Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan shut down browser, redirecting, malware,painful slow [Solved]


  • This topic is locked This topic is locked

#1
amymac43

amymac43

    Member

  • Member
  • PipPip
  • 17 posts

For months now..When my son tries to  access Google the site gets redirected to taplika and he gets bombed with new windows that

 open from "saleplus"; clicking on any link opens a new window from saleplus or creates pages that overlap the whole window from 
NOW  programs and browser extensions have to install themselves. 
finally we couldnt get google to launch.  I went to task and uninstalled the programs that were most recently added
 untill I could launch Google.  YA me!!
Launching Google still is bringing taplika redirect and ads at every click.. even though i uninstalled a taplika program file from panel!! grr.  
The search circle is going round and round and gets pretty much nowhere!  you wait forever to click a link...get a page
etc.. and using the X to try and stop it does nothing.  finally while you are working the google will just crash out to 
the sad little guy that says...time to relaoad AGAIN>>>grr.  I am writing this on notepad because it draggs so bad
to type on the question box and grrrr...timed out again!!  
While changing my settings to put scan on desktop I saw taplika was set up as the default browser and reset it to google..
..nice clean launch into google now...but processor still going round and round slow as mud!
I got a clean click result to your scan page as well as download link...NO POP ADS!!  YA US!!  shocked it was a default..hmmm
 
I launched explorer to have a look and it redirects too...just different companies..well then...  Got to love the important update
coming on screen saying need to update explorer..not me!!
I have uninstalled and deleted all things I can tell are trash.  some things still may be.. that I am unsure of how they are used 
and afraid to lose needed items.  
 
 My son says he did not install the McKfee;  but it DID show a trojon  on a media converter and "optomizerPro3.89\reminder" .. another self installed scan!! 
I was able to uninstall the media converter but optimizerPro is pro work!! the unstaller refuses to open and the reminder
(the file with the trojon) states ..    it cant be deleted because the file is open.  Well I managed to get it all deleted 
except for..  OptProMon..a dll file in program files (x86).  this one refuses to go sayin the file is open in optomizer
monitoring..grr.  but McAfee came back clean so...all optimizerpro files closed off in recycle bin except monitor file
 
Finally,  I didnt remove any temp or cookie files because i dont know which ones are needed for sites and programs to run well.
But if we have to go through some bumps and glitches..oh well there they go if you say they need to!!  
 
