

 

SECOND >>>>

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt




Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\MountPoints2: {9d43fbe7-3029-11e4-a90a-60a44c36ee16} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\MountPoints2: {d9007310-03a2-11e4-99f5-60a44c36ee16} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2658099409-1986326302-2669528513-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [1202396 2015-04-22] ( ) [File not signed] <==== ATTENTION
C:\Windows\SysWOW64\lnsecsl.exe
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [72264 2014-11-28] (360.cn)
C:\Windows\System32\DRIVERS\360netmon.sys
2015-04-23 00:26 - 2015-04-23 00:26 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Emilio\Downloads\SpyHunter-Installer.exe
2015-04-23 00:26 - 2015-04-23 00:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-22 20:08 - 2015-04-22 20:08 - 00001720 _____ () C:\Windows\SysWOW64\${LOGFILE}
2015-04-22 20:07 - 2015-05-13 15:46 - 00000105 _____ () C:\Windows\SysWOW64\get.dat
2015-04-22 20:06 - 2015-04-22 20:06 - 00001798 _____ () C:\Windows\SysWOW64\soft.exe
2015-04-22 20:05 - 2015-04-22 20:05 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-22 20:05 - 2015-04-22 20:05 - 00000000 _____ () C:\Windows\SysWOW64\x64.txt
2015-04-22 19:36 - 2015-04-22 19:36 - 00003150 _____ () C:\Windows\System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C}
2015-04-22 19:35 - 2015-04-22 19:51 - 00000057 _____ () C:\momotor.txt
2015-04-22 19:32 - 2015-04-22 19:32 - 00000000 ____D () C:\Users\Emilio\Documents\Optimizer Pro
2015-04-22 19:17 - 2015-04-22 19:17 - 01202396 _____ ( ) C:\Windows\SysWOW64\lnsecsl.exe
2015-04-19 13:20 - 2015-04-19 13:20 - 00005872 _____ () C:\Users\Emilio\AppData\Roaming\TWFCU6vfpOHoAjRSLhIoV0
2015-04-19 13:20 - 2015-04-19 13:20 - 00005872 _____ () C:\Users\Emilio\AppData\Roaming\qo7Uxtf4X
C:\ProgramData\DT0001.dat
C:\Users\Emilio\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Emilio\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Emilio\AppData\Local\Temp\OK_V17_10_SENTRA_4.exe
C:\Users\Emilio\AppData\Local\Temp\optprosetup.exe
C:\Users\Emilio\AppData\Local\Temp\sqlite3.dll
Task: {1A953677-74E3-444F-8CC4-A912CE46DFE1} - System32\Tasks\{75309482-F371-47FE-8466-263D412CB69F} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {21C3F5F7-B4FD-42BA-9C7B-597860558FA5} - System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C} => pcalua.exe -a C:\Users\Emilio\AppData\Roaming\omniboxes\UninstallManager.exe -c -ptid=amt
C:\Users\Emilio\AppData\Roaming\omniboxes\UninstallManager.exe
Task: {814A7705-9A7C-4AD7-8D9A-55829967F451} - System32\Tasks\{0697BA8E-138F-45D0-8245-085B244C50BB} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {9F10C1B2-F9EA-43F2-B502-A124E80AC246} - System32\Tasks\{D6E78667-6E26-432B-920C-780E8486E880} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {E0E52A20-1F1F-4D48-B315-D7D356882973} - System32\Tasks\{2483EE97-4E99-486A-B365-AFB1D35A851E} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
2015-05-13 13:59 - 2015-05-13 13:59 - 00307200 _____ () C:\Windows\TEMP\mrt7C31.tmp\MMFS2.dll
2015-05-13 13:59 - 2015-05-13 13:59 - 00021504 _____ () C:\Windows\TEMP\mrt7C31.tmp\Get.mfx
2015-05-13 13:59 - 2015-05-13 13:59 - 00059392 _____ () C:\Windows\TEMP\mrt7C31.tmp\Yaso.mfx
FirewallRules: [{B887199F-0576-47E9-9855-86067EBB6AA3}] => (Allow) c:\users\emilio\appdata\roaming\tencent\????online\728aa386a04c6f426fb1029594f009ae\teniodl\teniodl.exe
FirewallRules: [{7F72AED9-F4C1-45F8-AA15-E8C5FC7A1A03}] => (Allow) c:\users\emilio\appdata\roaming\tencent\????online\728aa386a04c6f426fb1029594f009ae\teniodl\teniodl.exe
C:\Windows\pss\hqghumeaylnlf.lnk.Startup
RemoveProxy:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


  • 0

#5
orlando123

orlando123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Okay, I have done this, here are the results.

