[orlando123]

Hello, I have the 'Name Not Available' virus on my computer and i cant get it off. None of the antivirus software that i have used has found it or got rid of it. None of the internet tutorials on how to remove it work. If ever i manage to remove it with an antivirus it will come straight back the next time i turn my PC on. I'm really confused because i cant get rid of it.

 

Thanks

Edited by orlando123, 12 May 2015 - 08:56 AM.

[Advertisements]

Hi orlando123

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.

Let's get started....

Please follow the steps here (if needed) and provide the logs indicated. Thanks.

[dbreeze]

Hi orlando123

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

• Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
• All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
• If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
• While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
• Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
• Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

- Save ALL Tools to your Desktop-

 

All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

Quoted from and used by permission of BrianDrab. Thank you.

Let's get started....

Please follow the steps here (if needed) and provide the logs indicated. Thanks.

[orlando123]

Hello, thank you for the reply.

 

I followed the steps and these are the two reports

 

FRST: 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015

Ran by Emilio (administrator) on EMILIO-PC on 13-05-2015 15:47:07

Running from C:\Users\Emilio\Desktop

Loaded Profiles: Emilio (Available profiles: Emilio)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AMD) C:\Windows\System32\atieclxx.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

(                                                                                                    ) C:\Windows\Temp\mrt7C31.tmp\stdrt.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe

() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe

(Spotify Ltd) C:\Users\Emilio\AppData\Roaming\Spotify\SpotifyWebHelper.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\SndVol.exe

(BitTorrent Inc.) C:\Users\Emilio\AppData\Roaming\uTorrent\uTorrent.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682656 2015-03-25] (Skype Technologies S.A.)

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1331456 2015-02-04] (Bogdan Sharkov)

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Run: [Spotify Web Helper] => C:\Users\Emilio\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-28] (Spotify Ltd)

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\MountPoints2: {9d43fbe7-3029-11e4-a90a-60a44c36ee16} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\MountPoints2: {d9007310-03a2-11e4-99f5-60a44c36ee16} - F:\HTC_Sync_Manager_PC.exe

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2014-06-30] (AVAST Software)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-2658099409-1986326302-2669528513-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-06-30] (AVAST Software)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-06-30] (AVAST Software)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)

FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()

FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [2014-05-26] (EA Digital Illusions CE AB)

FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-30]

 

Chrome: 

=======

CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"

CHR DefaultSuggestURL: Profile 1 -> http://ssmsp.ask.com...q={searchTerms}

CHR Profile: C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Drive) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]

CHR Extension: (YouTube) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]

CHR Extension: (Google Search) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]

CHR Extension: (AdBlock) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-16]

CHR Extension: (Bookmark Manager) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]

CHR Extension: (Google Wallet) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]

CHR Extension: (Gmail) - C:\Users\Emilio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-06-30]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)

S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [1202396 2015-04-22] (                                                                                                    ) [File not signed] <==== ATTENTION

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-06-30] (AVAST Software)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)

R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-07-24] ()

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [72264 2014-11-28] (360.cn)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-06-30] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-06-30] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-06-30] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-06-30] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-22] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-06-30] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-06-30] ()

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

S3 TesSafe; C:\Windows\system32\TesSafe.sys [986688 2015-03-19] (TENCENT)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-12] ()

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-05-13 15:47 - 2015-05-13 15:47 - 00017232 _____ () C:\Users\Emilio\Desktop\FRST.txt

2015-05-13 15:46 - 2015-05-13 15:47 - 00000000 ____D () C:\FRST

2015-05-13 15:46 - 2015-05-13 15:46 - 02102784 _____ (Farbar) C:\Users\Emilio\Desktop\FRST64.exe

2015-05-13 15:19 - 2015-05-13 15:19 - 00000000 ____D () C:\Users\Emilio\Desktop\Crap

2015-05-12 19:44 - 2015-05-12 19:48 - 00000000 ____D () C:\AdwCleaner

2015-05-12 19:44 - 2015-05-12 19:44 - 02209792 _____ () C:\Users\Emilio\Downloads\adwcleaner_4.204.exe

2015-05-10 22:31 - 2015-05-12 00:19 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-05-10 22:31 - 2015-05-10 22:54 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-05-10 22:30 - 2015-05-10 22:30 - 16937048 _____ () C:\Users\Emilio\Downloads\RogueKiller.exe

2015-05-10 22:18 - 2015-05-10 22:18 - 00852630 _____ () C:\Users\Emilio\Downloads\SecurityCheck.exe

2015-05-10 22:14 - 2015-05-10 22:14 - 00092392 _____ () C:\Users\Emilio\Documents\cc_20150510_221421.reg

2015-05-10 21:40 - 2015-05-10 21:40 - 00000000 ____D () C:\Windows\pss

2015-05-10 20:33 - 2015-05-12 00:17 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware

2015-05-10 20:33 - 2015-05-10 20:33 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\SUPERAntiSpyware.com

2015-05-10 20:33 - 2015-05-10 20:33 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

2015-05-10 20:33 - 2015-05-10 20:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com

2015-05-08 22:10 - 2015-05-08 22:19 - 00000000 ____D () C:\Users\Emilio\Desktop\MC Server

2015-05-08 22:10 - 2015-05-08 22:11 - 10173586 _____ () C:\Users\Emilio\Downloads\minecraft_server.1.8.4.exe

2015-05-06 23:18 - 2015-05-06 23:19 - 00018511 _____ () C:\Windows\DirectX.log

2015-05-04 17:08 - 2015-05-13 13:59 - 00001232 _____ () C:\Windows\setupact.log

2015-05-04 17:08 - 2015-05-04 17:08 - 00000000 _____ () C:\Windows\setuperr.log

2015-04-23 01:38 - 2015-05-12 16:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-23 01:37 - 2015-04-23 01:37 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-04-23 01:37 - 2015-04-23 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-04-23 01:37 - 2015-04-23 01:37 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-04-23 01:37 - 2015-04-23 01:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-04-23 01:37 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-04-23 01:37 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-04-23 01:37 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-04-23 00:28 - 2015-04-23 00:28 - 00000000 _____ () C:\autoexec.bat

2015-04-23 00:26 - 2015-04-23 00:26 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Emilio\Downloads\SpyHunter-Installer.exe

2015-04-23 00:26 - 2015-04-23 00:26 - 00000000 ____D () C:\Program Files\Enigma Software Group

2015-04-22 20:08 - 2015-04-22 20:08 - 00001720 _____ () C:\Windows\SysWOW64\${LOGFILE}

2015-04-22 20:07 - 2015-05-13 15:46 - 00000105 _____ () C:\Windows\SysWOW64\get.dat

2015-04-22 20:06 - 2015-04-22 20:06 - 00001798 _____ () C:\Windows\SysWOW64\soft.exe

2015-04-22 20:05 - 2015-04-22 20:05 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

2015-04-22 20:05 - 2015-04-22 20:05 - 00000000 _____ () C:\Windows\SysWOW64\x64.txt

2015-04-22 19:36 - 2015-04-22 19:36 - 00003150 _____ () C:\Windows\System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C}

2015-04-22 19:35 - 2015-04-22 19:51 - 00000057 _____ () C:\momotor.txt

2015-04-22 19:32 - 2015-04-22 19:32 - 00000000 ____D () C:\Users\Emilio\Documents\Optimizer Pro

2015-04-22 19:17 - 2015-04-22 19:17 - 01202396 _____ ( ) C:\Windows\SysWOW64\lnsecsl.exe

2015-04-22 15:39 - 2015-04-22 15:39 - 00000000 ____D () C:\Users\Emilio\Tracing

2015-04-19 13:20 - 2015-04-19 13:20 - 00005872 _____ () C:\Users\Emilio\AppData\Roaming\TWFCU6vfpOHoAjRSLhIoV0

2015-04-19 13:20 - 2015-04-19 13:20 - 00005872 _____ () C:\Users\Emilio\AppData\Roaming\qo7Uxtf4X

2015-04-16 17:01 - 2015-03-25 04:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-04-16 17:01 - 2015-03-25 04:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-04-16 17:01 - 2015-03-25 04:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-04-16 17:01 - 2015-03-25 04:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-04-16 17:01 - 2015-03-25 04:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-04-16 17:01 - 2015-03-25 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-04-16 17:01 - 2015-03-25 04:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-04-16 17:01 - 2015-03-25 04:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-04-16 17:01 - 2015-03-25 04:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-04-16 17:01 - 2015-03-25 04:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-04-16 17:01 - 2015-03-25 04:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-04-16 17:01 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-04-16 17:01 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-04-16 17:01 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-04-16 17:01 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-04-16 17:01 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-04-16 17:01 - 2015-03-23 04:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-04-16 17:01 - 2015-03-23 04:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-04-16 17:01 - 2015-03-23 04:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-04-16 17:01 - 2015-03-23 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-04-16 17:01 - 2015-03-23 04:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-04-16 17:01 - 2015-03-23 04:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-04-16 17:01 - 2015-03-23 04:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-04-16 17:01 - 2015-03-23 04:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-04-16 17:01 - 2015-03-17 06:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-04-16 17:01 - 2015-03-17 06:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-04-16 17:01 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll

2015-04-16 17:01 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll

2015-04-16 17:01 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll

2015-04-16 17:01 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll

2015-04-16 17:00 - 2015-04-02 01:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-04-16 17:00 - 2015-04-02 00:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-04-16 17:00 - 2015-03-17 06:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-04-16 17:00 - 2015-03-17 06:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-04-16 17:00 - 2015-03-17 06:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2015-04-16 17:00 - 2015-03-17 06:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-04-16 17:00 - 2015-03-17 06:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-04-16 17:00 - 2015-03-17 06:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-04-16 17:00 - 2015-03-17 06:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-04-16 17:00 - 2015-03-17 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-04-16 17:00 - 2015-03-17 06:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe

2015-04-16 17:00 - 2015-03-17 06:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-04-16 17:00 - 2015-03-17 06:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-04-16 17:00 - 2015-03-17 06:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-04-16 17:00 - 2015-03-17 06:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 06:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-04-16 17:00 - 2015-03-17 06:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-04-16 17:00 - 2015-03-17 05:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-04-16 17:00 - 2015-03-17 05:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-04-16 17:00 - 2015-03-17 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-04-16 17:00 - 2015-03-17 05:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-04-16 17:00 - 2015-03-17 05:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-04-16 17:00 - 2015-03-17 05:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-04-16 17:00 - 2015-03-17 05:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-04-16 17:00 - 2015-03-17 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-04-16 17:00 - 2015-03-17 05:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-04-16 17:00 - 2015-03-17 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-04-16 17:00 - 2015-03-17 05:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2015-04-16 17:00 - 2015-03-17 05:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2015-04-16 17:00 - 2015-03-17 05:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-04-16 17:00 - 2015-03-17 05:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-04-16 17:00 - 2015-03-17 05:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2015-04-16 17:00 - 2015-03-17 05:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-04-16 17:00 - 2015-03-17 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2015-04-16 17:00 - 2015-03-17 05:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-04-16 17:00 - 2015-03-17 05:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 04:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2015-04-16 17:00 - 2015-03-17 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2015-04-16 17:00 - 2015-03-17 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll

2015-04-16 17:00 - 2015-03-17 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll

2015-04-16 17:00 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-04-16 17:00 - 2015-03-13 05:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-04-16 17:00 - 2015-03-13 05:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-04-16 17:00 - 2015-03-13 05:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-04-16 17:00 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-04-16 17:00 - 2015-03-13 05:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-04-16 17:00 - 2015-03-13 05:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-04-16 17:00 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-04-16 17:00 - 2015-03-13 05:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-04-16 17:00 - 2015-03-13 05:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-04-16 17:00 - 2015-03-13 04:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-04-16 17:00 - 2015-03-13 04:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-04-16 17:00 - 2015-03-13 04:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-04-16 17:00 - 2015-03-13 04:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-04-16 17:00 - 2015-03-13 04:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-04-16 17:00 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-04-16 17:00 - 2015-03-13 04:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-04-16 17:00 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-04-16 17:00 - 2015-03-13 04:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-04-16 17:00 - 2015-03-13 04:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-04-16 17:00 - 2015-03-13 04:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-04-16 17:00 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-04-16 17:00 - 2015-03-13 04:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-04-16 17:00 - 2015-03-13 04:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2015-04-16 17:00 - 2015-03-13 04:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-04-16 17:00 - 2015-03-13 04:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-04-16 17:00 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-04-16 17:00 - 2015-03-13 04:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-04-16 17:00 - 2015-03-13 04:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-04-16 17:00 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-04-16 17:00 - 2015-03-13 04:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-04-16 17:00 - 2015-03-13 04:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-04-16 17:00 - 2015-03-13 04:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-04-16 17:00 - 2015-03-13 04:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-04-16 17:00 - 2015-03-13 04:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-04-16 17:00 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-04-16 17:00 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-04-16 17:00 - 2015-03-13 04:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-04-16 17:00 - 2015-03-13 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-04-16 17:00 - 2015-03-13 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-04-16 17:00 - 2015-03-13 04:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-04-16 17:00 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-04-16 17:00 - 2015-03-13 03:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-04-16 17:00 - 2015-03-13 03:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-04-16 17:00 - 2015-03-13 03:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-04-16 17:00 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-04-16 17:00 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-04-16 17:00 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-04-16 17:00 - 2015-03-13 03:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-04-16 17:00 - 2015-03-13 03:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-04-16 17:00 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-04-16 17:00 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-04-16 17:00 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-04-16 17:00 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-04-16 17:00 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-04-16 17:00 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-04-16 17:00 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-04-16 17:00 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2015-04-16 17:00 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2015-04-16 17:00 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2015-04-16 17:00 - 2015-03-05 06:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-04-16 17:00 - 2015-03-05 05:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2015-04-16 17:00 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

2015-04-16 16:59 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2015-04-16 16:59 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2015-04-16 16:59 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

2015-04-16 16:52 - 2015-04-16 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS

2015-04-16 16:52 - 2009-04-06 15:24 - 00013368 _____ () C:\Windows\SysWOW64\Drivers\AsIO.sys

2015-04-16 16:52 - 2006-01-10 17:50 - 00024576 _____ () C:\Windows\SysWOW64\AsIO.dll

2015-04-16 16:52 - 2004-02-27 00:00 - 00962612 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42d.dll

2015-04-16 16:52 - 2004-02-17 00:00 - 00434252 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRTD.DLL

2015-04-16 16:51 - 2015-04-16 16:52 - 00000000 ____D () C:\Program Files (x86)\ASUS

2015-04-16 16:51 - 2008-01-04 13:34 - 00011832 _____ () C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys

2015-04-16 16:51 - 2008-01-04 13:34 - 00010216 _____ () C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys

2015-04-16 16:50 - 2015-04-16 16:50 - 05922831 _____ () C:\Users\Emilio\Downloads\AMDCoolnQuiet_Utility_V21801_XPVistaWin7.zip

2015-04-16 16:50 - 2009-07-22 10:09 - 00000000 ____D () C:\Users\Emilio\Desktop\AMDCoolnQuiet_Utility_V21801_XPVistaWin7

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-05-13 15:42 - 2014-07-21 16:26 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\uTorrent

2015-05-13 15:39 - 2014-06-30 15:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-05-13 15:32 - 2009-07-14 05:45 - 00027888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-05-13 15:32 - 2009-07-14 05:45 - 00027888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-05-13 15:19 - 2014-11-02 17:34 - 00000000 ____D () C:\Users\Emilio\Desktop\Torrent

2015-05-13 15:19 - 2014-06-30 21:04 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\Skype

2015-05-13 15:18 - 2014-11-19 21:32 - 01472301 _____ () C:\Windows\WindowsUpdate.log

2015-05-13 15:18 - 2014-07-01 00:14 - 00000000 ____D () C:\Users\Emilio\Desktop\Folders

2015-05-13 15:15 - 2014-06-30 15:46 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-05-13 15:13 - 2009-07-14 06:13 - 00781522 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-05-13 15:04 - 2014-06-30 18:52 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-05-13 14:02 - 2014-10-30 18:48 - 00000000 ____D () C:\Users\Emilio\AppData\Local\HTC MediaHub

2015-05-13 14:02 - 2014-06-30 15:46 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-05-13 13:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-05-13 02:00 - 2014-07-08 17:32 - 00000000 ____D () C:\Users\Emilio\AppData\Local\Adobe

2015-05-12 00:54 - 2014-06-30 23:05 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\Spotify

2015-05-12 00:29 - 2014-06-30 23:05 - 00000000 ____D () C:\Users\Emilio\AppData\Local\Spotify

2015-05-11 15:56 - 2014-06-30 15:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2015-05-10 20:13 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-05-10 19:45 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries

2015-05-09 21:28 - 2014-07-05 16:12 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\.minecraft

2015-05-04 17:10 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2015-05-02 00:22 - 2014-11-20 20:02 - 00000000 ____D () C:\Users\Emilio\Desktop\Mimi's Edited Photos

2015-05-02 00:22 - 2014-11-10 21:59 - 00000000 ____D () C:\Users\Emilio\Desktop\New folder

2015-04-23 02:20 - 2014-07-27 17:37 - 00000000 ____D () C:\Users\Emilio\AppData\Roaming\Vso

2015-04-23 02:20 - 2014-07-27 17:37 - 00000000 ____D () C:\ProgramData\VSO

2015-04-23 02:12 - 2014-06-30 14:02 - 00001417 _____ () C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-04-23 02:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Vss

2015-04-23 02:11 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat

2015-04-22 20:10 - 2014-06-30 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-04-22 19:26 - 2009-07-14 03:34 - 00000580 _____ () C:\Windows\win.ini

2015-04-22 15:39 - 2014-06-30 14:01 - 00000000 ____D () C:\Users\Emilio

2015-04-22 15:38 - 2014-06-30 21:04 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-04-22 15:38 - 2014-06-30 21:04 - 00000000 ____D () C:\ProgramData\Skype

2015-04-20 20:38 - 2014-06-30 15:36 - 00000000 ____D () C:\ProgramData\Package Cache

2015-04-17 13:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-04-17 07:20 - 2015-02-19 02:03 - 00000000 ____D () C:\Windows\system32\appraiser

2015-04-17 07:20 - 2014-06-30 17:56 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-04-17 07:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing

2015-04-17 07:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-04-17 04:04 - 2014-07-27 17:40 - 00000000 ____D () C:\Users\Emilio\Documents\ConvertXtoDVD

2015-04-17 03:21 - 2014-06-30 17:14 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-04-17 03:20 - 2014-06-30 15:34 - 00765280 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2015-04-17 03:13 - 2014-06-30 18:19 - 00000000 ____D () C:\Windows\system32\MRT

2015-04-17 03:06 - 2014-06-30 18:19 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-04-16 16:51 - 2014-09-04 21:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2015-04-14 20:39 - 2014-06-30 15:43 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-04-14 20:39 - 2014-06-30 15:43 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-14 20:39 - 2014-06-30 15:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

 

==================== Files in the root of some directories =======

 

2014-10-07 21:03 - 2014-11-13 16:37 - 0000132 _____ () C:\Users\Emilio\AppData\Roaming\Adobe PNG Format CS6 Prefs

2014-10-10 15:34 - 2014-11-16 16:49 - 0000033 _____ () C:\Users\Emilio\AppData\Roaming\AdobeWLCMCache.dat

2014-07-27 17:37 - 2014-07-27 17:50 - 0099384 _____ () C:\Users\Emilio\AppData\Roaming\inst.exe

2014-07-27 17:37 - 2014-07-27 17:50 - 0007859 _____ () C:\Users\Emilio\AppData\Roaming\pcouffin.cat

2014-07-27 17:37 - 2014-07-27 17:50 - 0001167 _____ () C:\Users\Emilio\AppData\Roaming\pcouffin.inf

2014-07-27 17:37 - 2014-07-27 17:50 - 0000055 _____ () C:\Users\Emilio\AppData\Roaming\pcouffin.log

2014-07-27 17:37 - 2014-07-27 17:50 - 0082816 _____ (VSO Software) C:\Users\Emilio\AppData\Roaming\pcouffin.sys

2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Emilio\AppData\Roaming\qo7Uxtf4X

2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\Emilio\AppData\Roaming\TWFCU6vfpOHoAjRSLhIoV0

2015-03-19 18:42 - 2015-03-19 18:42 - 0000040 _____ () C:\ProgramData\DT0001.dat

 

Files to move or delete:

====================

C:\ProgramData\DT0001.dat

 

 

Some content of TEMP:

====================

C:\Users\Emilio\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Emilio\AppData\Local\Temp\EsgInstallerx64Stub.exe

C:\Users\Emilio\AppData\Local\Temp\OK_V17_10_SENTRA_4.exe

C:\Users\Emilio\AppData\Local\Temp\optprosetup.exe

C:\Users\Emilio\AppData\Local\Temp\Quarantine.exe

C:\Users\Emilio\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-05-06 15:54

 

==================== End Of Log ============================

 

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2015

Ran by Emilio at 2015-05-13 15:47:48

Running from C:\Users\Emilio\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2658099409-1986326302-2669528513-500 - Administrator - Disabled)

Emilio (S-1-5-21-2658099409-1986326302-2669528513-1000 - Administrator - Enabled) => C:\Users\Emilio

Guest (S-1-5-21-2658099409-1986326302-2669528513-501 - Limited - Disabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

µTorrent (HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.1.0 - Adobe Systems Incorporated)

Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)

Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)

avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)

Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)

Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )

Cool & Quiet (HKLM-x32\...\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}) (Version:  - )

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

Dead Island Riptide (HKLM-x32\...\Steam App 216250) (Version:  - Techland)

Deadlight (HKLM-x32\...\Steam App 211400) (Version:  - Tequila Works, S.L.)

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)

HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)

HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)

IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)

LDC Driving Test Complete (HKLM-x32\...\LDC Driving Test Complete4.3) (Version: 4.3 - Teaching Driving Ltd)

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)

Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.50.3 - Black Tree Gaming)

Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)

Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)

PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Raptr (HKLM-x32\...\Raptr) (Version:  - )

RuneScape Launcher 1.2.3 (HKLM-x32\...\{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}) (Version: 1.2.3 - Jagex Ltd)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)

Sniper Elite: [bleep] Zombie Army 2 (HKLM-x32\...\Steam App 247910) (Version:  - )

Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version:  - City Interactive)

Spotify (HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)

Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)

The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)

The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)

The Forest (HKLM-x32\...\Steam App 242760) (Version:  - Endnight Games Ltd)

Theory Interactive (HKLM-x32\...\{9B97F3A0-993F-4453-BCA8-E0DAFBE57845}) (Version:  - )

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Vegas Pro 13.0 (64-bit) (HKLM\...\{3814DB30-091D-11E4-BDE0-F04DA23A5C58}) (Version: 13.0.373 - Sony)

VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.12 - VSO Software)

WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

05-05-2015 18:37:08 Windows Update

06-05-2015 23:18:13 Installed DirectX

12-05-2015 15:46:47 Windows Update

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1A953677-74E3-444F-8CC4-A912CE46DFE1} - System32\Tasks\{75309482-F371-47FE-8466-263D412CB69F} => Chrome.exe http://ui.skype.com/...e=tsProgressBar

Task: {21C3F5F7-B4FD-42BA-9C7B-597860558FA5} - System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C} => pcalua.exe -a C:\Users\Emilio\AppData\Roaming\omniboxes\UninstallManager.exe -c  -ptid=amt

Task: {342E9D94-4F99-42AB-ADB9-D635119C62EB} - System32\Tasks\{9318126A-1876-49F3-89D4-55284053FB5C} => Chrome.exe http://ui.skype.com/...e=tsProgressBar

Task: {5332F044-91FA-4C80-8B67-A114202D8DD0} - System32\Tasks\{ADCEA8CE-F70A-405A-9A78-A9F05ADF22A6} => Chrome.exe http://ui.skype.com/...e=tsProgressBar

Task: {5BD50BA8-3F5B-4D0E-A220-9C853240A39C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {5ED59EF4-F8D3-4547-A7A0-A280AD3E4CEC} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-06-30] (AVAST Software)

Task: {6EB71312-ED1A-4F37-9806-AA9153B3E0B1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)

Task: {814A7705-9A7C-4AD7-8D9A-55829967F451} - System32\Tasks\{0697BA8E-138F-45D0-8245-085B244C50BB} => Chrome.exe http://ui.skype.com/...e=tsProgressBar

Task: {9F10C1B2-F9EA-43F2-B502-A124E80AC246} - System32\Tasks\{D6E78667-6E26-432B-920C-780E8486E880} => pcalua.exe -a D:\SETUP.EXE -d D:\

Task: {A464B143-B217-455D-B0E5-3EA1851A69C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)

Task: {ADFE6323-3516-4B44-9498-2C90B54DB501} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)

Task: {B0B9D2EC-E656-4C35-9CDB-994B83365100} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-30] (Google Inc.)

Task: {D60C4BAA-A88E-4FDB-AE99-E58FC18C9A00} - System32\Tasks\AdobeAAMUpdater-1.0-Emilio-PC-Emilio => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)

Task: {D69CA724-1729-4179-BAC6-E469C73BB6B6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E0E52A20-1F1F-4D48-B315-D7D356882973} - System32\Tasks\{2483EE97-4E99-486A-B365-AFB1D35A851E} => Chrome.exe http://ui.skype.com/...e=tsProgressBar

Task: {E9296C6A-09F2-4BD0-9363-6E1563E1087F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)

Task: {EA8B9034-A249-43D0-8EC5-48B905876E16} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {EC77DAC3-806E-4113-B2AC-5EB77050D35A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2014-04-17 22:29 - 2014-04-17 22:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll

2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll

2013-10-17 16:27 - 2013-10-17 16:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2014-07-24 12:26 - 2014-07-24 12:26 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-08-06 14:42 - 2014-08-06 14:42 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe

2014-06-30 15:45 - 2014-06-30 15:45 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

2015-05-12 23:53 - 2015-05-12 23:53 - 02927616 _____ () C:\Program Files\AVAST Software\Avast\defs\15051202\algo.dll

2015-05-13 13:59 - 2015-05-13 13:59 - 02927616 _____ () C:\Program Files\AVAST Software\Avast\defs\15051300\algo.dll

2015-05-13 15:18 - 2015-05-13 15:18 - 02927616 _____ () C:\Program Files\AVAST Software\Avast\defs\15051301\algo.dll

2015-05-13 13:59 - 2015-05-13 13:59 - 00307200 _____ () C:\Windows\TEMP\mrt7C31.tmp\MMFS2.dll

2015-05-13 13:59 - 2015-05-13 13:59 - 00021504 _____ () C:\Windows\TEMP\mrt7C31.tmp\Get.mfx

2015-05-13 13:59 - 2015-05-13 13:59 - 00059392 _____ () C:\Windows\TEMP\mrt7C31.tmp\Yaso.mfx

2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-08-06 14:40 - 2014-08-06 14:40 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll

2014-08-06 14:41 - 2014-08-06 14:41 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll

2014-08-06 14:41 - 2014-08-06 14:41 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll

2014-08-06 14:41 - 2014-08-06 14:41 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll

2014-08-06 14:42 - 2014-08-06 14:42 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll

2014-08-06 14:44 - 2014-08-06 14:44 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll

2014-08-06 14:46 - 2014-08-06 14:46 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-06-30 15:45 - 2014-06-30 15:45 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-06-30 18:52 - 2015-03-10 07:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2015-01-20 00:43 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll

2015-01-20 00:43 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2015-01-20 00:43 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2014-06-30 18:52 - 2015-04-14 00:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll

2014-09-10 16:30 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2014-09-10 16:30 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2014-09-10 16:30 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2014-09-10 16:30 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2014-09-10 16:30 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2014-06-30 18:52 - 2015-04-14 00:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2015-04-30 16:16 - 2015-04-28 03:07 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libglesv2.dll

2015-04-30 16:16 - 2015-04-28 03:07 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\libegl.dll

2014-06-30 18:52 - 2015-02-25 02:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2014-08-16 16:44 - 2015-02-25 02:58 - 01709960 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Emilio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.0.1

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Users^Emilio^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hqghumeaylnlf.lnk => C:\Windows\pss\hqghumeaylnlf.lnk.Startup

MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true

MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

MSCONFIG\startupreg: Clownfish => "C:\Program Files (x86)\Clownfish\Clownfish.exe"

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup

MSCONFIG\startupreg: Spotify => "C:\Users\Emilio\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Emilio\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

 

==================== FirewallRules (whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

FirewallRules: [{65ECCB61-FFDC-484C-A04F-2316C07F5DC7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{85921019-0EEA-4D91-BB17-8510CC70ADEB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{E7FCAC26-5872-4F7F-8A21-17493CD73956}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{02DC8146-01B6-4904-9ACE-F116613FD864}C:\users\emilio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emilio\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{2667B20E-26CE-438A-9A7E-7877D0C66095}C:\users\emilio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emilio\appdata\roaming\spotify\spotify.exe