   Below is the FRST log for your review...I know I am confident in this site and appreciate
the help!!  this will be the second time we get my son back on track...maybe he'll finally believe and not wait till he gets
shut out again!! Bahaha  not funny really I suppose...sometimes shut down is shut out!! 
Ya..filled out topic line on this page and this sentence....DRAGGGGGGGGG  SLOWWWW
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Eric York (administrator) on ERICYORK-PC on 24-05-2015 22:56:55
Running from C:\Users\Eric York\Desktop
Loaded Profiles: Eric York (Available Profiles: Eric York)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
() C:\ProgramData\Nuilijoaruto\1.0.1.0\ufxnoaep.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\Eric York\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(PC Utilities Software Limited) C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}\hqghumeaylnlf.exe
() C:\ProgramData\{a69497bb-3c58-16c2-a694-497bb3c55eec}\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Akamai Technologies, Inc.) C:\Users\Eric York\AppData\Local\Akamai\netsession_win.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\ProgramData\Nuilijoaruto\1.0.1.0\ufxnoaep.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(DownloadAdmin) C:\Users\Eric York\AppData\Local\UpdateAdmin\UpdateAdmin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [myradioplayer Tray] => "C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Eric York\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\Run: [UpdateAdmin] => C:\Users\Eric York\AppData\Local\UpdateAdmin\UpdateAdmin.exe [225552 2014-10-16] (DownloadAdmin)
AppInit_DLLs-x32: C:\PROGRA~3\{DC703~1\1170~1.1\tedo.dll => "C:\PROGRA~3\{DC703~1\1170~1.1\tedo.dll" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Champs.2015.HDRip.XViD-juggs[ETRG].lnk [2015-03-31]
ShortcutTarget: Champs.2015.HDRip.XViD-juggs[ETRG].lnk -> C:\ProgramData\{14d215c9-2b26-e2f1-14d2-215c92b25724}\Champs.2015.HDRip.XViD-juggs[ETRG].exe (No File)
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-05]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}\hqghumeaylnlf.exe (PC Utilities Software Limited)
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.lnk [2015-04-13]
ShortcutTarget: Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.lnk -> C:\ProgramData\{a69497bb-3c58-16c2-a694-497bb3c55eec}\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=US&unqvl=86
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=US&unqvl=86
SearchScopes: HKU\S-1-5-21-2877554017-1696531486-103451963-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://websearch.goo...&cc=US&unqvl=86
SearchScopes: HKU\S-1-5-21-2877554017-1696531486-103451963-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://taplika.com/r...=2066106222&ir=
BHO: IsaveuR -> {069C4103-B8AD-46EA-85B7-5D0A90176798} -> C:\Program Files (x86)\IsaveuR\87s0mIX9fsABMp.x64.dll [2015-05-24] ()
BHO: AllCheapPRiCe -> {A0D6956C-4538-4CD8-8D2B-F75463ABA3E2} -> C:\Program Files (x86)\AllCheapPRiCe\bfcsVzhOSznkGp.x64.dll [2015-05-24] ()
BHO-x32: IsaveuR -> {069C4103-B8AD-46EA-85B7-5D0A90176798} -> C:\Program Files (x86)\IsaveuR\87s0mIX9fsABMp.dll [2015-05-24] ()
BHO-x32: AllCheapPRiCe -> {A0D6956C-4538-4CD8-8D2B-F75463ABA3E2} -> C:\Program Files (x86)\AllCheapPRiCe\bfcsVzhOSznkGp.dll [2015-05-24] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-11]
CHR Extension: (Google Docs) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-11]
CHR Extension: (Google Drive) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-11]
CHR Extension: (YouTube) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-11]
CHR Extension: (Translate This) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\bohaeepgdechbpphaodjkjghdeajomaa [2015-05-24]
CHR Extension: (Google Search) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-11]
CHR Extension: (Google Sheets) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-11]
CHR Extension: (1click timer) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf [2015-04-09]
CHR Extension: (Scroll Marker) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdoinodpdahlmpgmpmhonheidpjhhnid [2015-04-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-24]
CHR Extension: (Taplika New Tab) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn [2015-05-24]
CHR Extension: (AutODealsApp) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpomadidloebceiegjjgmoepjnnpbpjk [2015-04-09]
CHR Extension: (Google Wallet) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-11]
CHR Extension: (Weather Aware) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofiahdodpoomdjoegkmibpmgejobfpcn [2015-04-13]
CHR Extension: (Gmail) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-11]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.goo...ice/update2/crx
CHR HKU\S-1-5-21-2877554017-1696531486-103451963-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.goog...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-30] (Advanced Micro Devices, Inc.) []
R2 b37c34bf; c:\Program Files (x86)\SystemUp\SystemUp.dll [1623552 2015-04-23] () []
R2 da05e809; c:\Program Files (x86)\Optimizer Pro 3.89\OptProMon.dll [1750568 2015-05-05] () <==== ATTENTION
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-24 22:56 - 2015-05-24 22:57 - 00016112 _____ () C:\Users\Eric York\Desktop\FRST.txt
2015-05-24 22:53 - 2015-05-24 22:53 - 02108416 _____ (Farbar) C:\Users\Eric York\Desktop\FRST64.exe
2015-05-24 20:44 - 2015-05-24 20:44 - 02108416 _____ (Farbar) C:\Users\Eric York\Downloads\FRST64 (1).exe
2015-05-24 20:28 - 2015-05-24 20:28 - 00000000 ____D () C:\Program Files (x86)\AllCheapPRiCe
2015-05-24 20:27 - 2015-05-24 20:27 - 00000000 ____D () C:\Program Files (x86)\Translate This
2015-05-24 20:27 - 2015-05-24 20:27 - 00000000 ____D () C:\Program Files (x86)\IsaveuR
2015-05-24 20:27 - 2015-05-24 20:27 - 00000000 ____D () C:\Program Files (x86)\ExstrACCoupOn
2015-05-24 17:12 - 2015-05-24 17:13 - 00031993 _____ () C:\Users\Eric York\Downloads\Addition.txt
2015-05-24 17:11 - 2015-05-24 22:56 - 00000000 ____D () C:\FRST
2015-05-24 17:11 - 2015-05-24 20:49 - 00038154 _____ () C:\Users\Eric York\Downloads\FRST.txt
2015-05-24 17:11 - 2015-05-24 17:11 - 02108416 _____ (Farbar) C:\Users\Eric York\Downloads\FRST64.exe
2015-05-24 16:14 - 2015-05-24 16:14 - 00002998 _____ () C:\Windows\System32\Tasks\{49D61FB6-47AE-4E2C-99AF-646F5D49E052}
2015-05-24 16:13 - 2015-05-24 16:13 - 00002998 _____ () C:\Windows\System32\Tasks\{43ABFCDF-4A53-451C-B44C-05EE154A6A98}
2015-05-24 15:48 - 2015-05-24 15:48 - 00003216 _____ () C:\Windows\System32\Tasks\{30414C1D-A7B5-4977-B2F6-E4EC87D9F35D}
2015-05-24 15:34 - 2015-05-24 15:34 - 00003218 _____ () C:\Windows\System32\Tasks\{ADFAB84C-ADC3-4C25-B054-131242659405}
2015-05-24 12:29 - 2015-05-24 12:29 - 00000024 _____ () C:\Users\Eric York\AppData\Roaming\appdataFr25.bin
2015-05-24 11:13 - 2015-05-24 15:29 - 00003450 _____ () C:\Windows\System32\Tasks\Nuilijoaruto
2015-05-22 16:08 - 2015-05-24 11:04 - 00000000 ____D () C:\Program Files (x86)\BItSaver
2015-05-20 19:12 - 2015-05-24 11:13 - 00000000 ____D () C:\ProgramData\Nuilijoaruto
2015-05-18 18:04 - 2015-05-18 18:04 - 00000000 ____D () C:\Users\Eric York\Downloads\Game.of.Thrones.S05E06.HDTV.x264-ASAP[ettv]
2015-05-18 18:03 - 2015-05-18 18:03 - 00028219 _____ () C:\Users\Eric York\Downloads\DBE720F223AAE9B6E5886122FD2EEE18B90195C1.torrent
2015-05-16 20:17 - 2015-05-24 11:04 - 00000000 ____D () C:\Users\Eric York\Downloads\The 100 - The Complete Season 2 [HDTV]
2015-05-16 20:16 - 2015-05-16 20:16 - 00061954 _____ () C:\Users\Eric York\Downloads\A81F006EA0EC63A7EFEA9CD5B0700801D933A711.torrent
2015-05-16 20:15 - 2015-05-16 20:15 - 00004865 _____ () C:\Users\Eric York\Downloads\56534C6F12D0512E98817E232C441328BDF4E1B8 (1).torrent
2015-05-16 11:07 - 2015-05-16 11:07 - 00000000 ____D () C:\Users\Eric York\Downloads\Slow.West.2015.HDRip.XviD.AC3-EVO
2015-05-16 11:06 - 2015-05-16 11:06 - 00118995 _____ () C:\Users\Eric York\Downloads\7ABC52707286AECAAA420276EA2DDDAD01B1834E.torrent
2015-05-14 15:55 - 2015-05-14 15:57 - 00000000 ____D () C:\Users\Eric York\Downloads\The.Lazasur.Effect.2015.HC.HDRip.XViD.AC3-ETRG
2015-05-14 15:55 - 2015-05-14 15:56 - 00000000 ____D () C:\Users\Eric York\Downloads\The.SpongeBob.Movie.Sponge.Out.Of.Water.2015.HC.HDRip.XviD.AC3-EVO
2015-05-14 15:55 - 2015-05-14 15:55 - 00114787 _____ () C:\Users\Eric York\Downloads\24D8DADE1F9652E79437B64001B655F2F804BFEA.torrent
2015-05-14 15:54 - 2015-05-14 15:54 - 00112714 _____ () C:\Users\Eric York\Downloads\4E12FFE93319E45F453FB76E5EE1ED184266A81A.torrent
2015-05-14 08:33 - 2015-05-14 08:33 - 00000000 ____D () C:\Users\Eric York\Downloads\The.Flash.2014.S01E22.HDTV.x264-LOL[ettv]
2015-05-14 08:30 - 2015-05-14 08:30 - 00018911 _____ () C:\Users\Eric York\Downloads\FCCC12C6F43DFEDB0CAC0217A99DC27077709604.torrent
2015-05-14 08:30 - 2015-05-14 08:30 - 00000000 ____D () C:\Users\Eric York\Downloads\Arrow.S03E23.HDTV.x264-LOL[ettv]
2015-05-14 08:29 - 2015-05-14 08:30 - 00000000 ____D () C:\Users\Eric York\Downloads\Strange.Magic.2015.DVDRip.XviD-EVO
2015-05-14 08:29 - 2015-05-14 08:29 - 00079049 _____ () C:\Users\Eric York\Downloads\0EB9589C33E69139223952EEFF17CC57689AB618.torrent
2015-05-14 08:29 - 2015-05-14 08:29 - 00057631 _____ () C:\Users\Eric York\Downloads\A7AB46A31BC742774767F6FBF19F1C5F47BB1572.torrent
2015-05-14 08:29 - 2015-05-14 08:29 - 00022664 _____ () C:\Users\Eric York\Downloads\EC205D2198F0E0F708D53360F5AB76F2B5DF7BFC.torrent
2015-05-14 08:29 - 2015-05-14 08:29 - 00000000 ____D () C:\Users\Eric York\Downloads\Project.Almanac.2014.BRRip.XViD-ETRG
2015-05-14 08:29 - 2015-05-14 08:29 - 00000000 ____D () C:\Users\Eric York\Downloads\Ex.Machina.2015.DVDRip.XViD-ETRG
2015-05-14 08:28 - 2015-05-14 08:28 - 00057288 _____ () C:\Users\Eric York\Downloads\4109B71CBE61C6299AAD929D57128FA1D0E7918E.torrent
2015-05-14 08:27 - 2015-05-14 08:27 - 00057698 _____ () C:\Users\Eric York\Downloads\1CDAA83BFC308D3780BC7E712150F9AD13B9ED39.torrent
2015-05-14 08:27 - 2015-05-14 08:27 - 00000000 ____D () C:\Users\Eric York\Downloads\Chappie.2015.HDRip.XViD-ETRG
2015-05-12 19:08 - 2015-05-12 19:08 - 00023844 _____ () C:\Users\Eric York\Downloads\46F613E7A84241E1A6D46F71E95AD137985B4F49.torrent
2015-05-12 19:08 - 2015-05-12 19:08 - 00000000 ____D () C:\Users\Eric York\Downloads\Arrow.S03E22.HDTV.x264-LOL[ettv]
2015-05-12 19:07 - 2015-05-12 19:08 - 00000000 ____D () C:\Users\Eric York\Downloads\Game.of.Thrones.S05E05.HDTV.x264-ASAP[ettv]
2015-05-12 19:07 - 2015-05-12 19:07 - 00025033 _____ () C:\Users\Eric York\Downloads\9800748DDDA1891DEF1D01C04F8CC0BCCAE1A192.torrent
2015-05-10 07:37 - 2015-05-10 07:37 - 00000000 ____D () C:\Users\Eric York\AppData\Local\speed browser
2015-05-10 07:37 - 2015-05-10 07:37 - 00000000 ____D () C:\Program Files (x86)\speed browser
2015-05-09 21:17 - 2015-05-09 21:17 - 00000000 ____D () C:\Users\Eric York\Downloads\Fast.and.Furious.7.2015.HC.HDRip.XViD.AC3-ETRG
2015-05-09 21:16 - 2015-05-09 21:16 - 00117315 _____ () C:\Users\Eric York\Downloads\FF368B75C326AD29232504EDB33E56A2CB19A860.torrent
2015-05-09 21:16 - 2015-05-09 21:16 - 00117315 _____ () C:\Users\Eric York\Downloads\FF368B75C326AD29232504EDB33E56A2CB19A860 (1).torrent
2015-05-09 12:21 - 2015-05-09 12:22 - 00000000 ____D () C:\Users\Eric York\Downloads\Infini.2015.HDRip.XViD-ETRG
2015-05-09 12:21 - 2015-05-09 12:21 - 00057855 _____ () C:\Users\Eric York\Downloads\8C6E4535100C0B5337A6D11A6ECB4BBCC55D01FE.torrent
2015-05-08 15:38 - 2015-05-08 15:38 - 00000000 ____D () C:\Users\Eric York\Downloads\Maggie.2015.HDRip.XViD-ETRG
2015-05-08 15:37 - 2015-05-08 15:37 - 00057193 _____ () C:\Users\Eric York\Downloads\60F2D66FD7252535F71D86D6EE6BF043A71B132E.torrent
2015-05-07 20:35 - 2015-05-07 20:35 - 00114612 _____ () C:\Users\Eric York\Downloads\05FA764BA998C17796FF808CE96D77D377D0E348.torrent
2015-05-07 20:35 - 2015-05-07 20:35 - 00000000 ____D () C:\Users\Eric York\Downloads\Run.All.Night.2015.HC.HDRip.XViD.AC3-ETRG
2015-05-07 13:10 - 2015-05-07 13:10 - 00000001 _____ () C:\Users\Eric York\AppData\Local\DSI.DAT
2015-05-06 23:52 - 2015-05-24 11:04 - 00000000 ____D () C:\ProgramData\Browser
2015-05-06 21:53 - 2015-05-06 22:04 - 00000000 ____D () C:\Users\Eric York\Downloads\Just.Before.I.Go.2014.DVDRip.XViD-ETRG
2015-05-06 21:53 - 2015-05-06 21:53 - 00057286 _____ () C:\Users\Eric York\Downloads\4145BFAF40EBBB8044C9649CC4D3F2065E68E2E0.torrent
2015-05-06 21:51 - 2015-05-06 21:53 - 00000000 ____D () C:\Users\Eric York\Downloads\Fast.&.Furious.7.2015.TS.XViD NO1KNOWS
2015-05-06 21:51 - 2015-05-06 21:51 - 00131843 _____ () C:\Users\Eric York\Downloads\CBFD19EBB5F12283A0D54A00CB1ED6C500C316D0.torrent
2015-05-06 21:50 - 2015-05-06 21:50 - 00000000 ____D () C:\Users\Eric York\Downloads\The.Asylum.2015.720p.WEB-DL.x264 ETRG
2015-05-06 21:49 - 2015-05-06 21:49 - 00230495 _____ () C:\Users\Eric York\Downloads\98D63B9174DB605FCFCD9F09933A3467E3CB9E8A.torrent
2015-05-06 17:52 - 2015-05-06 17:52 - 00000000 ____D () C:\Users\Eric York\AppData\Roaming\Macromedia
2015-05-05 23:17 - 2015-05-05 23:17 - 00000000 ____D () C:\Users\Eric York\AppData\Local\iConvertor
2015-05-05 23:10 - 2015-05-07 00:10 - 00000059 _____ () C:\Users\Eric York\AppData\Roaming\WB.CFG
2015-05-05 22:17 - 2015-05-24 13:21 - 00003276 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-05-05 22:17 - 2015-05-05 22:17 - 00000000 ____D () C:\Users\Eric York\Documents\Optimizer Pro
2015-05-05 22:17 - 2015-05-05 22:17 - 00000000 ____D () C:\Users\Eric York\AppData\Roaming\Optimizer Pro
2015-05-05 22:13 - 2015-05-05 22:13 - 09815040 _____ () C:\Users\Eric York\Downloads\openofficeorg31.msi
2015-05-05 22:12 - 2015-05-05 22:12 - 00003866 _____ () C:\Windows\System32\Tasks\UpdateAdmin
2015-05-05 22:12 - 2015-05-05 22:12 - 00000000 ____D () C:\Users\Eric York\AppData\Local\UpdateAdmin
2015-05-05 22:12 - 2015-05-05 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
2015-05-05 22:11 - 2015-05-24 16:00 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.89
2015-05-05 22:11 - 2015-05-06 17:40 - 00000000 ____D () C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}
2015-05-05 22:10 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\Eric York\AppData\Local\ArcadeTwist
2015-05-05 22:09 - 2015-05-05 22:09 - 01147632 _____ () C:\Users\Eric York\Downloads\Chrome_Updater.exe
2015-05-05 22:08 - 2015-05-05 22:09 - 00000603 _____ () C:\Users\Eric York\Downloads\openofficesuite-setup.website
2015-05-05 21:54 - 2015-05-05 21:55 - 00000000 ____D () C:\Users\Eric York\Desktop\Alicia
2015-05-05 20:40 - 2015-05-05 20:40 - 00761076 _____ () C:\Users\Eric York\Downloads\Canon U.S.A. _ Support & Drivers _ PIXMA iP2600.html
2015-05-05 20:40 - 2015-05-05 20:40 - 00000000 ____D () C:\Users\Eric York\Downloads\Canon U.S.A. _ Support & Drivers _ PIXMA iP2600_files
2015-05-05 20:34 - 2015-05-05 20:34 - 06512600 _____ (383 Media, Inc.) C:\Users\Eric York\Downloads\DriverRestore.exe
2015-05-05 20:31 - 2015-05-05 20:31 - 05379408 _____ () C:\Users\Eric York\Downloads\ip2600svst215ej.exe
2015-05-04 21:20 - 2015-05-04 21:20 - 01021280 _____ () C:\Windows\Minidump\050415-25038-01.dmp
2015-04-30 19:46 - 2015-04-30 19:50 - 00000000 ____D () C:\Users\Eric York\Downloads\The 100 - Season 2 Complete - ChameE
2015-04-30 19:45 - 2015-04-30 19:45 - 00004865 _____ () C:\Users\Eric York\Downloads\56534C6F12D0512E98817E232C441328BDF4E1B8.torrent
2015-04-30 19:24 - 2015-04-30 19:55 - 00000000 ____D () C:\Users\Eric York\Downloads\Spawn.1997-1999.DVDRip.COMPLETE.S01-S03.x264.AC3-5.1 {1337x}-Noir
2015-04-30 19:23 - 2015-04-30 19:23 - 00041347 _____ () C:\Users\Eric York\Downloads\265C793071E483720A7832F488E62904F1E3B949.torrent
2015-04-30 19:23 - 2015-04-30 19:23 - 00041347 _____ () C:\Users\Eric York\Downloads\265C793071E483720A7832F488E62904F1E3B949 (1).torrent
2015-04-30 19:21 - 2015-04-30 19:21 - 00016661 _____ () C:\Users\Eric York\Downloads\_-demonoid.pw-_Order_of_Battle_Pacific_1_5_8_[en_de_fr_ru][SimpleSetup].TORRENT
2015-04-30 19:21 - 2015-04-30 19:21 - 00013248 _____ () C:\Users\Eric York\Downloads\+-demonoid.pw-+_This_War_of_Mine_1_3_1_Multi8Installer_[SimpleSetup].TORRENT
2015-04-30 19:20 - 2015-04-30 19:20 - 00013248 _____ () C:\Users\Eric York\Downloads\[[demonoid.pw]]-This_War_of_Mine_1_3_1_Multi8Installer_[SimpleSetup].TORRENT
2015-04-30 16:52 - 2015-04-30 16:52 - 00114335 _____ () C:\Users\Eric York\Downloads\F3C967221C65CE045179B68AF878133C742E60F6.torrent
2015-04-30 16:52 - 2015-04-30 16:52 - 00000000 ____D () C:\Users\Eric York\Downloads\Kingsman.The.Secret.Service.2014.HC.HDRip.XViD.AC3-ETRG
2015-04-30 13:46 - 2015-04-30 13:46 - 00021955 _____ () C:\Users\Eric York\Downloads\DAF477796CB33FD626AEB8E78474D2AC761CA0A1.torrent
2015-04-30 13:46 - 2015-04-30 13:46 - 00000000 ____D () C:\Users\Eric York\Downloads\Get.Hard.2015.HC.HDRip.XViD-ETRG
2015-04-30 13:46 - 2015-04-30 13:46 - 00000000 ____D () C:\Users\Eric York\Downloads\Arrow.S03E21.HDTV.x264-LOL[ettv]
2015-04-30 13:45 - 2015-04-30 13:45 - 00057126 _____ () C:\Users\Eric York\Downloads\93605453497BBBA0871D9BD822A5ECDE71C65FD1.torrent
2015-04-30 10:11 - 2015-04-30 10:11 - 00795192 _____ (Software Internet ) C:\Users\Eric York\Downloads\java_runtime_enviroment_setup.exe
2015-04-30 10:11 - 2015-04-30 10:11 - 00003154 _____ () C:\Users\Eric York\Downloads\AC1526308B7442CA3ECC2D9CAEC2F2A9D179AE31.torrent
2015-04-28 01:04 - 2015-04-28 01:04 - 00000000 ____D () C:\ProgramData\BlockIt Ad remover
2015-04-27 16:24 - 2015-04-27 16:24 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-04-26 15:52 - 2015-04-26 15:53 - 00000000 ____D () C:\Users\Eric York\Downloads\Jupiter.Ascending.2015.HDRip.XviD-ETRG
2015-04-26 15:52 - 2015-04-26 15:52 - 00014987 _____ () C:\Users\Eric York\Downloads\2EED3322CB099F0164326A302581C969D412A659.torrent
2015-04-26 15:50 - 2015-04-26 16:14 - 00000000 ____D () C:\Users\Eric York\Downloads\UFC 186 Johnson vs Horiguchi HDTV H264-Ben -={SPARROW}=-
2015-04-26 15:49 - 2015-04-26 15:49 - 00237440 _____ () C:\Users\Eric York\Downloads\F73873E6664001D4036BD5CE5A235C3EDE7AB841.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-24 22:56 - 2014-12-10 14:19 - 01196325 _____ () C:\Windows\WindowsUpdate.log
2015-05-24 22:15 - 2014-12-11 03:16 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-24 20:28 - 2015-04-09 19:00 - 00000000 ____D () C:\ProgramData\7855897752521555993
2015-05-24 19:54 - 2013-12-11 04:19 - 00723920 _____ () C:\Windows\system32\perfh019.dat
2015-05-24 19:54 - 2013-12-11 04:19 - 00150222 _____ () C:\Windows\system32\perfc019.dat
2015-05-24 19:54 - 2009-07-14 01:13 - 01647438 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-24 19:54 - 2009-07-14 00:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-24 19:54 - 2009-07-14 00:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-24 19:47 - 2015-01-13 12:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-24 19:47 - 2014-12-11 03:16 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-24 19:47 - 2009-07-14 00:51 - 00087673 _____ () C:\Windows\setupact.log
2015-05-24 19:46 - 2015-01-13 12:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-24 19:46 - 2010-11-20 23:47 - 00013458 _____ () C:\Windows\PFRO.log
2015-05-24 19:46 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 16:17 - 2014-12-11 03:17 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-24 15:52 - 2014-12-10 14:22 - 00000000 ____D () C:\Users\Eric York\AppData\Local\VirtualStore
2015-05-24 11:21 - 2015-03-27 22:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-24 11:10 - 2014-12-11 03:16 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-24 11:10 - 2014-12-11 03:16 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-24 11:09 - 2015-04-10 16:13 - 00000020 _____ () C:\Users\Eric York\AppData\Roaming\appdataFr3.bin
2015-05-24 11:08 - 2014-12-10 14:22 - 00000000 ____D () C:\Users\Eric York
2015-05-24 11:04 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-24 11:04 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-24 11:04 - 2015-03-27 22:15 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-05-24 11:04 - 2015-03-15 16:28 - 00000000 ____D () C:\Users\Eric York\AppData\Roaming\BitTorrent
2015-05-24 11:04 - 2015-01-23 15:20 - 00000000 ____D () C:\Users\Eric York\AppData\Local\Akamai
2015-05-24 11:04 - 2014-12-11 03:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-24 11:04 - 2011-04-12 04:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-24 11:04 - 2011-04-12 04:28 - 00000000 ____D () C:\Windows\ShellNew
2015-05-24 11:04 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-24 11:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-24 11:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-24 11:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-05-24 11:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-24 11:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-24 11:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-05-13 14:18 - 2014-12-10 16:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-10 20:12 - 2015-03-27 22:13 - 00000000 ____D () C:\Users\Eric York\AppData\Local\Adobe
2015-05-05 22:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2015-05-04 21:20 - 2015-03-23 23:19 - 463138055 _____ () C:\Windows\MEMORY.DMP
2015-05-04 21:20 - 2015-03-23 23:19 - 00000000 ____D () C:\Windows\Minidump
2015-04-27 17:31 - 2015-04-21 18:29 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
 
==================== Files in the root of some directories =======
 
2015-05-24 12:29 - 2015-05-24 12:29 - 0000024 _____ () C:\Users\Eric York\AppData\Roaming\appdataFr25.bin
2015-04-10 16:13 - 2015-05-24 11:09 - 0000020 _____ () C:\Users\Eric York\AppData\Roaming\appdataFr3.bin
2015-05-05 23:10 - 2015-05-07 00:10 - 0000059 _____ () C:\Users\Eric York\AppData\Roaming\WB.CFG
2015-05-07 13:10 - 2015-05-07 13:10 - 0000001 _____ () C:\Users\Eric York\AppData\Local\DSI.DAT
2014-12-11 19:33 - 2014-12-11 19:33 - 0007605 _____ () C:\Users\Eric York\AppData\Local\Resmon.ResmonCfg
2015-05-24 15:35 - 2015-05-24 16:02 - 0011760 _____ () C:\Users\Eric York\AppData\Local\Temp-log.txt
2015-03-18 08:01 - 2015-03-18 08:01 - 0000000 _____ () C:\Users\Eric York\AppData\Local\{92E43EF1-04D3-4EE8-A6DE-9EBB2E894B8E}
2014-12-29 14:18 - 2014-12-29 14:18 - 0000000 _____ () C:\Users\Eric York\AppData\Local\{BFC38138-B67E-4E96-A540-B012DB2974B7}
 
Some files in TEMP:
====================
C:\Users\Eric York\AppData\Local\Temp\1250.exe
C:\Users\Eric York\AppData\Local\Temp\294C.exe
C:\Users\Eric York\AppData\Local\Temp\36D8.exe
C:\Users\Eric York\AppData\Local\Temp\4200.exe
C:\Users\Eric York\AppData\Local\Temp\440.exe
C:\Users\Eric York\AppData\Local\Temp\4818.exe
C:\Users\Eric York\AppData\Local\Temp\4E00.exe
C:\Users\Eric York\AppData\Local\Temp\54F4.exe
C:\Users\Eric York\AppData\Local\Temp\54F8.exe
C:\Users\Eric York\AppData\Local\Temp\5C38.exe
C:\Users\Eric York\AppData\Local\Temp\6240.exe
C:\Users\Eric York\AppData\Local\Temp\62D0.exe
C:\Users\Eric York\AppData\Local\Temp\66D8.exe
C:\Users\Eric York\AppData\Local\Temp\6830.exe
C:\Users\Eric York\AppData\Local\Temp\6B40.exe
C:\Users\Eric York\AppData\Local\Temp\7010.exe
C:\Users\Eric York\AppData\Local\Temp\7980.exe
C:\Users\Eric York\AppData\Local\Temp\87B8.exe
C:\Users\Eric York\AppData\Local\Temp\8820.exe
C:\Users\Eric York\AppData\Local\Temp\8DA8.exe
C:\Users\Eric York\AppData\Local\Temp\8EC8.exe
C:\Users\Eric York\AppData\Local\Temp\8F18.exe
C:\Users\Eric York\AppData\Local\Temp\90A0.exe
C:\Users\Eric York\AppData\Local\Temp\9260.exe
C:\Users\Eric York\AppData\Local\Temp\9410.exe
C:\Users\Eric York\AppData\Local\Temp\9B60.exe
C:\Users\Eric York\AppData\Local\Temp\9EB0.exe
C:\Users\Eric York\AppData\Local\Temp\B360.exe
C:\Users\Eric York\AppData\Local\Temp\B6DC.exe
C:\Users\Eric York\AppData\Local\Temp\BB00.exe
C:\Users\Eric York\AppData\Local\Temp\C640.exe
C:\Users\Eric York\AppData\Local\Temp\D530.exe
C:\Users\Eric York\AppData\Local\Temp\DB70.exe
C:\Users\Eric York\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Eric York\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Eric York\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Eric York\AppData\Local\Temp\E3A8.exe
C:\Users\Eric York\AppData\Local\Temp\E670.exe
C:\Users\Eric York\AppData\Local\Temp\EAFC.exe
C:\Users\Eric York\AppData\Local\Temp\F158.exe
C:\Users\Eric York\AppData\Local\Temp\F4E0.exe
C:\Users\Eric York\AppData\Local\Temp\F5E8.exe
C:\Users\Eric York\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Eric York\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Eric York\AppData\Local\Temp\nvStInst.exe
C:\Users\Eric York\AppData\Local\Temp\optprosetup.exe
C:\Users\Eric York\AppData\Local\Temp\setacl.exe
C:\Users\Eric York\AppData\Local\Temp\SpOrder.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-24 09:31
 
==================== End of log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2015 01
Ran by Eric York at 2015-05-24 22:57:28
Running from C:\Users\Eric York\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2877554017-1696531486-103451963-500 - Administrator - Disabled)
Eric York (S-1-5-21-2877554017-1696531486-103451963-1000 - Administrator - Enabled) => C:\Users\Eric York
Guest (S-1-5-21-2877554017-1696531486-103451963-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2877554017-1696531486-103451963-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
abgx360 v1.0.6 (HKLM-x32\...\abgx360) (Version:  - )
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AllCheapPRiCe (HKLM-x32\...\{5A1D3F9E-73B5-95EC-1233-6646E1358965}) (Version:  - "") <==== ATTENTION
AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
BitTorrent (HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\BitTorrent) (Version: 7.9.3.40101 - BitTorrent Inc.)
ccc-core-static (x32 Version: 2010.0511.2153.37435 - ATI) Hidden
Download EasyMP Monitor version 1.0 (HKLM-x32\...\UsersGuideDownload EasyMP Monitor_is1) (Version: 1.0 - )
EverQuest (HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\soe-EverQuest) (Version: 1.0.3.183 - Sony Online Entertainment)
ExstrACCoupOn (HKLM-x32\...\{98449C67-C7AF-BB53-112D-26C916814611}) (Version:  - "") <==== ATTENTION
EZDownloader (HKLM-x32\...\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1) (Version: 1.0 - EZDownloader) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.234.0 - Advanced Micro Devices, Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IsaveuR (HKLM-x32\...\{F1422DAA-0829-09A1-7536-73936CAB8FFA}) (Version:  - "") <==== ATTENTION
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.25 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.25 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OptiShot (HKLM-x32\...\OptiShot) (Version: 2.5.0.3080 - Dancin' Dogg Golf)
OptiShot2 (HKLM-x32\...\OptiShot2) (Version: 3.0.0.3156 - OptiShot Golf)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Station Launcher (HKLM-x32\...\{49668BEE-D721-449C-82D3-C7561945F706}) (Version: 1.01.9000 - Sony Online Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TechWarrior (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{b37c34bf}) (Version:  - TechWarrior) <==== ATTENTION
The Elder Scrolls Online (HKLM-x32\...\Steam App 306130) (Version:  - Zenimax Online Studios)
The Lord of the Rings Online™ (HKLM-x32\...\Steam App 212500) (Version:  - Turbine, Inc.)
Translate This (HKLM-x32\...\{45606A90-3363-3A3B-1C15-C40E77F4DAA0}) (Version:  - "") <==== ATTENTION
UpdateAdmin (HKLM-x32\...\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}) (Version: 2.0.1885 - DownloadAdmin) <==== ATTENTION!
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
18-05-2015 03:01:42 Windows Update
24-05-2015 10:58:14 Restore Operation
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B88B76E-CAFB-429B-BBFB-50504C667B7C} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {13AE7611-8CC6-4645-AB9A-2D29285BC2E1} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {1647ABED-8DD3-4F08-A410-32DEFE72B2AB} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {4FFFCA50-C8CD-4958-B2F8-ABEB08786166} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-11] (Google Inc.)
Task: {59A5EBF8-BB18-4D85-8390-1F36815AB1B4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8FDCD82E-0014-419F-A625-352EA3C90554} - System32\Tasks\Nuilijoaruto => C:\ProgramData\Nuilijoaruto\1.0.1.0\ufxnoaep.exe [2015-05-24] ()
Task: {A3ECFAA8-9348-4CB1-AABE-C3141D4D8791} - System32\Tasks\{04FD7150-DC96-4785-AD94-1BACE06A655E} => C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest\LaunchPad.exe [2013-03-04] (Sony Online Entertainment)
Task: {ADD713BA-D9F1-47E9-9D7A-ED360679E515} - System32\Tasks\{43ABFCDF-4A53-451C-B44C-05EE154A6A98} => Chrome.exe 
Task: {BF011C96-1E14-4D03-9DA4-B6869984B0BA} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {C1591969-FF3C-4E5E-B1C7-7749E60EF4D4} - System32\Tasks\{49D61FB6-47AE-4E2C-99AF-646F5D49E052} => Chrome.exe 
Task: {C432F44D-3F15-4AC5-B116-9B17192B9E79} - System32\Tasks\{30414C1D-A7B5-4977-B2F6-E4EC87D9F35D} => pcalua.exe -a "C:\Program Files (x86)\SalEPPlus\jd5meOoimmVPBI.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {CA695F23-CE16-491A-AB24-4AB3870F0318} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-11] (Google Inc.)
Task: {D12F610A-8506-40EE-A64A-43623D229821} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.89\OptProLauncher.exe <==== ATTENTION
Task: {E19C6E9B-55D3-432C-AE2D-CFE2ABFC0561} - System32\Tasks\{ADFAB84C-ADC3-4C25-B054-131242659405} => pcalua.exe -a "C:\Program Files (x86)\ActiveCoupon\ActiveCoupon.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {EBC7DD46-39F1-4EBB-83C2-0A1F1906B33A} - System32\Tasks\UpdateAdmin => C:\Users\Eric York\AppData\Local\UpdateAdmin\UpdateAdmin.exe [2014-10-16] (DownloadAdmin) <==== ATTENTION
Task: {F2452B38-9EFF-483D-AF5A-AAD2D91613FE} - System32\Tasks\{D47AEDBC-1A98-4E5F-B74E-85A28B20B135} => pcalua.exe -a "C:\Users\Eric York\Downloads\dxwebsetup-feb2010.exe" -d "C:\Users\Eric York\Downloads"
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-13 12:47 - 2015-01-09 19:29 - 00117392 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-24 11:13 - 2015-05-24 11:13 - 00159232 _____ () C:\ProgramData\Nuilijoaruto\1.0.1.0\ufxnoaep.exe
2014-04-13 21:16 - 2014-04-13 21:16 - 00374272 _____ () C:\ProgramData\{a69497bb-3c58-16c2-a694-497bb3c55eec}\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.exe
2015-04-23 19:01 - 2015-04-23 19:01 - 01623552 _____ () c:\Program Files (x86)\SystemUp\SystemUp.dll
2015-01-13 12:58 - 2015-04-16 13:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 21:28 - 2015-04-22 22:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 21:28 - 2015-04-22 22:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 21:28 - 2015-04-22 22:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-01-13 12:58 - 2015-05-14 21:58 - 02396352 _____ () C:\Program Files (x86)\Steam\video.dll
2015-01-13 12:58 - 2014-12-01 17:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-01-13 12:58 - 2014-12-01 17:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-01-13 12:58 - 2014-12-01 17:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-01-13 12:58 - 2014-12-01 17:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-01-13 12:58 - 2014-12-01 17:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-01-13 12:58 - 2015-05-14 21:57 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-05-05 22:11 - 2015-05-05 22:11 - 01750568 _____ () c:\Program Files (x86)\Optimizer Pro 3.89\OptProMon.dll
2015-01-13 12:58 - 2015-05-11 15:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-05-24 16:17 - 2015-05-13 12:48 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libglesv2.dll
2015-05-24 16:17 - 2015-05-13 12:48 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\libegl.dll
2015-05-24 16:17 - 2015-05-13 12:48 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.65\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\myradioplayer => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
 