 

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2015 01
Ran by Emilio at 2015-05-14 17:46:48 Run:1
Running from C:\Users\Emilio\Desktop
Loaded Profiles: Emilio (Available profiles: Emilio)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\MountPoints2: {9d43fbe7-3029-11e4-a90a-60a44c36ee16} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\MountPoints2: {d9007310-03a2-11e4-99f5-60a44c36ee16} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2658099409-1986326302-2669528513-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [1202396 2015-04-22] ( ) [File not signed] <==== ATTENTION
C:\Windows\SysWOW64\lnsecsl.exe
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [72264 2014-11-28] (360.cn)
C:\Windows\System32\DRIVERS\360netmon.sys
2015-04-23 00:26 - 2015-04-23 00:26 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Emilio\Downloads\SpyHunter-Installer.exe
2015-04-23 00:26 - 2015-04-23 00:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-22 20:08 - 2015-04-22 20:08 - 00001720 _____ () C:\Windows\SysWOW64\${LOGFILE}
2015-04-22 20:07 - 2015-05-13 15:46 - 00000105 _____ () C:\Windows\SysWOW64\get.dat
2015-04-22 20:06 - 2015-04-22 20:06 - 00001798 _____ () C:\Windows\SysWOW64\soft.exe
2015-04-22 20:05 - 2015-04-22 20:05 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-22 20:05 - 2015-04-22 20:05 - 00000000 _____ () C:\Windows\SysWOW64\x64.txt
2015-04-22 19:36 - 2015-04-22 19:36 - 00003150 _____ () C:\Windows\System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C}
2015-04-22 19:35 - 2015-04-22 19:51 - 00000057 _____ () C:\momotor.txt
2015-04-22 19:32 - 2015-04-22 19:32 - 00000000 ____D () C:\Users\Emilio\Documents\Optimizer Pro
2015-04-22 19:17 - 2015-04-22 19:17 - 01202396 _____ ( ) C:\Windows\SysWOW64\lnsecsl.exe
2015-04-19 13:20 - 2015-04-19 13:20 - 00005872 _____ () C:\Users\Emilio\AppData\Roaming\TWFCU6vfpOHoAjRSLhIoV0
2015-04-19 13:20 - 2015-04-19 13:20 - 00005872 _____ () C:\Users\Emilio\AppData\Roaming\qo7Uxtf4X
C:\ProgramData\DT0001.dat
C:\Users\Emilio\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Emilio\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Emilio\AppData\Local\Temp\OK_V17_10_SENTRA_4.exe
C:\Users\Emilio\AppData\Local\Temp\optprosetup.exe
C:\Users\Emilio\AppData\Local\Temp\sqlite3.dll
Task: {1A953677-74E3-444F-8CC4-A912CE46DFE1} - System32\Tasks\{75309482-F371-47FE-8466-263D412CB69F} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {21C3F5F7-B4FD-42BA-9C7B-597860558FA5} - System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C} => pcalua.exe -a C:\Users\Emilio\AppData\Roaming\omniboxes\UninstallManager.exe -c -ptid=amt
C:\Users\Emilio\AppData\Roaming\omniboxes\UninstallManager.exe
Task: {814A7705-9A7C-4AD7-8D9A-55829967F451} - System32\Tasks\{0697BA8E-138F-45D0-8245-085B244C50BB} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {9F10C1B2-F9EA-43F2-B502-A124E80AC246} - System32\Tasks\{D6E78667-6E26-432B-920C-780E8486E880} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {E0E52A20-1F1F-4D48-B315-D7D356882973} - System32\Tasks\{2483EE97-4E99-486A-B365-AFB1D35A851E} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
2015-05-13 13:59 - 2015-05-13 13:59 - 00307200 _____ () C:\Windows\TEMP\mrt7C31.tmp\MMFS2.dll
2015-05-13 13:59 - 2015-05-13 13:59 - 00021504 _____ () C:\Windows\TEMP\mrt7C31.tmp\Get.mfx
2015-05-13 13:59 - 2015-05-13 13:59 - 00059392 _____ () C:\Windows\TEMP\mrt7C31.tmp\Yaso.mfx
FirewallRules: [{B887199F-0576-47E9-9855-86067EBB6AA3}] => (Allow) c:\users\emilio\appdata\roaming\tencent\????online\728aa386a04c6f426fb1029594f009ae\teniodl\teniodl.exe
FirewallRules: [{7F72AED9-F4C1-45F8-AA15-E8C5FC7A1A03}] => (Allow) c:\users\emilio\appdata\roaming\tencent\????online\728aa386a04c6f426fb1029594f009ae\teniodl\teniodl.exe
C:\Windows\pss\hqghumeaylnlf.lnk.Startup
RemoveProxy:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
"HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d43fbe7-3029-11e4-a90a-60a44c36ee16}" => Key deleted successfully.
HKCR\CLSID\{9d43fbe7-3029-11e4-a90a-60a44c36ee16} => Key not found. 
"HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9007310-03a2-11e4-99f5-60a44c36ee16}" => Key deleted successfully.
HKCR\CLSID\{d9007310-03a2-11e4-99f5-60a44c36ee16} => Key not found. 
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Adobe Licensing Console => Service deleted successfully.
C:\Windows\SysWOW64\lnsecsl.exe => Moved successfully.
360netmon => Unable to stop service
360netmon => Service deleted successfully.
C:\Windows\System32\DRIVERS\360netmon.sys => Moved successfully.
C:\Users\Emilio\Downloads\SpyHunter-Installer.exe => Moved successfully.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Windows\SysWOW64\${LOGFILE} => Moved successfully.
C:\Windows\SysWOW64\get.dat => Moved successfully.
C:\Windows\SysWOW64\soft.exe => Moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\Windows\SysWOW64\x64.txt => Moved successfully.
C:\Windows\System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C} => Moved successfully.
C:\momotor.txt => Moved successfully.
C:\Users\Emilio\Documents\Optimizer Pro => Moved successfully.
"C:\Windows\SysWOW64\lnsecsl.exe" => File/Directory not found.
C:\Users\Emilio\AppData\Roaming\TWFCU6vfpOHoAjRSLhIoV0 => Moved successfully.
C:\Users\Emilio\AppData\Roaming\qo7Uxtf4X => Moved successfully.
C:\ProgramData\DT0001.dat => Moved successfully.
C:\Users\Emilio\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Emilio\AppData\Local\Temp\EsgInstallerx64Stub.exe => Moved successfully.
C:\Users\Emilio\AppData\Local\Temp\OK_V17_10_SENTRA_4.exe => Moved successfully.
C:\Users\Emilio\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\Emilio\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A953677-74E3-444F-8CC4-A912CE46DFE1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A953677-74E3-444F-8CC4-A912CE46DFE1}" => Key deleted successfully.
C:\Windows\System32\Tasks\{75309482-F371-47FE-8466-263D412CB69F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{75309482-F371-47FE-8466-263D412CB69F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21C3F5F7-B4FD-42BA-9C7B-597860558FA5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21C3F5F7-B4FD-42BA-9C7B-597860558FA5}" => Key deleted successfully.
C:\Windows\System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C}" => Key deleted successfully.
"C:\Users\Emilio\AppData\Roaming\omniboxes\UninstallManager.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{814A7705-9A7C-4AD7-8D9A-55829967F451}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{814A7705-9A7C-4AD7-8D9A-55829967F451}" => Key deleted successfully.
C:\Windows\System32\Tasks\{0697BA8E-138F-45D0-8245-085B244C50BB} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0697BA8E-138F-45D0-8245-085B244C50BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F10C1B2-F9EA-43F2-B502-A124E80AC246}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F10C1B2-F9EA-43F2-B502-A124E80AC246}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D6E78667-6E26-432B-920C-780E8486E880} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D6E78667-6E26-432B-920C-780E8486E880}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0E52A20-1F1F-4D48-B315-D7D356882973}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0E52A20-1F1F-4D48-B315-D7D356882973}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2483EE97-4E99-486A-B365-AFB1D35A851E} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2483EE97-4E99-486A-B365-AFB1D35A851E}" => Key deleted successfully.
C:\Windows\TEMP\mrt7C31.tmp\MMFS2.dll => Moved successfully.
C:\Windows\TEMP\mrt7C31.tmp\Get.mfx => Moved successfully.
C:\Windows\TEMP\mrt7C31.tmp\Yaso.mfx => Moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B887199F-0576-47E9-9855-86067EBB6AA3} => value deleted successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F72AED9-F4C1-45F8-AA15-E8C5FC7A1A03} => value deleted successfully.
C:\Windows\pss\hqghumeaylnlf.lnk.Startup => Moved successfully.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
 
 
The system needed a reboot. 
 
==== End of Fixlog 17:47:18 ====

  • 0

#6
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v4111_zpsn56hzjza.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

 

 

Information to Reply with >>>>

  • The JRT.txt log file text.

     

     

  • The AdwCleaner[S#].txt log file text.

     

     

  • How is your system running now?

 

 


  • 0

#7
orlando123

orlando123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here are the two reports

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.1 (05.14.2015:1)
OS: Windows 7 Home Premium x64
Ran by Emilio on 14/05/2015 at 23:33:41.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Wooden Seal
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/05/2015 at 23:36:47.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ADW:
# AdwCleaner v4.203 - Logfile created 14/05/2015 at 23:40:40
# Updated 30/04/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Emilio - EMILIO-PC
# Running from : C:\Users\Emilio\Desktop\adwcleaner_4.203.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Google Chrome v42.0.2311.152
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [833 bytes] - [12/05/2015 19:44:25]
AdwCleaner[R1].txt - [893 bytes] - [13/05/2015 21:46:42]
AdwCleaner[R2].txt - [1007 bytes] - [14/05/2015 23:39:09]
AdwCleaner[S0].txt - [898 bytes] - [12/05/2015 19:48:51]
AdwCleaner[S1].txt - [956 bytes] - [13/05/2015 21:47:56]
AdwCleaner[S2].txt - [934 bytes] - [14/05/2015 23:40:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [992  bytes] ##########
 
My computer is running okay. But whenever I restart it, avast always comes up with a two threat has been detected messgaes both blocking a file called 'SVChost' or something like that in my system32 folder. This happend even after i restarted my PC from running Adwcleaner. Im not sure what that is.

  • 0

#8
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

First, please update Avast! Free Antivirus to the latest version (v10.2.2218).  You can see the annoucement of this version here and get the update by using the in-product update feature (Settings->Update->Program).  Once updated and the system rebooted, do a full scan and report the results back here.


  • 0

#9
orlando123

orlando123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I updated Avast and did the full system scan, as you asked. The results said that there were no threats found, I don't know what the file in my system 32 is. When reading up on the 'Name Not Available Virus' it said that your antivirus wont detect that you have it or something like that. Not sure if that helps or is relevant but its what i found out. Thanks


  • 0

#10
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Where are you getting the information on the virus?  Where did you read this, please?


  • 0

Advertisements


#11
orlando123

orlando123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I googled it and read at least 10 links and they all said that it can be hidden from the anti virus. http://blog.yoocare....n-volume-mixer/I read it on links link these. I couldn't follow any of the steps on the website because I couldn't find any of the things on my PC it was telling me to find. I also didn't want to mess with my registry.

 

Ever since followed the steps you gave to me I haven't had it in my volume mixer.


  • 0

#12
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts


Malwarebytes' Anti-Malware
Please start Malwarebytes' Anti-Malware from either your desktop or Start menu shortcut.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link
Main%20Screen_zpsnnwza0ky.png

Once updated, please select Settings > Detection and Protection. Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"
Detection%20Settings_zpsaviydqil.png

Once the program has loaded and updated, select "Scan Now >>" to start the scan.
Main%20Screen_zpsnnwza0ky.png

The scan may take some time to finish, so please be patient.
mbam21-scaninprogress_zps38w26yvt.jpg

If any malware is found, you will be presented with a screen like the one below.
mbam21-removeselected_zpsg83p7wis.jpg

Make sure that everything is checked, and click Remove Selected. when the removal is completed, a summary screen will be presented.
mbam21-saveresults_zpszocfy4qr.jpg

At the bottom of this screen, click on Save Results and then on Text file (*.txt). Save the file to your desktop and click OK. Click Finish to return to the main screen and then close Malwarebytes.
mbam21-finish_zpshfl56bcn.jpg

Double click on log file you saved to your desktop; the log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#13
orlando123

orlando123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 16/05/2015
Scan Time: 01:53:14
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.05.15.05
Rootkit Database: v2015.05.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Emilio
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 359362
Time Elapsed: 15 min, 40 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#14
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

How is your system running?


  • 0

#15
orlando123

orlando123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Its running okay, but I still get the message about the file in my system 32 but other than that it is okay. But last night my power shut off for a brief second on everything not just my PC, but when it came back on the resolution is really zoomed in and i cant get it back. My default resolution isn't in the settings either so Im on a really zoomed in screen at the moment and its difficult to do much.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Virus, name not available, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP