Jump to content

Can't download; "The setup files are corrupted. Please obtain a new copy of the program"


Recommended Posts

Hi, I'd searched for solutions to this, and the consensus seems to be to download one of several softwares and scan, then report the results. I'd used the Farbar Recovery Scan Tool and here are the results;

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Kiel (administrator) on AWESOMEPC on 16-07-2014 23:11:04
Running from C:\Users\Kiel\Favorites\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3\sbmrwsyodt64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\005\mtgaotushb64.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Kiel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation                                    ) C:\Users\Kiel\Favorites\Downloads\mbam-setup-2.0.2.1012.exe
() C:\Users\Kiel\Favorites\Downloads\AdwCleaner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Kiel\Favorites\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [btPreLoad] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe [64640 2012-12-28] ()
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [454160 2012-11-30] (McAfee, Inc.)
HKLM-x32\...\Run: [fst_gb_67] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-16] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [129664 2012-12-28] ( (Qualcomm Atheros Commnucations))
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-640586316-2709580095-5358506-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
Startup: C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kiel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
SearchScopes: HKLM - DefaultScope {14396506-03B1-43A7-B28A-8F96F5525DF8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM - {14396506-03B1-43A7-B28A-8F96F5525DF8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {14396506-03B1-43A7-B28A-8F96F5525DF8} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MDDCJS
SearchScopes: HKCU - {14396506-03B1-43A7-B28A-8F96F5525DF8} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-06-18]
 
Chrome: 
=======
CHR HomePage: hxxp://intranet/
CHR DefaultSearchKeyword: google.co.uk
CHR Extension: (Google Drive) - C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-16]
CHR Extension: (YouTube) - C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16]
CHR Extension: (Google Search) - C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16]
CHR Extension: (AdBlock) - C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-16]
CHR Extension: (avast! Online Security) - C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-07-16]
CHR Extension: (Google Wallet) - C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-16]
CHR Extension: (Gmail) - C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-16]
 
==================== Services (Whitelisted) =================
 
R2 AllDaySavingsService64; C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3\sbmrwsyodt64.exe [172544 2014-07-10] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [226944 2012-12-28] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-16] (AVAST Software)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [125440 2013-04-30] (Dell Inc.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [334760 2012-12-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [388240 2012-11-24] (McAfee, Inc.)
R2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-09] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2012-11-09] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-11-30] (McAfee, Inc.)
R2 mtgaotushb64; C:\Program Files\005\mtgaotushb64.exe [709120 2014-07-16] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-11-26] (SoftThinks SAS)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-06-18] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-16] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-16] ()
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-28] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-09] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-09] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69168 2012-11-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-09] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-09] (McAfee, Inc.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-10] (NetFilterSDK.com)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [28040 2012-12-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [32136 2012-12-21] (Synaptics Incorporated)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-16 23:11 - 2014-07-16 23:11 - 00000000 ____D () C:\FRST
2014-07-16 23:08 - 2014-07-16 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-16 23:07 - 2014-07-16 23:07 - 00004032 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-16 23:07 - 2014-07-16 23:07 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-07-16 23:07 - 2014-07-16 23:07 - 00003220 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-07-16 23:04 - 2014-07-16 23:04 - 00000000 ___RD () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-16 22:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-16 22:53 - 2014-07-16 23:00 - 00000000 ____D () C:\AdwCleaner
2014-07-16 21:03 - 2014-07-16 21:40 - 00001072 _____ () C:\Users\postgres\Desktop\PokerTracker 4.lnk
2014-07-16 21:03 - 2014-07-16 21:40 - 00001072 _____ () C:\Users\Kiel\Desktop\PokerTracker 4.lnk
2014-07-16 21:03 - 2014-07-16 21:40 - 00001072 _____ () C:\Users\Administrator\Desktop\PokerTracker 4.lnk
2014-07-16 21:03 - 2014-07-16 21:03 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 4
2014-07-16 21:03 - 2014-07-16 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTracker 4
2014-07-16 21:02 - 2014-07-16 21:03 - 00000000 ____D () C:\Program Files (x86)\PokerTracker 4
2014-07-16 20:57 - 2014-07-16 20:57 - 00000000 ____D () C:\Users\Kiel\AppData\Local\CrashDumps
2014-07-16 20:28 - 2014-07-16 23:09 - 00003590 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-640586316-2709580095-5358506-1001
2014-07-16 20:01 - 2014-07-16 20:42 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Riot Games
2014-07-16 19:47 - 2014-07-16 19:47 - 00003220 _____ () C:\Windows\System32\Tasks\{83D5569B-4480-4C50-BAAA-543F82098A56}
2014-07-16 19:36 - 2014-07-16 19:43 - 00000978 _____ () C:\Users\Kiel\Desktop\Dropbox.lnk
2014-07-16 19:34 - 2014-07-16 23:04 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\DropboxMaster
2014-07-16 19:34 - 2014-07-16 19:43 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-16 19:28 - 2014-07-16 23:05 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Dropbox
2014-07-16 19:27 - 2014-07-16 19:27 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 19:27 - 2014-07-16 19:27 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\AVAST Software
2014-07-16 19:27 - 2014-07-16 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-16 19:26 - 2014-07-16 19:26 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 19:26 - 2014-07-16 19:26 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-16 19:26 - 2014-07-16 19:25 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-16 19:26 - 2014-07-16 19:25 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 19:26 - 2014-07-16 19:25 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 19:26 - 2014-07-16 19:25 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-16 19:26 - 2014-07-16 19:25 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-16 19:26 - 2014-07-16 19:25 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 19:26 - 2014-07-16 19:25 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 19:26 - 2014-07-16 19:25 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 19:25 - 2014-07-16 19:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 19:23 - 2014-07-16 19:23 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-16 19:22 - 2014-07-16 19:23 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-16 19:19 - 2014-07-16 22:21 - 00000000 ____D () C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3
2014-07-16 19:19 - 2014-07-16 21:53 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-07-16 19:18 - 2014-07-16 19:18 - 00002253 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 19:18 - 2014-07-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-16 19:17 - 2014-07-16 22:29 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 19:17 - 2014-07-16 19:24 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-16 19:17 - 2014-07-16 19:17 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-16 19:17 - 2014-07-16 19:17 - 00000000 ____D () C:\Users\Kiel\AppData\Local\Local_Weather_LLC
2014-07-16 19:16 - 2014-07-16 23:04 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 19:16 - 2014-07-16 19:24 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-16 19:16 - 2014-07-16 19:18 - 00000000 ____D () C:\Program Files\005
2014-07-16 19:16 - 2014-07-16 19:17 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-16 19:16 - 2014-07-16 19:16 - 00000000 ____D () C:\Users\Kiel\AppData\Local\Google
2014-07-16 19:14 - 2014-07-16 19:14 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Intel Corporation
2014-07-16 19:13 - 2014-07-16 19:13 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Atheros
2014-07-16 19:13 - 2014-07-16 19:13 - 00000000 ____D () C:\Users\Kiel\AppData\Local\softthinks
2014-07-16 19:13 - 2014-07-16 19:13 - 00000000 ____D () C:\Users\Kiel\AppData\Local\BMExplorer
2014-07-16 19:12 - 2014-07-16 19:12 - 00015082 _____ () C:\Users\Kiel\Desktop\Removed Apps.html
2014-07-16 19:12 - 2014-07-16 19:12 - 00001428 _____ () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-16 19:12 - 2014-07-16 19:12 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Macromedia
2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Leadertech
2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Adobe
2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\Users\Kiel\AppData\Local\Power2Go8
2014-07-16 19:08 - 2014-07-16 19:08 - 00000000 ____D () C:\Users\Kiel\AppData\Local\VirtualStore
2014-07-16 19:07 - 2014-07-16 19:07 - 00000020 ___SH () C:\Users\Kiel\ntuser.ini
2014-07-16 18:14 - 2014-07-16 18:14 - 00003425 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-07-16 18:13 - 2014-07-16 19:12 - 00000000 ____D () C:\Users\Kiel
2014-07-16 18:13 - 2014-07-16 18:13 - 00032388 _____ () C:\Windows\diagwrn.xml
2014-07-16 18:13 - 2014-07-16 18:13 - 00032388 _____ () C:\Windows\diagerr.xml
2014-07-16 18:13 - 2014-07-16 18:13 - 00000000 ____D () C:\Users\postgres
2014-07-16 18:13 - 2014-07-16 18:13 - 00000000 ____D () C:\Users\.NET v4.5 Classic
2014-07-16 18:13 - 2014-07-16 18:13 - 00000000 ____D () C:\Users\.NET v4.5
2014-07-16 18:13 - 2013-06-18 23:35 - 00000000 ___RD () C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-16 18:13 - 2013-06-18 23:35 - 00000000 ___RD () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-16 18:13 - 2013-06-18 23:35 - 00000000 ___RD () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-16 18:13 - 2013-06-18 23:35 - 00000000 ___RD () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-16 18:13 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-16 18:13 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-16 18:13 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-16 18:13 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-16 18:13 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-16 18:13 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-16 18:13 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-16 18:13 - 2012-07-26 09:13 - 00000000 ___RD () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-16 18:13 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-16 18:13 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-16 18:13 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\.NET v4.5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-16 18:13 - 2012-07-26 09:13 - 00000000 ____D () C:\Users\.NET v4.5 Classic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-16 18:11 - 2014-07-16 18:11 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-07-16 18:11 - 2014-07-16 18:11 - 00000000 ____D () C:\Windows.old
2014-07-16 17:51 - 2014-07-16 17:51 - 00000000 ___HD () C:\$SysReset
2014-07-10 20:40 - 2014-07-10 20:40 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-07-08 14:42 - 2014-07-08 14:42 - 00000000 ____D () C:\Users\Public\Documents\LDC Driving Test Complete
 
==================== One Month Modified Files and Folders =======
 
2014-07-16 23:11 - 2014-07-16 23:11 - 00000000 ____D () C:\FRST
2014-07-16 23:11 - 2013-06-18 23:32 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2014-07-16 23:09 - 2014-07-16 20:28 - 00003590 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-640586316-2709580095-5358506-1001
2014-07-16 23:08 - 2014-07-16 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-07-16 23:07 - 2014-07-16 23:07 - 00004032 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-07-16 23:07 - 2014-07-16 23:07 - 00003488 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-07-16 23:07 - 2014-07-16 23:07 - 00003220 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-07-16 23:07 - 2012-07-26 08:28 - 00850046 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 23:06 - 2013-06-18 23:25 - 00000000 ____D () C:\ProgramData\PCDr
2014-07-16 23:05 - 2014-07-16 19:28 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Dropbox
2014-07-16 23:05 - 2013-10-11 00:25 - 00000000 ___RD () C:\Users\Kiel\Dropbox
2014-07-16 23:04 - 2014-07-16 23:04 - 00000000 ___RD () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-07-16 23:04 - 2014-07-16 19:34 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\DropboxMaster
2014-07-16 23:04 - 2014-07-16 19:16 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 23:03 - 2013-06-18 23:36 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-16 23:03 - 2012-07-26 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 23:02 - 2013-06-18 22:48 - 00291288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-16 23:02 - 2013-06-18 22:48 - 00002608 _____ () C:\Windows\PFRO.log
2014-07-16 23:01 - 2013-06-18 23:01 - 01811466 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 23:01 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\sru
2014-07-16 23:00 - 2014-07-16 22:53 - 00000000 ____D () C:\AdwCleaner
2014-07-16 22:29 - 2014-07-16 19:17 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 22:21 - 2014-07-16 19:19 - 00000000 ____D () C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3
2014-07-16 21:53 - 2014-07-16 19:19 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-07-16 21:40 - 2014-07-16 21:03 - 00001072 _____ () C:\Users\postgres\Desktop\PokerTracker 4.lnk
2014-07-16 21:40 - 2014-07-16 21:03 - 00001072 _____ () C:\Users\Kiel\Desktop\PokerTracker 4.lnk
2014-07-16 21:40 - 2014-07-16 21:03 - 00001072 _____ () C:\Users\Administrator\Desktop\PokerTracker 4.lnk
2014-07-16 21:19 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-07-16 21:05 - 2012-07-26 08:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-16 21:03 - 2014-07-16 21:03 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 4
2014-07-16 21:03 - 2014-07-16 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTracker 4
2014-07-16 21:03 - 2014-07-16 21:02 - 00000000 ____D () C:\Program Files (x86)\PokerTracker 4
2014-07-16 20:57 - 2014-07-16 20:57 - 00000000 ____D () C:\Users\Kiel\AppData\Local\CrashDumps
2014-07-16 20:42 - 2014-07-16 20:01 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Riot Games
2014-07-16 20:31 - 2013-06-18 23:36 - 00000000 ____D () C:\ProgramData\McAfee
2014-07-16 19:47 - 2014-07-16 19:47 - 00003220 _____ () C:\Windows\System32\Tasks\{83D5569B-4480-4C50-BAAA-543F82098A56}
2014-07-16 19:43 - 2014-07-16 19:36 - 00000978 _____ () C:\Users\Kiel\Desktop\Dropbox.lnk
2014-07-16 19:43 - 2014-07-16 19:34 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-16 19:27 - 2014-07-16 19:27 - 00001968 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-16 19:27 - 2014-07-16 19:27 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\AVAST Software
2014-07-16 19:27 - 2014-07-16 19:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-16 19:26 - 2014-07-16 19:26 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-16 19:26 - 2014-07-16 19:26 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-16 19:25 - 2014-07-16 19:26 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-16 19:25 - 2014-07-16 19:26 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-16 19:25 - 2014-07-16 19:26 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-16 19:25 - 2014-07-16 19:26 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-16 19:25 - 2014-07-16 19:26 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-16 19:25 - 2014-07-16 19:26 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-16 19:25 - 2014-07-16 19:26 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-16 19:25 - 2014-07-16 19:26 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-16 19:25 - 2014-07-16 19:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-16 19:24 - 2014-07-16 19:17 - 00003886 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-16 19:24 - 2014-07-16 19:16 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-16 19:23 - 2014-07-16 19:23 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-16 19:23 - 2014-07-16 19:22 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-16 19:18 - 2014-07-16 19:18 - 00002253 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 19:18 - 2014-07-16 19:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-16 19:18 - 2014-07-16 19:16 - 00000000 ____D () C:\Program Files\005
2014-07-16 19:17 - 2014-07-16 19:17 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weather Alerts
2014-07-16 19:17 - 2014-07-16 19:17 - 00000000 ____D () C:\Users\Kiel\AppData\Local\Local_Weather_LLC
2014-07-16 19:17 - 2014-07-16 19:16 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-16 19:16 - 2014-07-16 19:16 - 00000000 ____D () C:\Users\Kiel\AppData\Local\Google
2014-07-16 19:14 - 2014-07-16 19:14 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Intel Corporation
2014-07-16 19:13 - 2014-07-16 19:13 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Atheros
2014-07-16 19:13 - 2014-07-16 19:13 - 00000000 ____D () C:\Users\Kiel\AppData\Local\softthinks
2014-07-16 19:13 - 2014-07-16 19:13 - 00000000 ____D () C:\Users\Kiel\AppData\Local\BMExplorer
2014-07-16 19:13 - 2013-10-03 09:25 - 00000000 ____D () C:\Users\Kiel\Documents\Bluetooth Folder
2014-07-16 19:13 - 2013-06-18 23:49 - 00000000 ____D () C:\ProgramData\Atheros
2014-07-16 19:12 - 2014-07-16 19:12 - 00015082 _____ () C:\Users\Kiel\Desktop\Removed Apps.html
2014-07-16 19:12 - 2014-07-16 19:12 - 00001428 _____ () C:\Users\Kiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-16 19:12 - 2014-07-16 19:12 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-07-16 19:12 - 2014-07-16 18:13 - 00000000 ____D () C:\Users\Kiel
2014-07-16 19:12 - 2013-10-02 11:50 - 00000000 ____D () C:\Users\Kiel\AppData\Local\Packages
2014-07-16 19:12 - 2013-06-18 23:43 - 00000000 ____D () C:\ProgramData\PRICache
2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Macromedia
2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Leadertech
2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\Users\Kiel\AppData\Roaming\Adobe
2014-07-16 19:10 - 2014-07-16 19:10 - 00000000 ____D () C:\Users\Kiel\AppData\Local\Power2Go8
2014-07-16 19:10 - 2012-07-26 06:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-16 19:08 - 2014-07-16 19:08 - 00000000 ____D () C:\Users\Kiel\AppData\Local\VirtualStore
2014-07-16 19:07 - 2014-07-16 19:07 - 00000020 ___SH () C:\Users\Kiel\ntuser.ini
2014-07-16 19:07 - 2012-07-26 09:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-07-16 19:07 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\WinStore
2014-07-16 18:14 - 2014-07-16 18:14 - 00003425 _____ () C:\Users\Administrator\AppData\Local\Application.xml
2014-07-16 18:14 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\system32\Recovery
2014-07-16 18:14 - 2012-07-26 09:12 - 00000000 ____D () C:\Windows\rescache
2014-07-16 18:13 - 2014-07-16 18:13 - 00032388 _____ () C:\Windows\diagwrn.xml
2014-07-16 18:13 - 2014-07-16 18:13 - 00032388 _____ () C:\Windows\diagerr.xml
2014-07-16 18:13 - 2014-07-16 18:13 - 00000000 ____D () C:\Users\postgres
2014-07-16 18:13 - 2014-07-16 18:13 - 00000000 ____D () C:\Users\.NET v4.5 Classic
2014-07-16 18:13 - 2014-07-16 18:13 - 00000000 ____D () C:\Users\.NET v4.5
2014-07-16 18:13 - 2013-06-18 22:33 - 00000000 ____D () C:\Windows\Panther
2014-07-16 18:13 - 2012-07-26 09:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-16 18:13 - 2012-07-26 08:21 - 00020531 _____ () C:\Windows\setupact.log
2014-07-16 18:12 - 2012-07-26 06:37 - 00000000 __RHD () C:\Users\Default
2014-07-16 18:11 - 2014-07-16 18:11 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-07-16 18:11 - 2014-07-16 18:11 - 00000000 ____D () C:\Windows.old
2014-07-16 18:11 - 2012-07-26 09:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-07-16 17:51 - 2014-07-16 17:51 - 00000000 ___HD () C:\$SysReset
2014-07-10 20:40 - 2014-07-10 20:40 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys
2014-07-08 14:42 - 2014-07-08 14:42 - 00000000 ____D () C:\Users\Public\Documents\LDC Driving Test Complete
 
Some content of TEMP:
====================
C:\Users\Kiel\AppData\Local\Temp\BackupSetup.exe
C:\Users\Kiel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpembq7j.dll
C:\Users\Kiel\AppData\Local\Temp\nsv1EEF.tmp.exe
C:\Users\Kiel\AppData\Local\Temp\Quarantine.exe
C:\Users\Kiel\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2013-06-18 22:48
 
==================== End Of Log ============================
 
 
 
 
Addition:
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by Kiel at 2014-07-16 23:12:47
Running from C:\Users\Kiel\Favorites\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.6 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.6 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{4B3230C5-F069-416B-9169-1B84A216ED6A}) (Version: 2.5.1400.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.125 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 16.3.7.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{713A4123-9417-4FF7-AC14-F000D6C0C7AD}) (Version: 0.9.1115.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DesktopWeatherAlerts (HKCU\...\DesktopWeatherAlerts) (Version: 1.0.29.0 - Local Weather LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 3.2.6032.125 - PC-Doctor, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.1.282 - McAfee, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version:  - )
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.218 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.018 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6788 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
05-07-2014 11:11:13 Windows Update
09-07-2014 14:24:09 Windows Update
12-07-2014 22:42:46 Windows Update
16-07-2014 18:22:28 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {02255E38-4775-41AC-8D0A-D4BB1137F4A9} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-12-21] (Synaptics Incorporated)
Task: {03557455-9A23-43EC-99B7-7B75C1EDB9A9} - System32\Tasks\Microsoft\Windows\SysResetDelayedCleanup => Rundll32.exe ResetEng.dll,RjvDelayedCleanupEntryPoint
Task: {0B0D46D9-AE3F-4F45-910C-511264516177} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {479B0EF8-C412-4452-A20E-AF121766D778} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-16] (AVAST Software)
Task: {493AC1C3-EAC9-437A-89E6-B12CF9C61493} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {49FB90F0-A527-4B1F-9C3B-14997704387E} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2013-02-14] (PC-Doctor, Inc.)
Task: {52FB532F-FA54-4A05-9640-41EA1918C3F1} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {682760DB-C180-4940-956B-5121AB4AE5D3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6C05D9AC-5861-4362-BDB5-EAF400502211} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {95A25181-4D22-4751-8B5C-246EB4BA35B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-16] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\system32\dism.exe [2012-07-26] (Microsoft Corporation)
Task: {C58FD8C6-B806-457B-A93B-E9305C404C2C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2013-02-14] (PC-Doctor, Inc.)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8E9F306-F34A-402E-A5B7-FB560F72E779} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-10 20:40 - 2014-07-10 20:40 - 00172544 _____ () C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3\sbmrwsyodt64.exe
2014-07-10 20:40 - 2014-07-10 20:40 - 00110080 _____ () C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3\nfapi.dll
2014-07-10 20:40 - 2014-07-10 20:40 - 00456192 _____ () C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3\ProtocolFilters.dll
2014-07-16 19:18 - 2014-07-16 19:18 - 00709120 _____ () C:\Program Files\005\mtgaotushb64.exe
2013-06-18 23:30 - 2012-04-25 03:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-12-28 21:39 - 2012-12-28 21:39 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-12-28 21:36 - 2012-12-28 21:36 - 00084480 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2012-12-28 21:41 - 2012-12-28 21:41 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2013-06-18 22:54 - 2012-10-16 11:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-28 21:42 - 2012-12-28 21:42 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2014-07-16 22:51 - 2014-07-16 22:52 - 01348263 _____ () C:\Users\Kiel\Favorites\Downloads\AdwCleaner.exe
2014-07-16 19:25 - 2014-07-16 19:25 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-16 21:46 - 2014-07-16 21:46 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14071601\algo.dll
2014-07-16 19:18 - 2014-06-05 14:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-07-16 19:18 - 2014-06-05 14:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-16 19:18 - 2014-06-05 14:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-07-16 19:18 - 2014-06-05 14:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-07-16 19:18 - 2014-06-05 14:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-16 23:04 - 2014-07-16 23:04 - 00043008 _____ () c:\users\kiel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpembq7j.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Kiel\AppData\Roaming\Dropbox\bin\libcef.dll
2014-07-16 19:25 - 2014-07-16 19:25 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-06-18 23:28 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 19:34 - 2012-06-08 19:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-06-18 23:20 - 2013-06-18 23:20 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\24c8a4a6a5dca5afc698a24a1891dfda\PSIClient.ni.dll
2013-06-18 23:19 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-07-16 19:54 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/16/2014 11:05:07 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (07/16/2014 11:05:06 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (07/16/2014 11:01:30 PM) (Source: AVLogEvent) (EventID: 5003) (User: NT AUTHORITY)
Description: McShield encountered error while stopping.
Error Code:a7f40610
 
Error: (07/16/2014 10:50:32 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (07/16/2014 08:56:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LeagueOfLegendsBaseEUW.exe, version: 16.0.0.400, time stamp: 0x4ab84bb7
Faulting module name: LeagueOfLegendsBaseEUW.exe, version: 16.0.0.400, time stamp: 0x4ab84bb7
Exception code: 0xc0000005
Fault offset: 0x0003c221
Faulting process id: 0x1a20
Faulting application start time: 0xLeagueOfLegendsBaseEUW.exe0
Faulting application path: LeagueOfLegendsBaseEUW.exe1
Faulting module path: LeagueOfLegendsBaseEUW.exe2
Report Id: LeagueOfLegendsBaseEUW.exe3
Faulting package full name: LeagueOfLegendsBaseEUW.exe4
Faulting package-relative application ID: LeagueOfLegendsBaseEUW.exe5
 
Error: (07/16/2014 08:42:45 PM) (Source: MsiInstaller) (EventID: 1013) (User: AwesomePC)
Description: Product: League of Legends -- Failed to launch file: C:\Users\Kiel\AppData\Roaming\Riot Games\League of Legends\prerequisites\vcredist_x64.exe Error: 216
 
Error: (07/16/2014 08:42:45 PM) (Source: MsiInstaller) (EventID: 1013) (User: AwesomePC)
Description: Product: League of Legends -- Failed to launch file: C:\Users\Kiel\AppData\Roaming\Riot Games\League of Legends\prerequisites\PMBInst.exe Error: 216
 
Error: (07/16/2014 08:23:20 PM) (Source: MsiInstaller) (EventID: 10005) (User: AwesomePC)
Description: Product: League of Legends -- Error 4153. Visual C++ 2005 SP1 Redistributable (x64) mandatory prerequisite was not correctly installed.
 
Error: (07/16/2014 08:22:55 PM) (Source: MsiInstaller) (EventID: 1013) (User: AwesomePC)
Description: Product: League of Legends -- Failed to launch file: C:\Users\Kiel\AppData\Roaming\Riot Games\League of Legends\prerequisites\vcredist_x64.exe Error: 216
 
Error: (07/16/2014 08:22:53 PM) (Source: MsiInstaller) (EventID: 1013) (User: AwesomePC)
Description: Product: League of Legends -- Failed to launch file: C:\Users\Kiel\AppData\Roaming\Riot Games\League of Legends\prerequisites\PMBInst.exe Error: 216
 
 
System errors:
=============
Error: (07/16/2014 11:02:13 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (07/16/2014 10:13:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (07/16/2014 08:20:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (07/16/2014 07:26:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswSP service failed to start due to the following error: 
%%5
 
Error: (07/16/2014 07:26:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! EmHWID service failed to start due to the following error: 
%%127
 
Error: (07/16/2014 07:18:52 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error: 
%%1056
 
Error: (07/16/2014 07:16:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (07/16/2014 07:09:48 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {209500FC-6B45-4693-8871-6296C4843751}
 
Error: (07/16/2014 07:08:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (07/16/2014 06:18:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.
 
 
Microsoft Office Sessions:
=========================
Error: (07/16/2014 11:05:07 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Kiel\Favorites\Downloads\FRST64.exeC:\Users\Kiel\Favorites\Downloads\FRST64.exe0
 
Error: (07/16/2014 11:05:06 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Kiel\Favorites\Downloads\FRST64.exeC:\Users\Kiel\Favorites\Downloads\FRST64.exe0
 
Error: (07/16/2014 11:01:30 PM) (Source: AVLogEvent) (EventID: 5003) (User: NT AUTHORITY)
Description: a7f40610
 
Error: (07/16/2014 10:50:32 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\Kiel\Favorites\Downloads\FRST64.exeC:\Users\Kiel\Favorites\Downloads\FRST64.exe0
 
Error: (07/16/2014 08:56:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: LeagueOfLegendsBaseEUW.exe16.0.0.4004ab84bb7LeagueOfLegendsBaseEUW.exe16.0.0.4004ab84bb7c00000050003c2211a2001cfa13014575f9cC:\Users\Kiel\Favorites\Downloads\LeagueOfLegendsBaseEUW.exeC:\Users\Kiel\Favorites\Downloads\LeagueOfLegendsBaseEUW.exe57f8d417-0d23-11e4-be6c-bc8556793e2c
 
Error: (07/16/2014 08:42:45 PM) (Source: MsiInstaller) (EventID: 1013) (User: AwesomePC)
Description: Product: League of Legends -- Failed to launch file: C:\Users\Kiel\AppData\Roaming\Riot Games\League of Legends\prerequisites\vcredist_x64.exe Error: 216(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (07/16/2014 08:42:45 PM) (Source: MsiInstaller) (EventID: 1013) (User: AwesomePC)
Description: Product: League of Legends -- Failed to launch file: C:\Users\Kiel\AppData\Roaming\Riot Games\League of Legends\prerequisites\PMBInst.exe Error: 216(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (07/16/2014 08:23:20 PM) (Source: MsiInstaller) (EventID: 10005) (User: AwesomePC)
Description: Product: League of Legends -- Error 4153. Visual C++ 2005 SP1 Redistributable (x64) mandatory prerequisite was not correctly installed.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (07/16/2014 08:22:55 PM) (Source: MsiInstaller) (EventID: 1013) (User: AwesomePC)
Description: Product: League of Legends -- Failed to launch file: C:\Users\Kiel\AppData\Roaming\Riot Games\League of Legends\prerequisites\vcredist_x64.exe Error: 216(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (07/16/2014 08:22:53 PM) (Source: MsiInstaller) (EventID: 1013) (User: AwesomePC)
Description: Product: League of Legends -- Failed to launch file: C:\Users\Kiel\AppData\Roaming\Riot Games\League of Legends\prerequisites\PMBInst.exe Error: 216(NULL)(NULL)(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 53%
Total physical RAM: 3965.27 MB
Available physical RAM: 1832.65 MB
Total Pagefile: 7549.27 MB
Available Pagefile: 5059.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:452.87 GB) (Free:337.69 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 2693014C)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
Help is appreciated, thanks!
Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Upload a File to Virustotal

Go to http://www.virustotal.com/


Click the Choose file button
Navigate to the file C:\Program Files\005\mtgaotushb64.exe
Click the Scan it tab
If you get a message saying File has already been analyzed: click Reanalyze file now
Copy and paste the results back here please.
Repeat the above steps for the following files

 

C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3\sbmrwsyodt64.exe

 

Next,

 

There are two security systems with AV components, McAfee and Avast. That is counterproductive and will cause major issues for your system, one needs to be uninstalled ASAP, your choice... let me know which one is gone...

 

Kevin

Link to post
Share on other sites

Hi, here are the results for C:\Program Files\005\mtgaotushb64.exe

 

https://www.virustotal.com/en/file/586d0daaf96f9ee1c8634cfad5daab48d712060a954ff8284a95cddcf4f43edd/analysis/1405589450/

 

and here are the results for C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3\sbmrwsyodt64.exe

 

https://www.virustotal.com/en/file/f5ad2c7056a47f42c1a5ee78fa7d05d0e19ce99d7857ab7a65e6ecacaf5f719e/analysis/1405590054/

 

 

I've uninstalled Avast now.

 

Thanks again!

Link to post
Share on other sites

Continue please:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

To get the log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs....

 

Kevin

 

 

 

fixlist.txt

Link to post
Share on other sites

Malwarebytes wouldn't download at first, but after skipping it and doing all the other steps in the order you said, I got it to work. Here are the logs;

 

Fixlog:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-07-2014 01
Ran by Kiel at 2014-07-18 12:21:03 Run:1
Running from C:\Users\Kiel\Favorites\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
R2 mtgaotushb64; C:\Program Files\005\mtgaotushb64.exe [709120 2014-07-16] () [File not signed]
C:\Program Files\005\mtgaotushb64.exe
C:\Program Files\005
C:\Users\Kiel\AppData\Local\Temp\BackupSetup.exe
C:\Users\Kiel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpembq7j.dll
C:\Users\Kiel\AppData\Local\Temp\nsv1EEF.tmp.exe
C:\Users\Kiel\AppData\Local\Temp\Quarantine.exe
C:\Users\Kiel\AppData\Local\Temp\vcredist_x64.exe
End
*****************
 
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
'HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3' => Key deleted successfully.
'HKLM\Software\Wow6432Node\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}'=> Key not found.
mtgaotushb64 => Unable to stop service
mtgaotushb64 => Service deleted successfully.
C:\Program Files\005\mtgaotushb64.exe => Moved successfully.
C:\Program Files\005 => Moved successfully.
C:\Users\Kiel\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
"C:\Users\Kiel\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpembq7j.dll" => File/Directory not found.
C:\Users\Kiel\AppData\Local\Temp\nsv1EEF.tmp.exe => Moved successfully.
"C:\Users\Kiel\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
C:\Users\Kiel\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
 
 
AdwCleaner:
 
# AdwCleaner v3.216 - Report created 18/07/2014 at 12:37:48
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Kiel - AWESOMEPC
# Running from : C:\Users\Kiel\Favorites\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3569 octets] - [16/07/2014 22:53:41]
AdwCleaner[R1].txt - [994 octets] - [18/07/2014 12:33:52]
AdwCleaner[s0].txt - [2194 octets] - [16/07/2014 23:00:01]
AdwCleaner[s1].txt - [918 octets] - [18/07/2014 12:37:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [977 octets] ##########
 
 
 
JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Kiel on 18/07/2014 at 12:42:53.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/07/2014 at 12:51:46.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Malwarebytes:
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 18/07/2014
Scan Time: 13:02:54
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.18.03
Rootkit Database: v2014.07.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Kiel
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 401386
Time Elapsed: 23 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 1
PUP.Optional.AdPeak.A, C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3\sbmrwsyodt64.exe, 1628, Delete-on-Reboot, [32c9118fa5d641f54c24dcbf8c78956b]
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AllDaySavingsService64, Quarantined, [32c9118fa5d641f54c24dcbf8c78956b], 
PUP.Optional.Adpeak.A, HKLM\SOFTWARE\AllDaySavings, Quarantined, [5f9c8917b2c916204d681ba3b949b14f], 
PUP.Optional.Adpeak.A, HKLM\SOFTWARE\WOW6432NODE\AllDaySavings, Quarantined, [2ecd831d43388bab4372ffbfe81a1de3], 
 
Registry Values: 1
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_gb_67, Quarantined, [d724039def8c25119c01399bdf23ad53], 
 
Registry Data: 0
(No malicious items detected)
 
Folders: 6
PUP.Optional.WeatherAlerts, C:\Users\Kiel\AppData\Local\Local_Weather_LLC, Quarantined, [807b1d834d2e280e4ad6554f976b817f], 
PUP.Optional.WeatherAlerts, C:\Users\Kiel\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_etsuzgjms0d35vhkgpctvuu1imfnlkrd, Quarantined, [807b1d834d2e280e4ad6554f976b817f], 
PUP.Optional.WeatherAlerts, C:\Users\Kiel\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_etsuzgjms0d35vhkgpctvuu1imfnlkrd\1.4.0.0, Quarantined, [807b1d834d2e280e4ad6554f976b817f], 
PUP.Optional.Adpeak.A, C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3, Delete-on-Reboot, [9e5d8f1182f960d6c90ba716b74bd42c], 
PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings, Quarantined, [c03b1a86b1ca181e91448e2f09f99b65], 
PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings\SSL, Quarantined, [c03b1a86b1ca181e91448e2f09f99b65], 
 
Files: 12
PUP.Optional.AdPeak.A, C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3\sbmrwsyodt64.exe, Delete-on-Reboot, [32c9118fa5d641f54c24dcbf8c78956b], 
PUP.Optional.WeatherAlerts.A, C:\Users\Kiel\AppData\Local\Temp\52FCtmp\desktopweatheralertssetup.exe, Quarantined, [f902f4aca0dbea4c5ef114bc14f06799], 
PUP.Optional.AllDaySavings.A, C:\Users\Kiel\AppData\Local\Temp\5456tmp\ads.exe, Quarantined, [e3188e122e4d0135fbf6144080827a86], 
PUP.Optional.AdPeak.A, C:\Windows\Temp\0F467D68-149F-43B9-A30F-62DA8D197FC3n.exe, Quarantined, [b04b069a443752e4e48c8b10a65e27d9], 
PUP.Optional.BetterDeals.A, C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage, Quarantined, [5aa190101b6026103d62a02aa45e53ad], 
PUP.Optional.BetterDeals.A, C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.betterdeals00.betterdeals.co_0.localstorage-journal, Quarantined, [06f5257bcbb0e5518d121dadeb1732ce], 
PUP.Optional.Superfish.A, C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [f3086b357b003ff73e9cad22966cb947], 
PUP.Optional.WeatherAlerts, C:\Users\Kiel\AppData\Local\Local_Weather_LLC\WeatherAlerts.exe_Url_etsuzgjms0d35vhkgpctvuu1imfnlkrd\1.4.0.0\user.config, Quarantined, [807b1d834d2e280e4ad6554f976b817f], 
PUP.Optional.Adpeak.A, C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3\libeay32.dll, Delete-on-Reboot, [9e5d8f1182f960d6c90ba716b74bd42c], 
PUP.Optional.Adpeak.A, C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3\nfapi.dll, Delete-on-Reboot, [9e5d8f1182f960d6c90ba716b74bd42c], 
PUP.Optional.Adpeak.A, C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3\ProtocolFilters.dll, Delete-on-Reboot, [9e5d8f1182f960d6c90ba716b74bd42c], 
PUP.Optional.Adpeak.A, C:\Program Files (x86)\0F467D68-149F-43B9-A30F-62DA8D197FC3\ssleay32.dll, Delete-on-Reboot, [9e5d8f1182f960d6c90ba716b74bd42c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Link to post
Share on other sites

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Let me see those logs...

 

Kevin

Link to post
Share on other sites

Hi, threats were found, here are the logs;

 

ESET SCAN:

 

C:\$Recycle.Bin\S-1-5-21-640586316-2709580095-5358506-1001\$R2ICCLK.exe probably a variant of Win32/Packed.Themida potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-640586316-2709580095-5358506-1001\$RO0IJEN.exe probably a variant of Win32/Packed.Themida potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Kiel\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe.vir a variant of MSIL/Adware.StrongVault.A application
C:\FRST\Quarantine\C\Program Files\005\mtgaotushb64.exe.xBAD a variant of Win64/Adware.Adpeak.C application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\PokerTracker 4\Data\Bin\iPokerCommunicator.pt4 probably a variant of Win32/Packed.Themida potentially unwanted application
C:\Program Files (x86)\PokerTracker 4\Data\Bin\PartyCommunicator.pt4 probably a variant of Win32/Packed.Themida potentially unwanted application
C:\Program Files (x86)\PokerTracker 4\Data\Bin\StarsCommunicator.pt4 probably a variant of Win32/Packed.Themida potentially unwanted application
C:\Program Files (x86)\PokerTracker 4\Data\Bin\TiltCommunicator.pt4 probably a variant of Win32/Packed.Themida potentially unwanted application
C:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UG73FKQ\ChromeSetup.exe a variant of Win32/SoftPulse.G potentially unwanted application
C:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BUPB463\Installer[1].exe a variant of Win32/Toolbar.Linkury.E potentially unwanted application
C:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BUPB463\setup_fst_gb[1].exe a variant of Win32/AdWare.EoRezo.AU application
C:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DL581DV\DesktopWeatherAlertsSetup[1].exe a variant of MSIL/Adware.StrongVault.A application
C:\Users\Kiel\AppData\Local\Temp\51F0tmp\cloud_backup_setup.exe Win32/MyPCBackup.A potentially unwanted application
C:\Users\Kiel\AppData\Local\Temp\52CCtmp\freesofttoday.exe a variant of Win32/AdWare.EoRezo.AU application
C:\Users\Kiel\AppData\Local\Temp\537Atmp\installer.exe a variant of Win32/Toolbar.Linkury.E potentially unwanted application
C:\Windows.old\Users\Kiel\AppData\Local\PokerTracker 4\Temp\StarsCommunicator.pt4 probably a variant of Win32/Packed.Themida potentially unwanted application
 
 
===========================
 
 
 
 
Checkup:
 
 Results of screen317's Security Check version 0.99.85  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
Windows Defender                     
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :Filesipconfig /flushdns /cC:\$Recycle.Bin\S-1-5-21-640586316-2709580095-5358506-1001\$R2ICCLK.exeC:\$Recycle.Bin\S-1-5-21-640586316-2709580095-5358506-1001\$RO0IJEN.exeC:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UG73FKQ\ChromeSetup.exeC:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BUPB463\Installer[1].exeC:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BUPB463\setup_fst_gb[1].exeC:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DL581DV\DesktopWeatherAlertsSetup[1].exeC:\Users\Kiel\AppData\Local\Temp\51F0tmp\cloud_backup_setup.exeC:\Users\Kiel\AppData\Local\Temp\52CCtmp\freesofttoday.exeC:\Users\Kiel\AppData\Local\Temp\537Atmp\installer.exe:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Let me see that log, also give an update on any remaining issues or concerns....

 

Kevin..

Link to post
Share on other sites

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Kiel\Favorites\Downloads\cmd.bat deleted successfully.

C:\Users\Kiel\Favorites\Downloads\cmd.txt deleted successfully.

C:\$Recycle.Bin\S-1-5-21-640586316-2709580095-5358506-1001\$R2ICCLK.exe moved successfully.

C:\$Recycle.Bin\S-1-5-21-640586316-2709580095-5358506-1001\$RO0IJEN.exe moved successfully.

C:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UG73FKQ\ChromeSetup.exe moved successfully.

C:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BUPB463\Installer[1].exe moved successfully.

C:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BUPB463\setup_fst_gb[1].exe moved successfully.

C:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DL581DV\DesktopWeatherAlertsSetup[1].exe moved successfully.

C:\Users\Kiel\AppData\Local\Temp\51F0tmp\cloud_backup_setup.exe moved successfully.

C:\Users\Kiel\AppData\Local\Temp\52CCtmp\freesofttoday.exe moved successfully.

C:\Users\Kiel\AppData\Local\Temp\537Atmp\installer.exe moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: .NET v4.5

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: .NET v4.5 Classic

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 128 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

 

User: Kiel

->Temp folder emptied: 7380488 bytes

->Temporary Internet Files folder emptied: 13835358 bytes

 

Thanks

Link to post
Share on other sites

Actually, I'm not sure I got those logs when they were finished, the computer restarted, and a text file came up;

 

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kiel\Favorites\Downloads\cmd.bat deleted successfully.
C:\Users\Kiel\Favorites\Downloads\cmd.txt deleted successfully.
C:\$Recycle.Bin\S-1-5-21-640586316-2709580095-5358506-1001\$R2ICCLK.exe moved successfully.
C:\$Recycle.Bin\S-1-5-21-640586316-2709580095-5358506-1001\$RO0IJEN.exe moved successfully.
C:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3UG73FKQ\ChromeSetup.exe moved successfully.
C:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BUPB463\Installer[1].exe moved successfully.
C:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9BUPB463\setup_fst_gb[1].exe moved successfully.
C:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DL581DV\DesktopWeatherAlertsSetup[1].exe moved successfully.
C:\Users\Kiel\AppData\Local\Temp\51F0tmp\cloud_backup_setup.exe moved successfully.
C:\Users\Kiel\AppData\Local\Temp\52CCtmp\freesofttoday.exe moved successfully.
C:\Users\Kiel\AppData\Local\Temp\537Atmp\installer.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: .NET v4.5
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: .NET v4.5 Classic
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
 
User: Kiel
->Temp folder emptied: 7380488 bytes
->Temporary Internet Files folder emptied: 13835358 bytes
->Google Chrome cache emptied: 360471054 bytes
->Flash cache emptied: 898 bytes
 
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23030783 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 670537948 bytes
 
Total Files Cleaned = 1,025.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 07202014_044217
 
Files moved on Reboot...
File C:\Users\Kiel\AppData\Local\Temp\etilqs_hNwCSiQ4CAUJ5e3 not found!
File C:\Users\Kiel\AppData\Local\Temp\etilqs_Ji6bjYXjoGTXpgJ not found!
C:\Users\Kiel\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Kiel\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
Registry entries deleted on Reboot...
Link to post
Share on other sites

Thanks for the log, are there any remaining issues or concerns with your system?

 

Open Malwarebytes 2.0, run another Threat Scan

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Kevin

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.