==================== MSCONFIG/TASK MANAGER Error getting ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{EFDFB4D3-C3DB-46E2-9101-78A20CA306A9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DAA160D8-475D-4940-A743-1BEF68CCF764}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E6A2559E-6551-4B40-90E1-F65E8F19A41C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{6463EA33-9E6D-41E4-8799-A935FE157B31}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{53F81A62-C1DE-45FD-86F0-2174C8DCFC32}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{565BFC19-CED8-488E-A5EA-D0D971580E8C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{38FB7698-C4C6-4D3D-8F5E-7A5AFAE0F46C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6F9D1456-214D-4020-9BC0-2637DD38A2F9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DE0B4A65-53EB-4E5B-90B4-F27FC8B5FC9D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{633D9ECE-4929-43E9-99D3-18E59F4DDECB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{4D200715-2589-49E8-8693-C4C538278AA4}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [UDP Query User{EC4FC64C-EAD2-4AB5-96FE-6476C3F5017D}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe] => (Allow) C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe
FirewallRules: [{D4239777-4184-40A3-B509-72D358F2A73F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{9BAC1A68-8CF4-476A-9A49-AA2B8AFF3825}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{ADC8279A-7197-4BA9-9558-D992E2689D7F}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{769BB0AD-EF06-4A1E-8CBD-6644ADCE22A2}C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{DA6D3C99-2CEC-43DE-AF90-F6CEF10C8419}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [{13016CC7-F876-4DFB-913B-8D5B813897F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lord of the Rings Online\TurbineInvoker.exe
FirewallRules: [{97533AAB-2CC9-4686-8AE4-566897234B19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [{0392A2F7-8A0D-44F2-86EE-95CD4EF79D3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zenimax Online\zosSteamStarter.exe
FirewallRules: [TCP Query User{EB8877C5-6F60-4191-8C7E-0D1295A0A76C}C:\program files (x86)\steam\steamapps\common\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [UDP Query User{4B41C694-138C-4D39-84D2-790635C88157}C:\program files (x86)\steam\steamapps\common\zenimax online\launcher\bethesda.net_launcher.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\zenimax online\launcher\bethesda.net_launcher.exe
FirewallRules: [TCP Query User{FE50A01D-9DD4-4BD2-AFB7-077FE4043635}C:\users\eric york\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eric york\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{64919891-FD54-4E0A-852F-9EEBFAAE4F8B}C:\users\eric york\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eric york\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{3CDFCBBA-640D-4BD0-8FE5-60DF80A06F90}C:\users\eric york\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\eric york\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{92CD3461-D17A-467C-9CB0-67ADE4C15A1A}C:\users\eric york\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\eric york\appdata\local\akamai\netsession_win.exe
FirewallRules: [{6A69A231-7396-4B63-B31E-475DA6F36B38}] => (Allow) C:\Users\Eric York\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B3264FFE-2C7E-4D2A-8838-DA4A023D9182}] => (Allow) C:\Users\Eric York\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5929866B-BE12-4D61-9659-3132522E369F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/24/2015 10:13:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/24/2015 10:02:36 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\2ee3e40c-5bcb-4fbf-ba35-3456b4e647b6.dmp
 
Error: (05/24/2015 08:53:26 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\b56ae9d0-908e-421f-861c-b95f8d671c84.dmp
 
Error: (05/24/2015 08:24:04 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\95537046-0173-40ed-bec1-bda47cd50611.dmp
 
Error: (05/24/2015 07:48:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/24/2015 06:38:45 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\ec403056-58b3-449d-9611-7b5ba841749b.dmp
 
Error: (05/24/2015 06:20:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 7bc
 
Start Time: 01d0965cf45c6ef3
 
Termination Time: 81
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 1104e309-0263-11e5-b2d4-d4856411a8ff
 
Error: (05/24/2015 05:16:08 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\cb1f8716-9917-4f60-b5e3-202dfce134b9.dmp
 
Error: (05/24/2015 05:08:56 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\6ba32646-4a6c-43b0-ac3e-e53cbdded12f.dmp
 
Error: (05/24/2015 04:48:51 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\6c66df14-2968-42bf-b07f-a3ac1e51dea6.dmp
 
 
System errors:
=============
Error: (05/24/2015 06:07:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AE479D24-AF59-4DEB-9D8B-D1E7DFA2C6A6}
 
Error: (05/24/2015 06:07:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VOTPrx service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 200 milliseconds: Restart the service.
 
Error: (05/24/2015 03:36:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The rHxYgxoLfON service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (05/24/2015 02:26:33 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:24:48 PM on ‎5/‎24/‎2015 was unexpected.
 
Error: (05/24/2015 01:14:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (05/24/2015 01:14:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (05/24/2015 01:11:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:06:05 PM on ‎5/‎24/‎2015 was unexpected.
 
Error: (05/24/2015 11:10:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%1053
 
Error: (05/24/2015 11:10:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
 
Error: (05/24/2015 10:59:07 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VOTPrx service terminated unexpectedly.  It has done this 316 time(s).
 
 
Microsoft Office:
=========================
Error: (05/24/2015 10:13:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"c:\program files (x86)\steam\steamapps\common\lord of the rings online\lotroclient.exe
 
Error: (05/24/2015 10:02:36 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\2ee3e40c-5bcb-4fbf-ba35-3456b4e647b6.dmp
 
Error: (05/24/2015 08:53:26 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\b56ae9d0-908e-421f-861c-b95f8d671c84.dmp
 
Error: (05/24/2015 08:24:04 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\95537046-0173-40ed-bec1-bda47cd50611.dmp
 
Error: (05/24/2015 07:48:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (05/24/2015 06:38:45 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\ec403056-58b3-449d-9611-7b5ba841749b.dmp
 
Error: (05/24/2015 06:20:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.175677bc01d0965cf45c6ef381C:\Windows\Explorer.EXE1104e309-0263-11e5-b2d4-d4856411a8ff
 
Error: (05/24/2015 05:16:08 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\cb1f8716-9917-4f60-b5e3-202dfce134b9.dmp
 
Error: (05/24/2015 05:08:56 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\6ba32646-4a6c-43b0-ac3e-e53cbdded12f.dmp
 
Error: (05/24/2015 04:48:51 PM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)
Description: Chrome has encountered a fatal error.
ver=43.0.2357.65;lang=;guid=053408FD421846B5A4D2F06C075A058C;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\6c66df14-2968-42bf-b07f-a3ac1e51dea6.dmp
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-11 11:42:53.899
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-11 11:42:53.837
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-11 11:39:49.568
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-11 11:39:49.490
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-11 11:34:29.461
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-11 11:34:29.398
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-12 09:16:08.342
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-12 09:16:08.280
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-12 08:56:42.110
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-12 08:56:42.048
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ II X2 255 Processor
Percentage of memory in use: 42%
Total physical RAM: 5119.28 MB
Available physical RAM: 2948.52 MB
Total Pagefile: 10236.75 MB
Available Pagefile: 7306.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.92 GB) (Free:1652.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 87EAF776)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)
 
==================== End of log ============================

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, your problem is that you are downloading torrents with no onboard antivirus. You are a malware writers dream. You need to either stop downloading torrents or at least get an antivirus that will scan them on download

Re-install Chrome

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.

1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome using control panel.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.

THEN

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [myradioplayer Tray] => "C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe"
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Eric York\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\Run: [UpdateAdmin] => C:\Users\Eric York\AppData\Local\UpdateAdmin\UpdateAdmin.exe [225552 2014-10-16] (DownloadAdmin)
AppInit_DLLs-x32: C:\PROGRA~3\{DC703~1\1170~1.1\tedo.dll => "C:\PROGRA~3\{DC703~1\1170~1.1\tedo.dll" File not found
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Champs.2015.HDRip.XViD-juggs[ETRG].lnk [2015-03-31]
ShortcutTarget: Champs.2015.HDRip.XViD-juggs[ETRG].lnk -> C:\ProgramData\{14d215c9-2b26-e2f1-14d2-215c92b25724}\Champs.2015.HDRip.XViD-juggs[ETRG].exe (No File)
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-05]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}\hqghumeaylnlf.exe (PC Utilities Software Limited)
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.lnk [2015-04-13]
ShortcutTarget: Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.lnk -> C:\ProgramData\{a69497bb-3c58-16c2-a694-497bb3c55eec}\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easylifeapp.com/
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=US&unqvl=86
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.goo...&cc=US&unqvl=86
SearchScopes: HKU\S-1-5-21-2877554017-1696531486-103451963-1000 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = http://websearch.goo...&cc=US&unqvl=86
SearchScopes: HKU\S-1-5-21-2877554017-1696531486-103451963-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://taplika.com/r...=2066106222&ir=
BHO: IsaveuR -> {069C4103-B8AD-46EA-85B7-5D0A90176798} -> C:\Program Files (x86)\IsaveuR\87s0mIX9fsABMp.x64.dll [2015-05-24] ()
BHO: AllCheapPRiCe -> {A0D6956C-4538-4CD8-8D2B-F75463ABA3E2} -> C:\Program Files (x86)\AllCheapPRiCe\bfcsVzhOSznkGp.x64.dll [2015-05-24] ()
BHO-x32: IsaveuR -> {069C4103-B8AD-46EA-85B7-5D0A90176798} -> C:\Program Files (x86)\IsaveuR\87s0mIX9fsABMp.dll [2015-05-24] ()
BHO-x32: AllCheapPRiCe -> {A0D6956C-4538-4CD8-8D2B-F75463ABA3E2} -> C:\Program Files (x86)\AllCheapPRiCe\bfcsVzhOSznkGp.dll [2015-05-24] ()
R2 b37c34bf; c:\Program Files (x86)\SystemUp\SystemUp.dll [1623552 2015-04-23] () []
R2 da05e809; c:\Program Files (x86)\Optimizer Pro 3.89\OptProMon.dll [1750568 2015-05-05] () <==== ATTENTION
2015-05-24 20:28 - 2015-05-24 20:28 - 00000000 ____D () C:\Program Files (x86)\AllCheapPRiCe
2015-05-24 20:27 - 2015-05-24 20:27 - 00000000 ____D () C:\Program Files (x86)\Translate This
2015-05-24 20:27 - 2015-05-24 20:27 - 00000000 ____D () C:\Program Files (x86)\IsaveuR
2015-05-24 20:27 - 2015-05-24 20:27 - 00000000 ____D () C:\Program Files (x86)\ExstrACCoupOn
2015-05-24 16:14 - 2015-05-24 16:14 - 00002998 _____ () C:\Windows\System32\Tasks\{49D61FB6-47AE-4E2C-99AF-646F5D49E052}
2015-05-24 16:13 - 2015-05-24 16:13 - 00002998 _____ () C:\Windows\System32\Tasks\{43ABFCDF-4A53-451C-B44C-05EE154A6A98}
2015-05-24 15:48 - 2015-05-24 15:48 - 00003216 _____ () C:\Windows\System32\Tasks\{30414C1D-A7B5-4977-B2F6-E4EC87D9F35D}
2015-05-24 15:34 - 2015-05-24 15:34 - 00003218 _____ () C:\Windows\System32\Tasks\{ADFAB84C-ADC3-4C25-B054-131242659405}
2015-05-24 12:29 - 2015-05-24 12:29 - 00000024 _____ () C:\Users\Eric York\AppData\Roaming\appdataFr25.bin
2015-05-24 11:13 - 2015-05-24 15:29 - 00003450 _____ () C:\Windows\System32\Tasks\Nuilijoaruto
2015-05-22 16:08 - 2015-05-24 11:04 - 00000000 ____D () C:\Program Files (x86)\BItSaver
2015-05-20 19:12 - 2015-05-24 11:13 - 00000000 ____D () C:\ProgramData\Nuilijoaruto
2015-05-10 07:37 - 2015-05-10 07:37 - 00000000 ____D () C:\Users\Eric York\AppData\Local\speed browser
2015-05-10 07:37 - 2015-05-10 07:37 - 00000000 ____D () C:\Program Files (x86)\speed browser
2015-05-07 13:10 - 2015-05-07 13:10 - 00000001 _____ () C:\Users\Eric York\AppData\Local\DSI.DAT
2015-05-06 23:52 - 2015-05-24 11:04 - 00000000 ____D () C:\ProgramData\Browser
2015-05-05 23:17 - 2015-05-05 23:17 - 00000000 ____D () C:\Users\Eric York\AppData\Local\iConvertor
2015-05-05 23:10 - 2015-05-07 00:10 - 00000059 _____ () C:\Users\Eric York\AppData\Roaming\WB.CFG
2015-05-05 22:17 - 2015-05-24 13:21 - 00003276 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-05-05 22:17 - 2015-05-05 22:17 - 00000000 ____D () C:\Users\Eric York\Documents\Optimizer Pro
2015-05-05 22:17 - 2015-05-05 22:17 - 00000000 ____D () C:\Users\Eric York\AppData\Roaming\Optimizer Pro
2015-05-05 22:12 - 2015-05-05 22:12 - 00003866 _____ () C:\Windows\System32\Tasks\UpdateAdmin
2015-05-05 22:12 - 2015-05-05 22:12 - 00000000 ____D () C:\Users\Eric York\AppData\Local\UpdateAdmin
2015-05-05 22:12 - 2015-05-05 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
2015-05-05 22:11 - 2015-05-24 16:00 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.89
2015-05-05 22:11 - 2015-05-06 17:40 - 00000000 ____D () C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}
2015-05-05 22:10 - 2015-05-24 18:20 - 00000000 ____D () C:\Users\Eric York\AppData\Local\ArcadeTwist
2015-05-05 22:09 - 2015-05-05 22:09 - 01147632 _____ () C:\Users\Eric York\Downloads\Chrome_Updater.exe
2015-05-05 20:34 - 2015-05-05 20:34 - 06512600 _____ (383 Media, Inc.) C:\Users\Eric York\Downloads\DriverRestore.exe
2015-05-05 20:31 - 2015-05-05 20:31 - 05379408 _____ () C:\Users\Eric York\Downloads\ip2600svst215ej.exe
2015-04-28 01:04 - 2015-04-28 01:04 - 00000000 ____D () C:\ProgramData\BlockIt Ad remover
2015-05-24 20:28 - 2015-04-09 19:00 - 00000000 ____D () C:\ProgramData\7855897752521555993
2015-04-27 17:31 - 2015-04-21 18:29 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-03-18 08:01 - 2015-03-18 08:01 - 0000000 _____ () C:\Users\Eric York\AppData\Local\{92E43EF1-04D3-4EE8-A6DE-9EBB2E894B8E}
2014-12-29 14:18 - 2014-12-29 14:18 - 0000000 _____ () C:\Users\Eric York\AppData\Local\{BFC38138-B67E-4E96-A540-B012DB2974B7}
Task: {8FDCD82E-0014-419F-A625-352EA3C90554} - System32\Tasks\Nuilijoaruto => C:\ProgramData\Nuilijoaruto\1.0.1.0\ufxnoaep.exe [2015-05-24] ()
Task: {C432F44D-3F15-4AC5-B116-9B17192B9E79} - System32\Tasks\{30414C1D-A7B5-4977-B2F6-E4EC87D9F35D} => pcalua.exe -a "C:\Program Files (x86)\SalEPPlus\jd5meOoimmVPBI.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {D12F610A-8506-40EE-A64A-43623D229821} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.89\OptProLauncher.exe <==== ATTENTION
Task: {E19C6E9B-55D3-432C-AE2D-CFE2ABFC0561} - System32\Tasks\{ADFAB84C-ADC3-4C25-B054-131242659405} => pcalua.exe -a "C:\Program Files (x86)\ActiveCoupon\ActiveCoupon.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {EBC7DD46-39F1-4EBB-83C2-0A1F1906B33A} - System32\Tasks\UpdateAdmin => C:\Users\Eric York\AppData\Local\UpdateAdmin\UpdateAdmin.exe [2014-10-16] (DownloadAdmin) <==== ATTENTION
Task: {F2452B38-9EFF-483D-AF5A-AAD2D91613FE} - System32\Tasks\{D47AEDBC-1A98-4E5F-B74E-85A28B20B135} => pcalua.exe -a "C:\Users\Eric York\Downloads\dxwebsetup-feb2010.exe" -d "C:\Users\Eric York\Downloads"
C:\Program Files (x86)\myradioplayer
C:\Users\Eric York\AppData\Local\UpdateAdmin
C:\ProgramData\{a69497bb-3c58-16c2-a694-497bb3c55eec}
C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}
C:\ProgramData\Nuilijoaruto
C:\Program Files (x86)\AllCheapPRiCe
C:\Program Files (x86)\IsaveuR
c:\Program Files (x86)\SystemUp
c:\Program Files (x86)\Optimizer Pro 3.89
C:\Program Files (x86)\SalEPPlus
C:\Users\Eric York\AppData\Local\UpdateAdmin
C:\Program Files (x86)\ActiveCoupon
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