FirewallRules: [{A1E70487-E420-44AD-959F-891DF4913958}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{9922D69A-C86E-4FDA-98C7-6A89326C7D6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe

FirewallRules: [{DE605DA9-16A6-4B13-856A-D30D502F0CA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe

FirewallRules: [{BEC86C61-828B-4D26-A0D7-F4B9FCFF051D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe

FirewallRules: [{8287B411-DFF5-49A4-B608-A1492D1BFCC2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite [bleep] Zombie Army 2\bin\NZA2.exe

FirewallRules: [{2E9C88AB-4767-45D9-B01F-BEFA2E60006B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite [bleep] Zombie Army 2\bin\NZA2.exe

FirewallRules: [TCP Query User{D7376767-BEE4-4619-B081-6B93A8257A93}C:\users\emilio\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\emilio\appdata\roaming\utorrent\utorrent.exe

FirewallRules: [UDP Query User{DE9E087A-5BC4-48D9-BCA8-9D224BA4BB44}C:\users\emilio\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\emilio\appdata\roaming\utorrent\utorrent.exe

FirewallRules: [{57A8E6CD-B7CE-4B0C-801C-65666E717879}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{EBDAD1DF-C050-43E3-ABAF-C71E0C2F43B9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{7EF33E20-E5B5-4AAF-8772-76F8965983B6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{A03CB516-3FB8-40F2-8AC8-5B600E081303}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{2DCAEF10-BFA1-40FF-B140-9F09828E4FE3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe

FirewallRules: [{B414BB56-BF85-4B2B-823A-0AC08E1EADCD}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe

FirewallRules: [{F580C769-A46A-4C48-A727-8E28943FEC97}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe

FirewallRules: [{A46BA622-0DCE-486A-8337-D266E8D0ED07}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe

FirewallRules: [{A89F8A73-7765-456D-A6A7-A89D9DF2BAD8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{F107676A-C646-48C4-B36B-D24849008D91}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{FCBEA891-9F0F-4B57-B140-25EDF8B10111}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe

FirewallRules: [{C2E64427-4592-42DC-86B6-0CDF612C511F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe

FirewallRules: [{822B5871-35FC-4C36-A405-079508DB699F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

FirewallRules: [{864205DB-BF1E-4B27-9245-986B832D55E1}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

FirewallRules: [{790BAF01-3317-4F09-9BC7-664A1DC31171}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe

FirewallRules: [{77F7E64E-47F2-484F-8662-7320BB85230A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe

FirewallRules: [{BDABB101-2EB1-4A0F-A25A-8044E964C83E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe

FirewallRules: [{7DB26379-D834-4B14-BBB3-FF56A549D61D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\diriptide\DeadIslandGame_x86_rwdi.exe

FirewallRules: [{D7AA3B08-1DED-4326-8707-B9D6A4842247}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\diriptide\DeadIslandGame_x86_rwdi.exe

FirewallRules: [{6A2C51DA-587C-4288-A8CE-6481C282C686}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{494499DD-23B8-4494-9BE6-74044E8D18FB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe

FirewallRules: [{15454EAA-0036-4B46-9686-DA51C17D4E8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{37834BC6-5AA5-4082-8DD6-752353DB8A28}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{A7E400B3-1072-4004-93E3-7DE439D13C94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{C018FB1E-9DC7-4835-B08D-EB067B36FEF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{56CCD0CE-3305-4C96-9B5D-1F9B9DDB2FB7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

FirewallRules: [{F330173A-5216-419B-BCA1-EEA3E2A2F9EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe

FirewallRules: [{90CA844A-5C8C-4B41-917B-B0CFBDF23050}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Deadlight\Binaries\Win32\LOTDGame.exe

FirewallRules: [{4BA398B0-17CE-4965-9BF1-079A58106128}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe

FirewallRules: [{3EAA50EC-176C-4023-8A6B-BAA6B5E8A43E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe

FirewallRules: [{EDC18710-7FC9-4B76-AE1D-4270B12A04CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe

FirewallRules: [{D34248AA-28A5-46A3-A305-511B6DE6BFA8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe

FirewallRules: [TCP Query User{63D5F57E-1252-4771-83E3-F31B33F99FC1}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe

FirewallRules: [UDP Query User{13526773-5DA9-4444-86F3-9D3EE1058F5F}C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\zenimax online\launcher\bethesda.net_launcher.exe

FirewallRules: [{B5CBD7BB-6225-4920-891F-2D00E73C70D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe

FirewallRules: [{8E66BFC9-FCBF-439B-A095-DAC11D25EF66}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe

FirewallRules: [{A5F68190-4C20-4434-AFC2-E68C90819587}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe

FirewallRules: [{8536BAAF-12C4-45E0-A9C5-CA71B1D8CAB8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Forest\TheForest.exe

FirewallRules: [{567F97D4-70E2-421B-B539-962B76C83592}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe

FirewallRules: [{46995CE3-26B5-4048-8237-B97272A97334}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3.exe

FirewallRules: [{C24EA8DA-96C2-4A5C-B87A-5B6F5BDC1B8E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe

FirewallRules: [{120F812C-3909-402F-9340-C2F455D3AFDD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 3\arma3launcher.exe

FirewallRules: [TCP Query User{56CC843E-80AD-445E-98CE-C9E676643927}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe

FirewallRules: [UDP Query User{B479A9E1-1596-4D4B-8211-FD0BEE17423C}C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_40\bin\javaw.exe

FirewallRules: [{B887199F-0576-47E9-9855-86067EBB6AA3}] => (Allow) c:\users\emilio\appdata\roaming\tencent\使命召唤online\728aa386a04c6f426fb1029594f009ae\teniodl\teniodl.exe

FirewallRules: [{7F72AED9-F4C1-45F8-AA15-E8C5FC7A1A03}] => (Allow) c:\users\emilio\appdata\roaming\tencent\使命召唤online\728aa386a04c6f426fb1029594f009ae\teniodl\teniodl.exe

FirewallRules: [{1D331076-35CB-420F-8D31-A79F8A184179}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe

FirewallRules: [{338460CE-3BC7-4E5C-A778-A7C6A6729E4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe

FirewallRules: [{CF74A246-FB1C-4068-85FE-F0A206D783ED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{AC7D87FF-C1A1-45A5-A599-57A941933AFB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{587D2BB5-9A9C-4365-95CE-71CA5B47D952}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [TCP Query User{95FA3280-A7FC-4C9A-A8B1-68029CF02FE2}C:\users\emilio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emilio\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{DE9CC62E-D3F6-4CB4-AAD9-BA2B6C78FF99}C:\users\emilio\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\emilio\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{AB959236-51E6-4E52-8129-238837551AAD}C:\users\emilio\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\emilio\appdata\roaming\utorrent\utorrent.exe

FirewallRules: [UDP Query User{AC2FB2B7-9EB0-48E2-BD2D-6D51D5F8F67D}C:\users\emilio\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\emilio\appdata\roaming\utorrent\utorrent.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (05/13/2015 03:47:43 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )

Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:

0x80070005

 

Error: (05/13/2015 02:47:42 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )

Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:

0x80070005

 

Error: (05/13/2015 02:02:39 PM) (Source: Winlogon) (EventID: 4103) (User: )

Description: Windows license activation failed. Error 0x80070005.

 

Error: (05/13/2015 02:00:37 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (05/13/2015 04:08:33 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error: (05/13/2015 03:38:31 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )

Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:

0x80070005

 

Error: (05/13/2015 02:38:31 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )

Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:

0x80070005

 

Error: (05/13/2015 01:38:31 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )

Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:

0x80070005

 

Error: (05/13/2015 00:38:31 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )

Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:

0x80070005

 

Error: (05/12/2015 11:38:31 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )

Description: License Activation Scheduler (sppuinotify.dll) failed with the following error code:

0x80070005

 

 

System errors:

=============

Error: (05/13/2015 02:47:42 PM) (Source: DCOM) (EventID: 10001) (User: )

Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

 

Error: (05/13/2015 01:59:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Adobe Licensing Console service failed to start due to the following error: 

%%1053

 

Error: (05/13/2015 01:59:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Licensing Console service to connect.

 

Error: (05/12/2015 08:38:30 PM) (Source: DCOM) (EventID: 10001) (User: )

Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}

 

Error: (05/12/2015 07:50:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Adobe Licensing Console service failed to start due to the following error: 

%%1053

 

Error: (05/12/2015 07:50:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Adobe Licensing Console service to connect.

 

Error: (05/12/2015 07:48:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (05/12/2015 07:48:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

 

Error: (05/12/2015 07:48:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (05/12/2015 07:48:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

 

Microsoft Office Sessions:

=========================

 

==================== Memory info =========================== 

 

Processor: AMD FX™-4100 Quad-Core Processor 

Percentage of memory in use: 32%

Total physical RAM: 8174.12 MB

Available physical RAM: 5508.27 MB

Total Pagefile: 16346.43 MB

Available Pagefile: 13493.39 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.41 GB) (Free:581.88 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 46DD1228)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[dbreeze]

FIRST >>>>

ALERT!!! P2P WARNING ALERT!!!

You have a P2P / file sharing application on your system!! While this may not be a surprize to you (most likely installed by you or another user on the system) and the file sharing application itself may be safe, the files shared could be a little more than you hoped for. File sharing has been shown to be a major source for trojans, virii, worms and webbot attacks to spread on the internet. There are exploits in file sharing software that can be used to compromise your system and personal information. You may be sharing a lot more than just a little bandwidth to 'help the community share' information.

Geeks to Go recommends that you uninstall your P2P software; you have to have open pathways (network ports) in and out of your system and you could be helping to move illegal files (copyrighted material (software, movies, video, etc.) even if you don't 'download' them yourself.

If you choose to keep your P2P program installed, I must ask that you de-activate / shutdown the software and not use it until the cleaning of your system is done.

Application to uninstall: µTorrent

Need more info? Read these:

• US Gov. CERT: Risks of File Sharing Technology
• 2010: The Year of P2P Vulnerabilities
• Risks of P2P file sharing
• File sharing infects 500,000 computers

 

 

 

SECOND >>>>

Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\MountPoints2: {9d43fbe7-3029-11e4-a90a-60a44c36ee16} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\MountPoints2: {d9007310-03a2-11e4-99f5-60a44c36ee16} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2658099409-1986326302-2669528513-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [1202396 2015-04-22] ( ) [File not signed] <==== ATTENTION
C:\Windows\SysWOW64\lnsecsl.exe
R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [72264 2014-11-28] (360.cn)
C:\Windows\System32\DRIVERS\360netmon.sys
2015-04-23 00:26 - 2015-04-23 00:26 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Emilio\Downloads\SpyHunter-Installer.exe
2015-04-23 00:26 - 2015-04-23 00:26 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-22 20:08 - 2015-04-22 20:08 - 00001720 _____ () C:\Windows\SysWOW64\${LOGFILE}
2015-04-22 20:07 - 2015-05-13 15:46 - 00000105 _____ () C:\Windows\SysWOW64\get.dat
2015-04-22 20:06 - 2015-04-22 20:06 - 00001798 _____ () C:\Windows\SysWOW64\soft.exe
2015-04-22 20:05 - 2015-04-22 20:05 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-22 20:05 - 2015-04-22 20:05 - 00000000 _____ () C:\Windows\SysWOW64\x64.txt
2015-04-22 19:36 - 2015-04-22 19:36 - 00003150 _____ () C:\Windows\System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C}
2015-04-22 19:35 - 2015-04-22 19:51 - 00000057 _____ () C:\momotor.txt
2015-04-22 19:32 - 2015-04-22 19:32 - 00000000 ____D () C:\Users\Emilio\Documents\Optimizer Pro
2015-04-22 19:17 - 2015-04-22 19:17 - 01202396 _____ ( ) C:\Windows\SysWOW64\lnsecsl.exe
2015-04-19 13:20 - 2015-04-19 13:20 - 00005872 _____ () C:\Users\Emilio\AppData\Roaming\TWFCU6vfpOHoAjRSLhIoV0
2015-04-19 13:20 - 2015-04-19 13:20 - 00005872 _____ () C:\Users\Emilio\AppData\Roaming\qo7Uxtf4X
C:\ProgramData\DT0001.dat
C:\Users\Emilio\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Emilio\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Emilio\AppData\Local\Temp\OK_V17_10_SENTRA_4.exe
C:\Users\Emilio\AppData\Local\Temp\optprosetup.exe
C:\Users\Emilio\AppData\Local\Temp\sqlite3.dll
Task: {1A953677-74E3-444F-8CC4-A912CE46DFE1} - System32\Tasks\{75309482-F371-47FE-8466-263D412CB69F} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {21C3F5F7-B4FD-42BA-9C7B-597860558FA5} - System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C} => pcalua.exe -a C:\Users\Emilio\AppData\Roaming\omniboxes\UninstallManager.exe -c -ptid=amt
C:\Users\Emilio\AppData\Roaming\omniboxes\UninstallManager.exe
Task: {814A7705-9A7C-4AD7-8D9A-55829967F451} - System32\Tasks\{0697BA8E-138F-45D0-8245-085B244C50BB} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
Task: {9F10C1B2-F9EA-43F2-B502-A124E80AC246} - System32\Tasks\{D6E78667-6E26-432B-920C-780E8486E880} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {E0E52A20-1F1F-4D48-B315-D7D356882973} - System32\Tasks\{2483EE97-4E99-486A-B365-AFB1D35A851E} => Chrome.exe http://ui.skype.com/...e=tsProgressBar
2015-05-13 13:59 - 2015-05-13 13:59 - 00307200 _____ () C:\Windows\TEMP\mrt7C31.tmp\MMFS2.dll
2015-05-13 13:59 - 2015-05-13 13:59 - 00021504 _____ () C:\Windows\TEMP\mrt7C31.tmp\Get.mfx
2015-05-13 13:59 - 2015-05-13 13:59 - 00059392 _____ () C:\Windows\TEMP\mrt7C31.tmp\Yaso.mfx
FirewallRules: [{B887199F-0576-47E9-9855-86067EBB6AA3}] => (Allow) c:\users\emilio\appdata\roaming\tencent\????online\728aa386a04c6f426fb1029594f009ae\teniodl\teniodl.exe
FirewallRules: [{7F72AED9-F4C1-45F8-AA15-E8C5FC7A1A03}] => (Allow) c:\users\emilio\appdata\roaming\tencent\????online\728aa386a04c6f426fb1029594f009ae\teniodl\teniodl.exe
C:\Windows\pss\hqghumeaylnlf.lnk.Startup
RemoveProxy:
Reboot:
end

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..". The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on. Press the Fix button just once and wait. The tool will create a restore point, process the script and ask for a restart of your system.



If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

[orlando123]

Okay, I have done this, here are the results.

 

Fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2015 01

Ran by Emilio at 2015-05-14 17:46:48 Run:1

Running from C:\Users\Emilio\Desktop

Loaded Profiles: Emilio (Available profiles: Emilio)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

CreateRestorePoint:

CloseProcesses:

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\MountPoints2: {9d43fbe7-3029-11e4-a90a-60a44c36ee16} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\...\MountPoints2: {d9007310-03a2-11e4-99f5-60a44c36ee16} - F:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-2658099409-1986326302-2669528513-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

S2 Adobe Licensing Console; C:\Windows\SysWOW64\lnsecsl.exe [1202396 2015-04-22] ( ) [File not signed] <==== ATTENTION

C:\Windows\SysWOW64\lnsecsl.exe

R1 360netmon; C:\Windows\System32\DRIVERS\360netmon.sys [72264 2014-11-28] (360.cn)

C:\Windows\System32\DRIVERS\360netmon.sys

2015-04-23 00:26 - 2015-04-23 00:26 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Emilio\Downloads\SpyHunter-Installer.exe

2015-04-23 00:26 - 2015-04-23 00:26 - 00000000 ____D () C:\Program Files\Enigma Software Group

2015-04-22 20:08 - 2015-04-22 20:08 - 00001720 _____ () C:\Windows\SysWOW64\${LOGFILE}

2015-04-22 20:07 - 2015-05-13 15:46 - 00000105 _____ () C:\Windows\SysWOW64\get.dat

2015-04-22 20:06 - 2015-04-22 20:06 - 00001798 _____ () C:\Windows\SysWOW64\soft.exe

2015-04-22 20:05 - 2015-04-22 20:05 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

2015-04-22 20:05 - 2015-04-22 20:05 - 00000000 _____ () C:\Windows\SysWOW64\x64.txt

2015-04-22 19:36 - 2015-04-22 19:36 - 00003150 _____ () C:\Windows\System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C}

2015-04-22 19:35 - 2015-04-22 19:51 - 00000057 _____ () C:\momotor.txt

2015-04-22 19:32 - 2015-04-22 19:32 - 00000000 ____D () C:\Users\Emilio\Documents\Optimizer Pro

2015-04-22 19:17 - 2015-04-22 19:17 - 01202396 _____ ( ) C:\Windows\SysWOW64\lnsecsl.exe

2015-04-19 13:20 - 2015-04-19 13:20 - 00005872 _____ () C:\Users\Emilio\AppData\Roaming\TWFCU6vfpOHoAjRSLhIoV0

2015-04-19 13:20 - 2015-04-19 13:20 - 00005872 _____ () C:\Users\Emilio\AppData\Roaming\qo7Uxtf4X

C:\ProgramData\DT0001.dat

C:\Users\Emilio\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Emilio\AppData\Local\Temp\EsgInstallerx64Stub.exe

C:\Users\Emilio\AppData\Local\Temp\OK_V17_10_SENTRA_4.exe

C:\Users\Emilio\AppData\Local\Temp\optprosetup.exe

C:\Users\Emilio\AppData\Local\Temp\sqlite3.dll

Task: {1A953677-74E3-444F-8CC4-A912CE46DFE1} - System32\Tasks\{75309482-F371-47FE-8466-263D412CB69F} => Chrome.exe http://ui.skype.com/...e=tsProgressBar

Task: {21C3F5F7-B4FD-42BA-9C7B-597860558FA5} - System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C} => pcalua.exe -a C:\Users\Emilio\AppData\Roaming\omniboxes\UninstallManager.exe -c -ptid=amt

C:\Users\Emilio\AppData\Roaming\omniboxes\UninstallManager.exe

Task: {814A7705-9A7C-4AD7-8D9A-55829967F451} - System32\Tasks\{0697BA8E-138F-45D0-8245-085B244C50BB} => Chrome.exe http://ui.skype.com/...e=tsProgressBar

Task: {9F10C1B2-F9EA-43F2-B502-A124E80AC246} - System32\Tasks\{D6E78667-6E26-432B-920C-780E8486E880} => pcalua.exe -a D:\SETUP.EXE -d D:\

Task: {E0E52A20-1F1F-4D48-B315-D7D356882973} - System32\Tasks\{2483EE97-4E99-486A-B365-AFB1D35A851E} => Chrome.exe http://ui.skype.com/...e=tsProgressBar

2015-05-13 13:59 - 2015-05-13 13:59 - 00307200 _____ () C:\Windows\TEMP\mrt7C31.tmp\MMFS2.dll

2015-05-13 13:59 - 2015-05-13 13:59 - 00021504 _____ () C:\Windows\TEMP\mrt7C31.tmp\Get.mfx

2015-05-13 13:59 - 2015-05-13 13:59 - 00059392 _____ () C:\Windows\TEMP\mrt7C31.tmp\Yaso.mfx

FirewallRules: [{B887199F-0576-47E9-9855-86067EBB6AA3}] => (Allow) c:\users\emilio\appdata\roaming\tencent\????online\728aa386a04c6f426fb1029594f009ae\teniodl\teniodl.exe

FirewallRules: [{7F72AED9-F4C1-45F8-AA15-E8C5FC7A1A03}] => (Allow) c:\users\emilio\appdata\roaming\tencent\????online\728aa386a04c6f426fb1029594f009ae\teniodl\teniodl.exe

C:\Windows\pss\hqghumeaylnlf.lnk.Startup

RemoveProxy:

Reboot:

end

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.

"HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d43fbe7-3029-11e4-a90a-60a44c36ee16}" => Key deleted successfully.

HKCR\CLSID\{9d43fbe7-3029-11e4-a90a-60a44c36ee16} => Key not found. 

"HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9007310-03a2-11e4-99f5-60a44c36ee16}" => Key deleted successfully.

HKCR\CLSID\{d9007310-03a2-11e4-99f5-60a44c36ee16} => Key not found. 

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.

"HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.

HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. 

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.

"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.

"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.

Adobe Licensing Console => Service deleted successfully.

C:\Windows\SysWOW64\lnsecsl.exe => Moved successfully.

360netmon => Unable to stop service

360netmon => Service deleted successfully.

C:\Windows\System32\DRIVERS\360netmon.sys => Moved successfully.

C:\Users\Emilio\Downloads\SpyHunter-Installer.exe => Moved successfully.

C:\Program Files\Enigma Software Group => Moved successfully.

C:\Windows\SysWOW64\${LOGFILE} => Moved successfully.

C:\Windows\SysWOW64\get.dat => Moved successfully.

C:\Windows\SysWOW64\soft.exe => Moved successfully.

C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.

C:\Windows\SysWOW64\x64.txt => Moved successfully.

C:\Windows\System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C} => Moved successfully.

C:\momotor.txt => Moved successfully.

C:\Users\Emilio\Documents\Optimizer Pro => Moved successfully.

"C:\Windows\SysWOW64\lnsecsl.exe" => File/Directory not found.

C:\Users\Emilio\AppData\Roaming\TWFCU6vfpOHoAjRSLhIoV0 => Moved successfully.

C:\Users\Emilio\AppData\Roaming\qo7Uxtf4X => Moved successfully.

C:\ProgramData\DT0001.dat => Moved successfully.

C:\Users\Emilio\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.

C:\Users\Emilio\AppData\Local\Temp\EsgInstallerx64Stub.exe => Moved successfully.

C:\Users\Emilio\AppData\Local\Temp\OK_V17_10_SENTRA_4.exe => Moved successfully.

C:\Users\Emilio\AppData\Local\Temp\optprosetup.exe => Moved successfully.

C:\Users\Emilio\AppData\Local\Temp\sqlite3.dll => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A953677-74E3-444F-8CC4-A912CE46DFE1}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A953677-74E3-444F-8CC4-A912CE46DFE1}" => Key deleted successfully.

C:\Windows\System32\Tasks\{75309482-F371-47FE-8466-263D412CB69F} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{75309482-F371-47FE-8466-263D412CB69F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21C3F5F7-B4FD-42BA-9C7B-597860558FA5}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21C3F5F7-B4FD-42BA-9C7B-597860558FA5}" => Key deleted successfully.

C:\Windows\System32\Tasks\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C} not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0DC2F2DD-7B4B-47E7-9E13-A406ECDC183C}" => Key deleted successfully.

"C:\Users\Emilio\AppData\Roaming\omniboxes\UninstallManager.exe" => File/Directory not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{814A7705-9A7C-4AD7-8D9A-55829967F451}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{814A7705-9A7C-4AD7-8D9A-55829967F451}" => Key deleted successfully.

C:\Windows\System32\Tasks\{0697BA8E-138F-45D0-8245-085B244C50BB} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0697BA8E-138F-45D0-8245-085B244C50BB}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F10C1B2-F9EA-43F2-B502-A124E80AC246}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F10C1B2-F9EA-43F2-B502-A124E80AC246}" => Key deleted successfully.

C:\Windows\System32\Tasks\{D6E78667-6E26-432B-920C-780E8486E880} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D6E78667-6E26-432B-920C-780E8486E880}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0E52A20-1F1F-4D48-B315-D7D356882973}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0E52A20-1F1F-4D48-B315-D7D356882973}" => Key deleted successfully.

C:\Windows\System32\Tasks\{2483EE97-4E99-486A-B365-AFB1D35A851E} => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2483EE97-4E99-486A-B365-AFB1D35A851E}" => Key deleted successfully.

C:\Windows\TEMP\mrt7C31.tmp\MMFS2.dll => Moved successfully.

C:\Windows\TEMP\mrt7C31.tmp\Get.mfx => Moved successfully.

C:\Windows\TEMP\mrt7C31.tmp\Yaso.mfx => Moved successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B887199F-0576-47E9-9855-86067EBB6AA3} => value deleted successfully.

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F72AED9-F4C1-45F8-AA15-E8C5FC7A1A03} => value deleted successfully.

C:\Windows\pss\hqghumeaylnlf.lnk.Startup => Moved successfully.

 

========= RemoveProxy: =========

 

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\S-1-5-21-2658099409-1986326302-2669528513-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

 

 

========= End of RemoveProxy: =========

 

 

 

The system needed a reboot. 

 

==== End of Fixlog 17:47:18 ====

[dbreeze]

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
• Click the Clean button.
• Everything checked will be deleted.
• When the program has finished cleaning a report appears.
• Once done it will ask to reboot, allow this
  
  
• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

 

 

Information to Reply with >>>>

• The JRT.txt log file text.

   

   

• The AdwCleaner[S#].txt log file text.

   

   

• How is your system running now?

 

 

[orlando123]

Here are the two reports

 

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.7.1 (05.14.2015:1)

OS: Windows 7 Home Premium x64

Ran by Emilio on 14/05/2015 at 23:33:41.59

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Wooden Seal

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 14/05/2015 at 23:36:47.50

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ADW:

# AdwCleaner v4.203 - Logfile created 14/05/2015 at 23:40:40

# Updated 30/04/2015 by Xplode

# Database : 2015-05-12.2 [Server]

# Operating system : Windows 7 Home Premium Service Pack 1 (x64)

# Username : Emilio - EMILIO-PC

# Running from : C:\Users\Emilio\Desktop\adwcleaner_4.203.exe

# Option : Cleaning

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17801

 

 

-\\ Google Chrome v42.0.2311.152

 

 

-\\ Chromium v

 

 

*************************

 

AdwCleaner[R0].txt - [833 bytes] - [12/05/2015 19:44:25]

AdwCleaner[R1].txt - [893 bytes] - [13/05/2015 21:46:42]

AdwCleaner[R2].txt - [1007 bytes] - [14/05/2015 23:39:09]

AdwCleaner[S0].txt - [898 bytes] - [12/05/2015 19:48:51]

AdwCleaner[S1].txt - [956 bytes] - [13/05/2015 21:47:56]

AdwCleaner[S2].txt - [934 bytes] - [14/05/2015 23:40:40]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [992  bytes] ##########

 

My computer is running okay. But whenever I restart it, avast always comes up with a two threat has been detected messgaes both blocking a file called 'SVChost' or something like that in my system32 folder. This happend even after i restarted my PC from running Adwcleaner. Im not sure what that is.

[dbreeze]

First, please update Avast! Free Antivirus to the latest version (v10.2.2218).  You can see the annoucement of this version here and get the update by using the in-product update feature (Settings->Update->Program).  Once updated and the system rebooted, do a full scan and report the results back here.

[orlando123]

I updated Avast and did the full system scan, as you asked. The results said that there were no threats found, I don't know what the file in my system 32 is. When reading up on the 'Name Not Available Virus' it said that your antivirus wont detect that you have it or something like that. Not sure if that helps or is relevant but its what i found out. Thanks

[dbreeze]

Where are you getting the information on the virus?  Where did you read this, please?

[orlando123]

I googled it and read at least 10 links and they all said that it can be hidden from the anti virus. http://blog.yoocare....n-volume-mixer/I read it on links link these. I couldn't follow any of the steps on the website because I couldn't find any of the things on my PC it was telling me to find. I also didn't want to mess with my registry.

 

Ever since followed the steps you gave to me I haven't had it in my volume mixer.

[dbreeze]

Malwarebytes' Anti-Malware
Please start Malwarebytes' Anti-Malware from either your desktop or Start menu shortcut.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link


Once updated, please select Settings > Detection and Protection. Please ensure that "Scan for Rootkits" is selected along with Non-Malware Protection PUP and PUM are set to "Treat detections as malware"


Once the program has loaded and updated, select "Scan Now >>" to start the scan.


The scan may take some time to finish, so please be patient.


If any malware is found, you will be presented with a screen like the one below.


Make sure that everything is checked, and click Remove Selected. when the removal is completed, a summary screen will be presented.


At the bottom of this screen, click on Save Results and then on Text file (*.txt). Save the file to your desktop and click OK. Click Finish to return to the main screen and then close Malwarebytes.


Double click on log file you saved to your desktop; the log file will be opened in your default text file viewer (usually Notepad); select the whole text (Ctrl + A) and copy (Ctrl + c) it to paste here in a reply.

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[orlando123]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 16/05/2015

Scan Time: 01:53:14

Logfile: mbam.txt

Administrator: Yes

 

Version: 2.01.6.1022

Malware Database: v2015.05.15.05

Rootkit Database: v2015.05.14.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Emilio

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 359362

Time Elapsed: 15 min, 40 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[dbreeze]

How is your system running?

[orlando123]

Its running okay, but I still get the message about the file in my system 32 but other than that it is okay. But last night my power shut off for a brief second on everything not just my PC, but when it came back on the resolution is really zoomed in and i cant get it back. My default resolution isn't in the settings either so Im on a really zoomed in screen at the moment and its difficult to do much.