NEXT

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it.
You may be offered the option of using virtualisation, accept that
When it offers to download the virus database allow that as well
Click the "Scan" button to start scan

AswMBR%20scan.JPG


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 0

#3
amymac43

amymac43

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
YEP as soon as I saw CHR dev: Chrome dev build detected! <======= ATTENTION
I told eric it looked like the google itself as corrupted!  problem was,the exlorer
 didnt work and i didnt see how i was going to reinstall when it was my only
web access!  But I now have the "extras" uninstalled from explorer and am using it now!
 
 
 
# AdwCleaner v4.205 - Logfile created 26/05/2015 at 23:01:26
# Updated 21/05/2015 by Xplode
# Database : 2015-05-25.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Eric York - ERICYORK-PC
# Running from : C:\Users\Eric York\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : b37c34bf
[#] Service Deleted : da05e809
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\BlockIt Ad remover
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\AdPunisher
Folder Deleted : C:\ProgramData\7855897752521555993
Folder Deleted : C:\ProgramData\{a69497bb-3c58-16c2-a694-497bb3c55eec}
Folder Deleted : C:\ProgramData\{d56388b0-47ba-00b2-d563-388b047b22c1}
Folder Deleted : C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EZDownloader
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UpdateAdmin
Folder Deleted : C:\Program Files (x86)\speed browser
Folder Deleted : C:\Program Files (x86)\SystemIncrease
Folder Deleted : C:\Program Files (x86)\SystemUp
Folder Deleted : C:\Program Files (x86)\BItSaver
Folder Deleted : C:\Program Files (x86)\ExstrACCoupOn
Folder Deleted : C:\Program Files (x86)\Optimizer Pro 3.89
Folder Deleted : C:\Users\Eric York\AppData\Local\speed browser
Folder Deleted : C:\Users\Eric York\AppData\Local\UpdateAdmin
Folder Deleted : C:\Users\Eric York\AppData\Local\ArcadeTwist
Folder Deleted : C:\Users\Eric York\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Eric York\AppData\Roaming\IHlpr
Folder Deleted : C:\ProgramData\hedpdenjfmffilfpobpmmokilmhdkcfp
Folder Deleted : C:\ProgramData\hklmcafnloheempjlincgmhpdhaolobi
Folder Deleted : C:\ProgramData\hpkeljcnegmhmpnpbamjfoeeobobbmji
Folder Deleted : C:\ProgramData\ldcgenbdjkmkklmhieinmkgnlgiabakb
Folder Deleted : C:\ProgramData\linanhmmhmbkpodnaibbpnkeimnhbfmo
Folder Deleted : C:\ProgramData\plbdbomkocehamcinbggmbpghenokfhc
 
***** [ Scheduled tasks ] *****
 
Task Deleted : Optimizer Pro Schedule
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\easylifeapp.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\2dfd66cd-c093-bb53-278d-b941f54afbd9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{b37c34bf}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E52324B-66BF-44AE-A8C5-2DB48E90E729}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{598DCD74-3F5B-4E16-8749-057F426F232A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96BB8E60-6EF9-47E0-9ED8-4AD477ECF427}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4D1C553-99C0-48E5-B0A7-B1E00163715C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2309C24-8371-451B-9D22-185D36B27B0D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8E8C2E2D-7F21-2CF5-0ADB-64935121ECF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7540FDBD-7FDC-30AE-3778-815CB87DBE46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A1D3F9E-73B5-95EC-1233-6646E1358965}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-73936CAB8FFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FE139F4C-CE5B-121A-8A2D-191FA2226094}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{53B21E29-3967-C332-57EB-C02631658584}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98449C67-C7AF-BB53-112D-26C916814611}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchy.easylifeapp.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\taplika.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\websearch.goodforsearch.info
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
 
-\\ Google Chrome v43.0.2357.81
 
[C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [7434 bytes] - [26/05/2015 23:00:22]
AdwCleaner[S0].txt - [7209 bytes] - [26/05/2015 23:01:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7268  bytes] ##########
 
 
 
 
 
 
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-05-26 23:13:28
-----------------------------
23:13:28.573    OS Version: Windows x64 6.1.7601 Service Pack 1
23:13:28.573    Number of processors: 2 586 0x603
23:13:28.574    ComputerName: ERICYORK-PC  UserName: Eric York
23:13:32.395    Initialize success
23:13:32.442    VM: initialized successfully
23:13:32.442    VM: Amd CPU BiosDisabled 
23:14:58.870    The log file has been saved successfully to "C:\Users\Eric York\Documents\aswMBR.txt"
 
 
 
 
thank you for your help..will look for reply soon.  I see you chose avast as compatible
for this pc.  is the program they offer sufficient to guard against bittorrent coruption??
Eric intends to eventually stream all his cable shows thru internet...and I cant see his fantasy
freak self ever giving up his movies or shows.  hope you can educate us as to what coverage
to look for in programs available because...eric used virus programs with alot of issues
on the last computer and thought hes just as well off unprotected.  hmm...maybe if he was YOU...bahahaha
 
Eric does ask...will this remove the original malware on the bittorrent or will he need to remove them??

  • 0

#4
amymac43

amymac43

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

call me curious but how WOULD you reinstall a new browser if you cant download, access web?  you cant?? just have to clean browser from safe mode??  


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You should still have IE on the computer as it is not possible to remove it just hide it

Avast as an AV will actually check the torrent link before anything is downloaded and if it is bad it will block it dead.

Could you run a fresh FRST scan please and let me know what the current problems are
  • 0

#6
amymac43

amymac43

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015
Ran by Eric York (administrator) on ERICYORK-PC on 27-05-2015 12:29:29
Running from C:\Users\Eric York\Desktop
Loaded Profiles: Eric York (Available Profiles: Eric York)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\Eric York\AppData\Local\Akamai\netsession_win.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Akamai Technologies, Inc.) C:\Users\Eric York\AppData\Local\Akamai\netsession_win.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [myradioplayer Tray] => "C:\Program Files (x86)\myradioplayer\myradioplayerTray.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-14] (Valve Corporation)
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Eric York\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\Run: [UpdateAdmin] => C:\Users\Eric York\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\MountPoints2: {9959f192-f45a-11e4-a3eb-d4856411a8ff} - J:\LG_PC_Programs.exe
AppInit_DLLs-x32: C:\PROGRA~3\{DC703~1\1170~1.1\tedo.dll => "C:\PROGRA~3\{DC703~1\1170~1.1\tedo.dll" File not found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-03-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Champs.2015.HDRip.XViD-juggs[ETRG].lnk [2015-03-31]
ShortcutTarget: Champs.2015.HDRip.XViD-juggs[ETRG].lnk -> C:\ProgramData\{14d215c9-2b26-e2f1-14d2-215c92b25724}\Champs.2015.HDRip.XViD-juggs[ETRG].exe (No File)
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-05]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}\hqghumeaylnlf.exe (No File)
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.lnk [2015-04-13]
ShortcutTarget: Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.lnk -> C:\ProgramData\{a69497bb-3c58-16c2-a694-497bb3c55eec}\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-01-09] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-26] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-26]
CHR Extension: (Google Docs) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-26]
CHR Extension: (Google Drive) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-26]
CHR Extension: (YouTube) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-26]
CHR Extension: (Google Search) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-26]
CHR Extension: (Google Sheets) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-26]
CHR Extension: (Bookmark Manager) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-26]
CHR Extension: (Google Wallet) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-26]
CHR Extension: (Gmail) - C:\Users\Eric York\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-27 12:29 - 2015-05-27 12:29 - 00000000 ____D () C:\Users\Eric York\Desktop\FRST-OlderVersion
2015-05-26 23:14 - 2015-05-26 23:14 - 00000533 _____ () C:\Users\Eric York\Documents\aswMBR.txt
2015-05-26 23:13 - 2015-05-26 23:13 - 05200384 _____ (AVAST Software) C:\Users\Eric York\Downloads\aswmbr.exe
2015-05-26 23:00 - 2015-05-26 23:07 - 00000000 ____D () C:\AdwCleaner
2015-05-26 22:50 - 2015-05-27 12:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-26 22:50 - 2015-05-27 07:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-26 22:50 - 2015-05-26 22:56 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-26 22:50 - 2015-05-26 22:56 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-26 22:50 - 2015-05-26 22:50 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-26 22:50 - 2015-05-26 22:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-26 21:55 - 2015-05-26 21:55 - 00001485 _____ () C:\Users\Eric York\Desktop\instructions.txt
2015-05-26 21:43 - 2015-05-26 21:43 - 00001195 _____ () C:\Users\Eric York\Desktop\AdwCleaner - Shortcut.lnk
2015-05-26 21:41 - 2015-05-26 21:41 - 02223104 _____ () C:\Users\Eric York\Downloads\AdwCleaner.exe
2015-05-26 21:39 - 2015-05-26 21:39 - 00008959 _____ () C:\Users\Eric York\Desktop\fixlist.txt
2015-05-26 18:44 - 2015-05-27 00:36 - 00008818 _____ () C:\Users\Eric York\Documents\instruions.txt
2015-05-26 18:40 - 2015-05-26 18:40 - 00005237 _____ () C:\Users\Eric York\Documents\bookmarks_5_26_15.html
2015-05-26 12:04 - 2015-05-26 12:04 - 00000000 _____ () C:\Users\Eric York\AppData\Local\Temp.dat
2015-05-25 02:07 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-25 02:07 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-24 22:57 - 2015-05-24 22:57 - 00031897 _____ () C:\Users\Eric York\Desktop\Addition.txt
2015-05-24 22:56 - 2015-05-27 12:29 - 00011188 _____ () C:\Users\Eric York\Desktop\FRST.txt
2015-05-24 22:53 - 2015-05-27 12:29 - 02108928 _____ (Farbar) C:\Users\Eric York\Desktop\FRST64.exe
2015-05-24 20:44 - 2015-05-24 20:44 - 02108416 _____ (Farbar) C:\Users\Eric York\Downloads\FRST64 (1).exe
2015-05-24 17:12 - 2015-05-24 17:13 - 00031993 _____ () C:\Users\Eric York\Downloads\Addition.txt
2015-05-24 17:11 - 2015-05-27 12:29 - 00000000 ____D () C:\FRST
2015-05-24 17:11 - 2015-05-24 20:49 - 00038154 _____ () C:\Users\Eric York\Downloads\FRST.txt
2015-05-24 17:11 - 2015-05-24 17:11 - 02108416 _____ (Farbar) C:\Users\Eric York\Downloads\FRST64.exe
2015-05-24 16:14 - 2015-05-24 16:14 - 00002998 _____ () C:\Windows\System32\Tasks\{49D61FB6-47AE-4E2C-99AF-646F5D49E052}
2015-05-24 16:13 - 2015-05-24 16:13 - 00002998 _____ () C:\Windows\System32\Tasks\{43ABFCDF-4A53-451C-B44C-05EE154A6A98}
2015-05-24 15:48 - 2015-05-24 15:48 - 00003216 _____ () C:\Windows\System32\Tasks\{30414C1D-A7B5-4977-B2F6-E4EC87D9F35D}
2015-05-24 15:34 - 2015-05-24 15:34 - 00003218 _____ () C:\Windows\System32\Tasks\{ADFAB84C-ADC3-4C25-B054-131242659405}
2015-05-24 12:29 - 2015-05-26 11:41 - 00000024 _____ () C:\Users\Eric York\AppData\Roaming\appdataFr25.bin
2015-05-24 11:31 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-24 11:31 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-24 11:31 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-24 11:31 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-24 11:31 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-24 11:31 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-24 11:31 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-24 11:31 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-24 11:31 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-24 11:31 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-24 11:31 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-24 11:31 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-24 11:31 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-24 11:31 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-24 11:31 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-24 11:31 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-24 11:31 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-24 11:31 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-24 11:31 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-24 11:31 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-24 11:31 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-24 11:31 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-24 11:31 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-24 11:31 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-24 11:31 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-24 11:31 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-24 11:31 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-24 11:31 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-24 11:31 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-24 11:31 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-24 11:31 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-24 11:31 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-24 11:31 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-24 11:31 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-24 11:31 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-24 11:31 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-24 11:31 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-24 11:31 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-24 11:31 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-24 11:31 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-24 11:31 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-24 11:31 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-24 11:31 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-24 11:31 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-24 11:31 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-24 11:31 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-24 11:31 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-24 11:31 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-24 11:31 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-24 11:31 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-24 11:31 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-24 11:31 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-24 11:31 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-24 11:31 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-24 11:31 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-24 11:31 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-24 11:31 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-24 11:31 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-24 11:31 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-24 11:31 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-24 11:31 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-24 11:31 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-24 11:31 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-24 11:31 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-24 11:31 - 2015-04-03 23:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-24 11:31 - 2015-04-03 23:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-24 11:31 - 2015-04-03 23:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-24 11:31 - 2015-04-03 23:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-24 11:31 - 2015-04-03 23:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-24 11:31 - 2015-04-03 23:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-24 11:31 - 2015-04-03 23:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-24 11:31 - 2015-04-03 23:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-24 11:31 - 2015-04-03 23:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-24 11:31 - 2015-04-03 23:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-24 11:31 - 2015-04-03 23:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-24 11:31 - 2015-04-03 23:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-24 11:31 - 2015-04-03 23:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-24 11:31 - 2015-04-03 23:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-24 11:31 - 2015-04-03 23:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-24 11:31 - 2015-04-03 23:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-24 11:31 - 2015-04-03 23:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-24 11:31 - 2015-04-03 23:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-24 11:31 - 2015-04-03 23:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-24 11:31 - 2015-04-03 23:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-24 11:31 - 2015-04-03 23:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-24 11:31 - 2015-04-03 23:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-24 11:31 - 2015-04-03 23:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-24 11:31 - 2015-04-03 23:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-24 11:31 - 2015-04-03 23:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-24 11:31 - 2015-04-03 23:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-24 11:31 - 2015-04-03 23:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-24 11:31 - 2015-04-03 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-24 11:31 - 2015-04-03 22:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-24 11:29 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-24 11:29 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-24 11:29 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-24 11:29 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-24 11:29 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-24 11:29 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-24 11:29 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-24 11:29 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-24 11:29 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-24 11:29 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-24 11:29 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-24 11:29 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-24 11:27 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-24 11:27 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-24 11:27 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-24 11:27 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-24 11:27 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-24 11:27 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-24 11:27 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-18 18:04 - 2015-05-18 18:04 - 00000000 ____D () C:\Users\Eric York\Downloads\Game.of.Thrones.S05E06.HDTV.x264-ASAP[ettv]
2015-05-18 18:03 - 2015-05-18 18:03 - 00028219 _____ () C:\Users\Eric York\Downloads\DBE720F223AAE9B6E5886122FD2EEE18B90195C1.torrent
2015-05-16 20:17 - 2015-05-24 11:04 - 00000000 ____D () C:\Users\Eric York\Downloads\The 100 - The Complete Season 2 [HDTV]
2015-05-16 20:16 - 2015-05-16 20:16 - 00061954 _____ () C:\Users\Eric York\Downloads\A81F006EA0EC63A7EFEA9CD5B0700801D933A711.torrent
2015-05-16 20:15 - 2015-05-16 20:15 - 00004865 _____ () C:\Users\Eric York\Downloads\56534C6F12D0512E98817E232C441328BDF4E1B8 (1).torrent
2015-05-16 11:07 - 2015-05-16 11:07 - 00000000 ____D () C:\Users\Eric York\Downloads\Slow.West.2015.HDRip.XviD.AC3-EVO
2015-05-16 11:06 - 2015-05-16 11:06 - 00118995 _____ () C:\Users\Eric York\Downloads\7ABC52707286AECAAA420276EA2DDDAD01B1834E.torrent
2015-05-14 15:55 - 2015-05-14 15:57 - 00000000 ____D () C:\Users\Eric York\Downloads\The.Lazasur.Effect.2015.HC.HDRip.XViD.AC3-ETRG
2015-05-14 15:55 - 2015-05-14 15:56 - 00000000 ____D () C:\Users\Eric York\Downloads\The.SpongeBob.Movie.Sponge.Out.Of.Water.2015.HC.HDRip.XviD.AC3-EVO
2015-05-14 15:55 - 2015-05-14 15:55 - 00114787 _____ () C:\Users\Eric York\Downloads\24D8DADE1F9652E79437B64001B655F2F804BFEA.torrent
2015-05-14 15:54 - 2015-05-14 15:54 - 00112714 _____ () C:\Users\Eric York\Downloads\4E12FFE93319E45F453FB76E5EE1ED184266A81A.torrent
2015-05-14 08:33 - 2015-05-14 08:33 - 00000000 ____D () C:\Users\Eric York\Downloads\The.Flash.2014.S01E22.HDTV.x264-LOL[ettv]
2015-05-14 08:30 - 2015-05-14 08:30 - 00018911 _____ () C:\Users\Eric York\Downloads\FCCC12C6F43DFEDB0CAC0217A99DC27077709604.torrent
2015-05-14 08:30 - 2015-05-14 08:30 - 00000000 ____D () C:\Users\Eric York\Downloads\Arrow.S03E23.HDTV.x264-LOL[ettv]
2015-05-14 08:29 - 2015-05-14 08:30 - 00000000 ____D () C:\Users\Eric York\Downloads\Strange.Magic.2015.DVDRip.XviD-EVO
2015-05-14 08:29 - 2015-05-14 08:29 - 00079049 _____ () C:\Users\Eric York\Downloads\0EB9589C33E69139223952EEFF17CC57689AB618.torrent
2015-05-14 08:29 - 2015-05-14 08:29 - 00057631 _____ () C:\Users\Eric York\Downloads\A7AB46A31BC742774767F6FBF19F1C5F47BB1572.torrent
2015-05-14 08:29 - 2015-05-14 08:29 - 00022664 _____ () C:\Users\Eric York\Downloads\EC205D2198F0E0F708D53360F5AB76F2B5DF7BFC.torrent
2015-05-14 08:29 - 2015-05-14 08:29 - 00000000 ____D () C:\Users\Eric York\Downloads\Project.Almanac.2014.BRRip.XViD-ETRG
2015-05-14 08:29 - 2015-05-14 08:29 - 00000000 ____D () C:\Users\Eric York\Downloads\Ex.Machina.2015.DVDRip.XViD-ETRG
2015-05-14 08:28 - 2015-05-14 08:28 - 00057288 _____ () C:\Users\Eric York\Downloads\4109B71CBE61C6299AAD929D57128FA1D0E7918E.torrent
2015-05-14 08:27 - 2015-05-14 08:27 - 00057698 _____ () C:\Users\Eric York\Downloads\1CDAA83BFC308D3780BC7E712150F9AD13B9ED39.torrent
2015-05-14 08:27 - 2015-05-14 08:27 - 00000000 ____D () C:\Users\Eric York\Downloads\Chappie.2015.HDRip.XViD-ETRG
2015-05-12 19:08 - 2015-05-12 19:08 - 00023844 _____ () C:\Users\Eric York\Downloads\46F613E7A84241E1A6D46F71E95AD137985B4F49.torrent
2015-05-12 19:08 - 2015-05-12 19:08 - 00000000 ____D () C:\Users\Eric York\Downloads\Arrow.S03E22.HDTV.x264-LOL[ettv]
2015-05-12 19:07 - 2015-05-12 19:08 - 00000000 ____D () C:\Users\Eric York\Downloads\Game.of.Thrones.S05E05.HDTV.x264-ASAP[ettv]
2015-05-12 19:07 - 2015-05-12 19:07 - 00025033 _____ () C:\Users\Eric York\Downloads\9800748DDDA1891DEF1D01C04F8CC0BCCAE1A192.torrent
2015-05-09 21:17 - 2015-05-09 21:17 - 00000000 ____D () C:\Users\Eric York\Downloads\Fast.and.Furious.7.2015.HC.HDRip.XViD.AC3-ETRG
2015-05-09 21:16 - 2015-05-09 21:16 - 00117315 _____ () C:\Users\Eric York\Downloads\FF368B75C326AD29232504EDB33E56A2CB19A860.torrent
2015-05-09 21:16 - 2015-05-09 21:16 - 00117315 _____ () C:\Users\Eric York\Downloads\FF368B75C326AD29232504EDB33E56A2CB19A860 (1).torrent
2015-05-09 12:21 - 2015-05-09 12:22 - 00000000 ____D () C:\Users\Eric York\Downloads\Infini.2015.HDRip.XViD-ETRG
2015-05-09 12:21 - 2015-05-09 12:21 - 00057855 _____ () C:\Users\Eric York\Downloads\8C6E4535100C0B5337A6D11A6ECB4BBCC55D01FE.torrent
2015-05-08 15:38 - 2015-05-08 15:38 - 00000000 ____D () C:\Users\Eric York\Downloads\Maggie.2015.HDRip.XViD-ETRG
2015-05-08 15:37 - 2015-05-08 15:37 - 00057193 _____ () C:\Users\Eric York\Downloads\60F2D66FD7252535F71D86D6EE6BF043A71B132E.torrent
2015-05-07 20:35 - 2015-05-07 20:35 - 00114612 _____ () C:\Users\Eric York\Downloads\05FA764BA998C17796FF808CE96D77D377D0E348.torrent
2015-05-07 20:35 - 2015-05-07 20:35 - 00000000 ____D () C:\Users\Eric York\Downloads\Run.All.Night.2015.HC.HDRip.XViD.AC3-ETRG
2015-05-07 13:10 - 2015-05-07 13:10 - 00000001 _____ () C:\Users\Eric York\AppData\Local\DSI.DAT
2015-05-06 21:53 - 2015-05-06 22:04 - 00000000 ____D () C:\Users\Eric York\Downloads\Just.Before.I.Go.2014.DVDRip.XViD-ETRG
2015-05-06 21:53 - 2015-05-06 21:53 - 00057286 _____ () C:\Users\Eric York\Downloads\4145BFAF40EBBB8044C9649CC4D3F2065E68E2E0.torrent
2015-05-06 21:51 - 2015-05-06 21:53 - 00000000 ____D () C:\Users\Eric York\Downloads\Fast.&.Furious.7.2015.TS.XViD NO1KNOWS
2015-05-06 21:51 - 2015-05-06 21:51 - 00131843 _____ () C:\Users\Eric York\Downloads\CBFD19EBB5F12283A0D54A00CB1ED6C500C316D0.torrent
2015-05-06 21:50 - 2015-05-06 21:50 - 00000000 ____D () C:\Users\Eric York\Downloads\The.Asylum.2015.720p.WEB-DL.x264 ETRG
2015-05-06 21:49 - 2015-05-06 21:49 - 00230495 _____ () C:\Users\Eric York\Downloads\98D63B9174DB605FCFCD9F09933A3467E3CB9E8A.torrent
2015-05-06 17:52 - 2015-05-06 17:52 - 00000000 ____D () C:\Users\Eric York\AppData\Roaming\Macromedia
2015-05-05 23:17 - 2015-05-05 23:17 - 00000000 ____D () C:\Users\Eric York\AppData\Local\iConvertor
2015-05-05 23:10 - 2015-05-07 00:10 - 00000059 _____ () C:\Users\Eric York\AppData\Roaming\WB.CFG
2015-05-05 22:17 - 2015-05-05 22:17 - 00000000 ____D () C:\Users\Eric York\AppData\Roaming\Optimizer Pro
2015-05-05 22:13 - 2015-05-05 22:13 - 09815040 _____ () C:\Users\Eric York\Downloads\openofficeorg31.msi
2015-05-05 22:12 - 2015-05-05 22:12 - 00003866 _____ () C:\Windows\System32\Tasks\UpdateAdmin
2015-05-05 22:09 - 2015-05-05 22:09 - 01147632 _____ () C:\Users\Eric York\Downloads\Chrome_Updater.exe
2015-05-05 22:08 - 2015-05-05 22:09 - 00000603 _____ () C:\Users\Eric York\Downloads\openofficesuite-setup.website
2015-05-05 21:54 - 2015-05-05 21:55 - 00000000 ____D () C:\Users\Eric York\Desktop\Alicia
2015-05-05 20:40 - 2015-05-05 20:40 - 00761076 _____ () C:\Users\Eric York\Downloads\Canon U.S.A. _ Support & Drivers _ PIXMA iP2600.html
2015-05-05 20:40 - 2015-05-05 20:40 - 00000000 ____D () C:\Users\Eric York\Downloads\Canon U.S.A. _ Support & Drivers _ PIXMA iP2600_files
2015-05-05 20:34 - 2015-05-05 20:34 - 06512600 _____ (383 Media, Inc.) C:\Users\Eric York\Downloads\DriverRestore.exe
2015-05-05 20:31 - 2015-05-05 20:31 - 05379408 _____ () C:\Users\Eric York\Downloads\ip2600svst215ej.exe
2015-05-04 21:20 - 2015-05-04 21:20 - 01021280 _____ () C:\Windows\Minidump\050415-25038-01.dmp
2015-04-30 19:46 - 2015-04-30 19:50 - 00000000 ____D () C:\Users\Eric York\Downloads\The 100 - Season 2 Complete - ChameE
2015-04-30 19:45 - 2015-04-30 19:45 - 00004865 _____ () C:\Users\Eric York\Downloads\56534C6F12D0512E98817E232C441328BDF4E1B8.torrent
2015-04-30 19:24 - 2015-04-30 19:55 - 00000000 ____D () C:\Users\Eric York\Downloads\Spawn.1997-1999.DVDRip.COMPLETE.S01-S03.x264.AC3-5.1 {1337x}-Noir
2015-04-30 19:23 - 2015-04-30 19:23 - 00041347 _____ () C:\Users\Eric York\Downloads\265C793071E483720A7832F488E62904F1E3B949.torrent
2015-04-30 19:23 - 2015-04-30 19:23 - 00041347 _____ () C:\Users\Eric York\Downloads\265C793071E483720A7832F488E62904F1E3B949 (1).torrent
2015-04-30 19:21 - 2015-04-30 19:21 - 00016661 _____ () C:\Users\Eric York\Downloads\_-demonoid.pw-_Order_of_Battle_Pacific_1_5_8_[en_de_fr_ru][SimpleSetup].TORRENT
2015-04-30 19:21 - 2015-04-30 19:21 - 00013248 _____ () C:\Users\Eric York\Downloads\+-demonoid.pw-+_This_War_of_Mine_1_3_1_Multi8Installer_[SimpleSetup].TORRENT
2015-04-30 19:20 - 2015-04-30 19:20 - 00013248 _____ () C:\Users\Eric York\Downloads\[[demonoid.pw]]-This_War_of_Mine_1_3_1_Multi8Installer_[SimpleSetup].TORRENT
2015-04-30 16:52 - 2015-04-30 16:52 - 00114335 _____ () C:\Users\Eric York\Downloads\F3C967221C65CE045179B68AF878133C742E60F6.torrent
2015-04-30 16:52 - 2015-04-30 16:52 - 00000000 ____D () C:\Users\Eric York\Downloads\Kingsman.The.Secret.Service.2014.HC.HDRip.XViD.AC3-ETRG
2015-04-30 13:46 - 2015-04-30 13:46 - 00021955 _____ () C:\Users\Eric York\Downloads\DAF477796CB33FD626AEB8E78474D2AC761CA0A1.torrent
2015-04-30 13:46 - 2015-04-30 13:46 - 00000000 ____D () C:\Users\Eric York\Downloads\Get.Hard.2015.HC.HDRip.XViD-ETRG
2015-04-30 13:46 - 2015-04-30 13:46 - 00000000 ____D () C:\Users\Eric York\Downloads\Arrow.S03E21.HDTV.x264-LOL[ettv]
2015-04-30 13:45 - 2015-04-30 13:45 - 00057126 _____ () C:\Users\Eric York\Downloads\93605453497BBBA0871D9BD822A5ECDE71C65FD1.torrent
2015-04-30 10:11 - 2015-04-30 10:11 - 00795192 _____ (Software Internet ) C:\Users\Eric York\Downloads\java_runtime_enviroment_setup.exe
2015-04-30 10:11 - 2015-04-30 10:11 - 00003154 _____ () C:\Users\Eric York\Downloads\AC1526308B7442CA3ECC2D9CAEC2F2A9D179AE31.torrent
2015-04-27 16:24 - 2015-04-27 16:24 - 00000000 ___HD () C:\ProgramData\CanonBJ
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-27 09:23 - 2014-12-10 14:19 - 01988243 _____ () C:\Windows\WindowsUpdate.log
2015-05-27 07:48 - 2009-07-14 00:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-27 07:48 - 2009-07-14 00:45 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-27 07:46 - 2013-12-11 04:19 - 00723920 _____ () C:\Windows\system32\perfh019.dat
2015-05-27 07:46 - 2013-12-11 04:19 - 00150222 _____ () C:\Windows\system32\perfc019.dat
2015-05-27 07:46 - 2009-07-14 01:13 - 01647438 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-27 07:40 - 2015-01-13 12:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-27 07:40 - 2015-01-13 12:48 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-27 07:40 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-27 07:40 - 2009-07-14 00:51 - 00089521 _____ () C:\Windows\setupact.log
2015-05-26 23:02 - 2010-11-20 23:47 - 00013986 _____ () C:\Windows\PFRO.log
2015-05-26 22:50 - 2014-12-11 03:16 - 00000000 ____D () C:\Users\Eric York\AppData\Local\Google
2015-05-26 22:50 - 2014-12-11 03:16 - 00000000 ____D () C:\Users\Eric York\AppData\Local\Deployment
2015-05-26 22:50 - 2014-12-11 03:16 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-26 11:36 - 2009-07-14 01:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-25 10:20 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-05-25 08:36 - 2009-07-14 00:45 - 00272016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-25 08:35 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-25 08:35 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-25 08:35 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-25 08:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-25 02:17 - 2014-12-10 16:20 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-25 02:09 - 2014-12-10 16:20 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-24 15:52 - 2014-12-10 14:22 - 00000000 ____D () C:\Users\Eric York\AppData\Local\VirtualStore
2015-05-24 11:21 - 2015-03-27 22:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-24 11:09 - 2015-04-10 16:13 - 00000020 _____ () C:\Users\Eric York\AppData\Roaming\appdataFr3.bin
2015-05-24 11:08 - 2014-12-10 14:22 - 00000000 ____D () C:\Users\Eric York
2015-05-24 11:04 - 2015-03-27 22:15 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-05-24 11:04 - 2015-03-15 16:28 - 00000000 ____D () C:\Users\Eric York\AppData\Roaming\BitTorrent
2015-05-24 11:04 - 2015-01-23 15:20 - 00000000 ____D () C:\Users\Eric York\AppData\Local\Akamai
2015-05-24 11:04 - 2011-04-12 04:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-05-24 11:04 - 2011-04-12 04:28 - 00000000 ____D () C:\Windows\ShellNew
2015-05-24 11:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-24 11:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-24 11:04 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-24 11:03 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-05-10 20:12 - 2015-03-27 22:13 - 00000000 ____D () C:\Users\Eric York\AppData\Local\Adobe
2015-05-05 22:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Resources
2015-05-04 21:20 - 2015-03-23 23:19 - 463138055 _____ () C:\Windows\MEMORY.DMP
2015-05-04 21:20 - 2015-03-23 23:19 - 00000000 ____D () C:\Windows\Minidump
2015-04-27 17:31 - 2015-04-21 18:29 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
 
==================== Files in the root of some directories =======
 
2015-05-24 12:29 - 2015-05-26 11:41 - 0000024 _____ () C:\Users\Eric York\AppData\Roaming\appdataFr25.bin
2015-04-10 16:13 - 2015-05-24 11:09 - 0000020 _____ () C:\Users\Eric York\AppData\Roaming\appdataFr3.bin
2015-05-05 23:10 - 2015-05-07 00:10 - 0000059 _____ () C:\Users\Eric York\AppData\Roaming\WB.CFG
2015-05-07 13:10 - 2015-05-07 13:10 - 0000001 _____ () C:\Users\Eric York\AppData\Local\DSI.DAT
2014-12-11 19:33 - 2014-12-11 19:33 - 0007605 _____ () C:\Users\Eric York\AppData\Local\Resmon.ResmonCfg
2015-05-24 15:35 - 2015-05-24 16:02 - 0011760 _____ () C:\Users\Eric York\AppData\Local\Temp-log.txt
2015-05-26 12:04 - 2015-05-26 12:04 - 0000000 _____ () C:\Users\Eric York\AppData\Local\Temp.dat
2015-03-18 08:01 - 2015-03-18 08:01 - 0000000 _____ () C:\Users\Eric York\AppData\Local\{92E43EF1-04D3-4EE8-A6DE-9EBB2E894B8E}
2014-12-29 14:18 - 2014-12-29 14:18 - 0000000 _____ () C:\Users\Eric York\AppData\Local\{BFC38138-B67E-4E96-A540-B012DB2974B7}
 
Some files in TEMP:
====================
C:\Users\Eric York\AppData\Local\Temp\1250.exe
C:\Users\Eric York\AppData\Local\Temp\294C.exe
C:\Users\Eric York\AppData\Local\Temp\36D8.exe
C:\Users\Eric York\AppData\Local\Temp\4200.exe
C:\Users\Eric York\AppData\Local\Temp\440.exe
C:\Users\Eric York\AppData\Local\Temp\4818.exe
C:\Users\Eric York\AppData\Local\Temp\4E00.exe
C:\Users\Eric York\AppData\Local\Temp\54F4.exe
C:\Users\Eric York\AppData\Local\Temp\54F8.exe
C:\Users\Eric York\AppData\Local\Temp\5C38.exe
C:\Users\Eric York\AppData\Local\Temp\6240.exe
C:\Users\Eric York\AppData\Local\Temp\62D0.exe
C:\Users\Eric York\AppData\Local\Temp\66D8.exe
C:\Users\Eric York\AppData\Local\Temp\6830.exe
C:\Users\Eric York\AppData\Local\Temp\6B40.exe
C:\Users\Eric York\AppData\Local\Temp\7010.exe
C:\Users\Eric York\AppData\Local\Temp\7980.exe
C:\Users\Eric York\AppData\Local\Temp\87B8.exe
C:\Users\Eric York\AppData\Local\Temp\8820.exe
C:\Users\Eric York\AppData\Local\Temp\8DA8.exe
C:\Users\Eric York\AppData\Local\Temp\8EC8.exe
C:\Users\Eric York\AppData\Local\Temp\8F18.exe
C:\Users\Eric York\AppData\Local\Temp\90A0.exe
C:\Users\Eric York\AppData\Local\Temp\9260.exe
C:\Users\Eric York\AppData\Local\Temp\9410.exe
C:\Users\Eric York\AppData\Local\Temp\9B60.exe
C:\Users\Eric York\AppData\Local\Temp\9EB0.exe
C:\Users\Eric York\AppData\Local\Temp\B360.exe
C:\Users\Eric York\AppData\Local\Temp\B6DC.exe
C:\Users\Eric York\AppData\Local\Temp\BB00.exe
C:\Users\Eric York\AppData\Local\Temp\C640.exe
C:\Users\Eric York\AppData\Local\Temp\D530.exe
C:\Users\Eric York\AppData\Local\Temp\DB70.exe
C:\Users\Eric York\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Eric York\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Eric York\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Eric York\AppData\Local\Temp\E3A8.exe
C:\Users\Eric York\AppData\Local\Temp\E670.exe
C:\Users\Eric York\AppData\Local\Temp\EAFC.exe
C:\Users\Eric York\AppData\Local\Temp\F158.exe
C:\Users\Eric York\AppData\Local\Temp\F4E0.exe
C:\Users\Eric York\AppData\Local\Temp\F5E8.exe
C:\Users\Eric York\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Eric York\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Eric York\AppData\Local\Temp\nvStInst.exe
C:\Users\Eric York\AppData\Local\Temp\optprosetup.exe
C:\Users\Eric York\AppData\Local\Temp\Quarantine.exe
C:\Users\Eric York\AppData\Local\Temp\setacl.exe
C:\Users\Eric York\AppData\Local\Temp\SpOrder.dll
C:\Users\Eric York\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-24 09:31
 
==================== End of log ============================

  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You really need to get an antivirus as some more infections have appeared

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\Run: [UpdateAdmin] => C:\Users\Eric York\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\MountPoints2: {9959f192-f45a-11e4-a3eb-d4856411a8ff} - J:\LG_PC_Programs.exe
AppInit_DLLs-x32: C:\PROGRA~3\{DC703~1\1170~1.1\tedo.dll => "C:\PROGRA~3\{DC703~1\1170~1.1\tedo.dll" File not found
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Champs.2015.HDRip.XViD-juggs[ETRG].lnk [2015-03-31]
ShortcutTarget: Champs.2015.HDRip.XViD-juggs[ETRG].lnk -> C:\ProgramData\{14d215c9-2b26-e2f1-14d2-215c92b25724}\Champs.2015.HDRip.XViD-juggs[ETRG].exe (No File)
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-05]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}\hqghumeaylnlf.exe (No File)
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.lnk [2015-04-13]
ShortcutTarget: Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.lnk -> C:\ProgramData\{a69497bb-3c58-16c2-a694-497bb3c55eec}\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-05-24 16:14 - 2015-05-24 16:14 - 00002998 _____ () C:\Windows\System32\Tasks\{49D61FB6-47AE-4E2C-99AF-646F5D49E052}
2015-05-24 16:13 - 2015-05-24 16:13 - 00002998 _____ () C:\Windows\System32\Tasks\{43ABFCDF-4A53-451C-B44C-05EE154A6A98}
2015-05-24 15:48 - 2015-05-24 15:48 - 00003216 _____ () C:\Windows\System32\Tasks\{30414C1D-A7B5-4977-B2F6-E4EC87D9F35D}
2015-05-24 15:34 - 2015-05-24 15:34 - 00003218 _____ () C:\Windows\System32\Tasks\{ADFAB84C-ADC3-4C25-B054-131242659405}
2015-05-05 22:17 - 2015-05-05 22:17 - 00000000 ____D () C:\Users\Eric York\AppData\Roaming\Optimizer Pro
2015-05-05 20:34 - 2015-05-05 20:34 - 06512600 _____ (383 Media, Inc.) C:\Users\Eric York\Downloads\DriverRestore.exe
2015-05-05 20:31 - 2015-05-05 20:31 - 05379408 _____ () C:\Users\Eric York\Downloads\ip2600svst215ej.exe
2015-04-27 17:31 - 2015-04-21 18:29 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-03-18 08:01 - 2015-03-18 08:01 - 0000000 _____ () C:\Users\Eric York\AppData\Local\{92E43EF1-04D3-4EE8-A6DE-9EBB2E894B8E}
2014-12-29 14:18 - 2014-12-29 14:18 - 0000000 _____ () C:\Users\Eric York\AppData\Local\{BFC38138-B67E-4E96-A540-B012DB2974B7}
C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    http://img.photobuck...claimer_ENG.png

    NSIS_extraction.png
    • When finished, it shall produce a log for you.
    • Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#8
amymac43

amymac43

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

not shocked there is more to delete today.  eric thought maybe he would just no longer download movies and he'd be ok without anti virus.  I showed Eric your reply and now he sees that just going onto social media like facebook and esp. pinterest will deliver you unwanted friends.  Sooo.. I went online and we had cleared the bowser history and cookies etc afterward...he thought that was all he needed to do and would keep up with it.  now he sees it definitely isnt enough!!  I will be finishing the avast download at the close of this reply.  Thanks for the patience.  I would rather show him in a quick test then have to save the computer a month from now cuz he wants to follow people who tell him anti virus bogs your pc down!!

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015
Ran by Eric York at 2015-05-29 12:32:50 Run:1
Running from C:\Users\Eric York\Desktop
Loaded Profiles: Eric York (Available Profiles: Eric York)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\Run: [UpdateAdmin] => C:\Users\Eric York\AppData\Local\UpdateAdmin\UpdateAdmin.exe /RUN
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\...\MountPoints2: {9959f192-f45a-11e4-a3eb-d4856411a8ff} - J:\LG_PC_Programs.exe
AppInit_DLLs-x32: C:\PROGRA~3\{DC703~1\1170~1.1\tedo.dll => "C:\PROGRA~3\{DC703~1\1170~1.1\tedo.dll" File not found
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Champs.2015.HDRip.XViD-juggs[ETRG].lnk [2015-03-31]
ShortcutTarget: Champs.2015.HDRip.XViD-juggs[ETRG].lnk -> C:\ProgramData\{14d215c9-2b26-e2f1-14d2-215c92b25724}\Champs.2015.HDRip.XViD-juggs[ETRG].exe (No File)
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk [2015-05-05]
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}\hqghumeaylnlf.exe (No File)
Startup: C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.lnk [2015-04-13]
ShortcutTarget: Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.lnk -> C:\ProgramData\{a69497bb-3c58-16c2-a694-497bb3c55eec}\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2015-05-24 16:14 - 2015-05-24 16:14 - 00002998 _____ () C:\Windows\System32\Tasks\{49D61FB6-47AE-4E2C-99AF-646F5D49E052}
2015-05-24 16:13 - 2015-05-24 16:13 - 00002998 _____ () C:\Windows\System32\Tasks\{43ABFCDF-4A53-451C-B44C-05EE154A6A98}
2015-05-24 15:48 - 2015-05-24 15:48 - 00003216 _____ () C:\Windows\System32\Tasks\{30414C1D-A7B5-4977-B2F6-E4EC87D9F35D}
2015-05-24 15:34 - 2015-05-24 15:34 - 00003218 _____ () C:\Windows\System32\Tasks\{ADFAB84C-ADC3-4C25-B054-131242659405}
2015-05-05 22:17 - 2015-05-05 22:17 - 00000000 ____D () C:\Users\Eric York\AppData\Roaming\Optimizer Pro
2015-05-05 20:34 - 2015-05-05 20:34 - 06512600 _____ (383 Media, Inc.) C:\Users\Eric York\Downloads\DriverRestore.exe
2015-05-05 20:31 - 2015-05-05 20:31 - 05379408 _____ () C:\Users\Eric York\Downloads\ip2600svst215ej.exe
2015-04-27 17:31 - 2015-04-21 18:29 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-03-18 08:01 - 2015-03-18 08:01 - 0000000 _____ () C:\Users\Eric York\AppData\Local\{92E43EF1-04D3-4EE8-A6DE-9EBB2E894B8E}
2014-12-29 14:18 - 2014-12-29 14:18 - 0000000 _____ () C:\Users\Eric York\AppData\Local\{BFC38138-B67E-4E96-A540-B012DB2974B7}
C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************
 
Restore point was successfully created.
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UpdateAdmin => value Removed successfully
"HKU\S-1-5-21-2877554017-1696531486-103451963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9959f192-f45a-11e4-a3eb-d4856411a8ff}" => key Removed successfully
HKCR\CLSID\{9959f192-f45a-11e4-a3eb-d4856411a8ff} => key not found. 
"C:\PROGRA~3\{DC703~1\1170~1.1\tedo.dll" => value data Removed successfully.
C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Champs.2015.HDRip.XViD-juggs[ETRG].lnk => Moved successfully.
C:\ProgramData\{14d215c9-2b26-e2f1-14d2-215c92b25724}\Champs.2015.HDRip.XViD-juggs[ETRG].exe not found.
C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk => Moved successfully.
C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}\hqghumeaylnlf.exe not found.
C:\Users\Eric York\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.lnk => Moved successfully.
C:\ProgramData\{a69497bb-3c58-16c2-a694-497bb3c55eec}\Paddington 2014 MKV 1080p DD5.1 NedSubs TBS.exe not found.
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
C:\Windows\System32\Tasks\{49D61FB6-47AE-4E2C-99AF-646F5D49E052} => Moved successfully.
C:\Windows\System32\Tasks\{43ABFCDF-4A53-451C-B44C-05EE154A6A98} => Moved successfully.
C:\Windows\System32\Tasks\{30414C1D-A7B5-4977-B2F6-E4EC87D9F35D} => Moved successfully.
C:\Windows\System32\Tasks\{ADFAB84C-ADC3-4C25-B054-131242659405} => Moved successfully.
C:\Users\Eric York\AppData\Roaming\Optimizer Pro => Moved successfully.
C:\Users\Eric York\Downloads\DriverRestore.exe => Moved successfully.
C:\Users\Eric York\Downloads\ip2600svst215ej.exe => Moved successfully.
C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6} => Moved successfully.
C:\Users\Eric York\AppData\Local\{92E43EF1-04D3-4EE8-A6DE-9EBB2E894B8E} => Moved successfully.
C:\Users\Eric York\AppData\Local\{BFC38138-B67E-4E96-A540-B012DB2974B7} => Moved successfully.
"C:\ProgramData\{e5045fa1-7bf3-a0d0-e504-45fa17bf7e85}" => File/Folder not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-2877554017-1696531486-103451963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {5C59D9C1-E9A6-4393-B628-384D791DE632}.
Unable to cancel {E7D31C73-BE35-45D2-B20D-EF7C33E074E4}.
{6EBB470D-CCB4-44FB-B41A-EE91258A7AE2} canceled.
{4B942A01-F824-47DE-BD5D-0FAB2B84E18B} canceled.
2 out of 4 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 6.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 12:34:39 ====
 
 
 
ComboFix 15-05-28.01 - Eric York 05/29/2015  13:49:07.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.5119.3592 [GMT -4:00]
Running from: c:\users\Eric York\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2015-04-28 to 2015-05-29  )))))))))))))))))))))))))))))))
.
.
2015-05-29 17:52 . 2015-05-29 17:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-05-29 17:25 . 2015-05-29 17:25 -------- d-----w- c:\programdata\AVAST Software
2015-05-29 14:15 . 2015-05-29 14:15 0 ---ha-w- c:\users\Eric York\AppData\Local\BITE703.tmp
2015-05-27 03:00 . 2015-05-27 03:07 -------- d-----w- C:\AdwCleaner
2015-05-25 06:07 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-25 06:07 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-24 21:11 . 2015-05-29 16:37 -------- d-----w- C:\FRST
2015-05-24 16:29 . 2015-05-26 15:41 24 ----a-w- c:\users\Eric York\AppData\Roaming\appdataFr25.bin
2015-05-24 15:29 . 2015-04-13 03:28 328704 ----a-w- c:\windows\system32\services.exe
2015-05-24 15:27 . 2015-03-04 04:41 6656 ----a-w- c:\windows\system32\shimeng.dll
2015-05-24 15:27 . 2015-03-04 04:41 72192 ----a-w- c:\windows\system32\aelupsvc.dll
2015-05-24 15:27 . 2015-03-04 04:41 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-05-24 15:27 . 2015-03-04 04:41 23552 ----a-w- c:\windows\system32\sdbinst.exe
2015-05-24 15:27 . 2015-03-04 04:11 5120 ----a-w- c:\windows\SysWow64\shimeng.dll
2015-05-24 15:27 . 2015-03-04 04:10 295936 ----a-w- c:\windows\SysWow64\apphelp.dll
2015-05-24 15:27 . 2015-03-04 04:10 20992 ----a-w- c:\windows\SysWow64\sdbinst.exe
2015-05-06 03:17 . 2015-05-06 03:17 -------- d-----w- c:\users\Eric York\AppData\Local\iConvertor
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-25 06:09 . 2014-12-10 20:20 140425016 ----a-w- c:\windows\system32\MRT.exe
2015-05-24 15:09 . 2015-04-10 20:13 20 ----a-w- c:\users\Eric York\AppData\Roaming\appdataFr3.bin
2015-03-25 03:24 . 2015-04-15 12:32 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 12:32 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 12:32 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 12:32 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 12:32 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 12:32 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 12:32 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 12:32 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 12:32 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 12:32 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 12:32 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 12:32 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 12:32 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 12:32 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 12:32 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 12:32 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 12:32 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 12:32 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 12:32 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 12:32 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 12:32 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 12:32 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 12:32 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 12:32 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-17 05:22 . 2015-04-15 12:32 5557696 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 05:19 . 2015-04-15 12:32 1727904 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 05:17 . 2015-04-15 12:32 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-03-17 05:17 . 2015-04-15 12:32 243712 ----a-w- c:\windows\system32\wow64.dll
2015-03-17 05:17 . 2015-04-15 12:32 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-03-17 05:16 . 2015-04-15 12:32 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-03-17 05:16 . 2015-04-15 12:32 503808 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 05:16 . 2015-04-15 12:32 50176 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 05:16 . 2015-04-15 12:32 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-03-17 05:16 . 2015-04-15 12:32 424448 ----a-w- c:\windows\system32\KernelBase.dll
2015-03-17 05:16 . 2015-04-15 12:32 1163264 ----a-w- c:\windows\system32\kernel32.dll
2015-03-17 05:16 . 2015-04-15 12:32 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-17 05:16 . 2015-04-15 12:32 112640 ----a-w- c:\windows\system32\smss.exe
2015-03-17 05:16 . 2015-04-15 12:32 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-03-17 05:15 . 2015-04-15 12:32 338432 ----a-w- c:\windows\system32\conhost.exe
2015-03-17 05:11 . 2015-04-15 12:32 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-17 05:11 . 2015-04-15 12:32 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-03-17 05:11 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-03-17 05:01 . 2015-04-15 12:32 3976632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-03-17 05:01 . 2015-04-15 12:32 3920824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-03-17 04:59 . 2015-04-15 12:32 1309696 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-03-17 04:57 . 2015-04-15 12:32 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-03-17 04:57 . 2015-04-15 12:32 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2015-03-17 04:56 . 2015-04-15 12:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-17 04:56 . 2015-04-15 12:32 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2015-03-17 04:56 . 2015-04-15 12:32 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2015-03-17 04:56 . 2015-04-15 12:32 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2015-03-17 04:50 . 2015-04-15 12:32 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2015-03-17 04:50 . 2015-04-15 12:32 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-03-17 04:50 . 2015-04-15 12:32 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-05-15 2888384]
"Akamai NetSession Interface"="c:\users\Eric York\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-30 642304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-12-18 508800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"RequireSignedAppInit_DLLs"=0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
COMBOFIX
 
 
 
*NewlyCreated* - LVZOMQSS
*Deregistered* - lvzomqss
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-27 02:50 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27 02:50]
.
2015-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-05-27 02:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"myradioplayer Tray"="c:\program files (x86)\myradioplayer\myradioplayerTray.exe" [BU]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-05-29  13:53:28
ComboFix-quarantined-files.txt  2015-05-29 17:53
ComboFix2.txt  2015-05-29 17:35
.
Pre-Run: 1,779,280,224,256 bytes free
Post-Run: 1,779,212,296,192 bytes free
.
- - End Of File - - C5F14E2ECA5A5C4F32770A7D6FCE5C46
A36C5E4F47E84449FF07ED3517B43A31
 
 
 
 

  • 0

#9
amymac43

amymac43

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

i will now finish downloading avast and go online to test how it runs today.  will definitely let you know if I find any kinks!


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Good idea :) as they used to say when I was teaching monkey see, monkey do. A demonstration is worth a thousand words :)

As you are getting Avast here are a few tips on how to optimally set it up. Once done let me know how the computer is behaving

Download Avast - direct link Avast 2015

Select Custom install
Remove the ticks from the first page for the following unless you want them :
avastchrome.JPG
Dropbox
Chrome
Chrome toolbar


Select Next
Deselect the following from the middle column as you will not need them :
avasttools.JPG
SecureLine
Grimefighter


Select Continue and allow the programme to install

Be aware that the first reboot may take a few minutes as Avast builds the virtual machine

Avast will need to be registered as this helps them determine the server load, as updates are downloaded in small bursts every few minutes each is about 2Kb

How to register

Right click the Avast orange blob on the task bar
Select registration
Select Standard Protection
avast%20register1.JPG
Fill in your e-mail address
avast%20register2.JPG
Click register with e-mail address and you are done
Once registered open Avast
Go to Settings > General
Place a tick in "Scan for Potentially Unwanted Programmes (PUP's) "
Place a tick in "Silent /Gaming mode"
pups.JPG
  • 0

#11
amymac43

amymac43

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts

Well there it is!  So nice to surf the internet and be at the same speed when your done as when you started....no bogging down at all.  thank you for all your help!!  Now Eric will see avast is actually making the pc faster because it keeps it from bogging and clogging!  


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
And we all need a happy Eric in our lives :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP