Jump to content

Can you guys please help me? I have random Music ads palying in the background


Recommended Posts

Hi guys! I'm very frustrated right now. 

I used Malwarebytes, Tdsskiller and a bunch of other programs to try and get rid of this issue I'm having and none of the programs detected any issues. The probably began about 3 days ago after I downloaded something from a risky site. Anywho, I get random noises from my computer as if I'm opening something when I'm really not.

 

I have a bunch of strange processes running in my audio manager but I'm not actually running any of them at all. They sound like advertisements, they're telling me about exercise and cooking. Can anyone PLEASE help me. I really can't afford to lose all of my data on this computer, because I use it for projects and novels so I'm kind of screwed right now. I built this computer myself and it runs like a beast, I can't even play my video games right now  because this is aggravating me :( I'm confused as to whether or now I even have a virus at all because everything keeps saying there's no virus. My computer runs fast with the games I play however my internet is extremely slow but I do have a pretty bad internet connection so I'm not sure if that's just normal or not.

 

Here are the logs I got from doing that scan you guys told me to do before I posted here:

 

Scan result of Farbar Recovery Scan Tool (FRST) 
 
(x86) Version: 13-12-2014
Ran by Danny (administrator) on DANNY-PC on 13-
 
12-2014 12:34:53
Running from C:\Users\Danny\Downloads
Loaded Profile: Danny (Available profiles: Danny)
Platform: Microsoft Windows 7 Ultimate  Service Pack 
 
1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: 
 
 
tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) 
 
=================
 
(If an entry is included in the fixlist, the process will be 
 
closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows
 
\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek
 
\Audio\HDA\RtkNGUI.exe
(Power Software Ltd) C:\Program Files\PowerISO
 
\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files\Common Files
 
\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files
 
\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\AMD
 
\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows
 
\System32\dllhost.exe
(Raptr, Inc) C:\Program Files\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Windows
 
\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome
 
\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome
 
\Application\chrome.exe
(Gadwin Systems) C:\Program Files\Gadwin\Gadwin 
 
PrintScreen\PrintScreen32.exe
(Microsoft Corporation) C:\Windows
 
\System32\upnpcont.exe
(Google Inc.) C:\Program Files\Google\Chrome
 
\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome
 
\Application\chrome.exe
(Microsoft Corporation) C:\Windows
 
\System32\cmmon32.exe
 
 
==================== Registry (Whitelisted) 
 
==================
 
(If an entry is included in the fixlist, the registry item 
 
will be restored to default or removed. The file will not 
 
be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files
 
\Realtek\Audio\HDA\RtkNGUI.exe [6155336 2013-02
 
-05] (Realtek Semiconductor)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program 
 
Files\PowerISO\PWRISOVM.EXE [366904 2014-06-
 
27] (Power Software Ltd)
HKLM\...\Run: [sunJavaUpdateSched] => C:\Program 
 
Files\Common Files\Java\Java Update\jusched.exe 
 
[271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [Raptr] => C:\Program Files\Raptr
 
\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM\...\Run: [startCCC] => C:\Program Files
 
\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe [748232 
 
2014-11-20] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2355208074-2561605029-1672976813-
 
1000\...\Run: [EA Core] => "C:\Program Files
 
\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2355208074-2561605029-1672976813-
 
1000\...\Run: [Gadwin PrintScreen Pro (32-bit)] => 
 
"C:\Program Files\Gadwin\Gadwin PrintScreenPro
 
\PrintScreenPro32.exe" /nosplash
HKU\S-1-5-21-2355208074-2561605029-1672976813-
 
1000\...\Run: [Gadwin PrintScreen (32-bit)] => C:
 
\Program Files\Gadwin\Gadwin PrintScreen
 
\PrintScreen32.exe [11507872 2014-10-15] (Gadwin 
 
Systems)
HKU\S-1-5-21-2355208074-2561605029-1672976813-
 
1000\...\MountPoints2: E - E:\Autorun.exe
HKU\S-1-5-21-2355208074-2561605029-1672976813-
 
1000\...\MountPoints2: {6e56c67a-2779-11e4-bd9f-
 
806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-2355208074-2561605029-1672976813-
 
1000\...A8F59079A8D5}\localserver32: rundll32.exe 
 
javascript:"\..\mshtml.dll,RunHTMLApplication ";eval
 
("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry 
 
has 243 more characters). <==== Poweliks!
 
==================== Internet (Whitelisted) 
 
====================
 
(If an item is included in the fixlist, if it is a registry item 
 
it will be removed or restored to default.)
 
HKU\S-1-5-21-2355208074-2561605029-1672976813-
 
1000\Software\Microsoft\Internet Explorer\Main,Start 
 
HKU\S-1-5-21-2355208074-2561605029-1672976813-
 
1000\Software\Microsoft\Internet Explorer\Main,Start 
 
Page Redirect Cache = http://www.msn.com/?
 
ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope 
 
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL 
 
SearchScopes: HKU\S-1-5-19 -> DefaultScope 
 
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL 
 
SearchScopes: HKU\S-1-5-20 -> DefaultScope 
 
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL 
 
BHO: Java Plug-In SSV Helper -> {761497BB-
 
D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program 
 
Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044
 
-A445-435b-BC74-9C25C1C588A9} -> C:\Program 
 
Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> 
 
C:\Program Files\Java\jre7\bin\dtplugin
 
\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> 
 
C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle 
 
Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No 
 
File
FF Plugin: @tools.google.com/Google 
 
Update;version=3 -> C:\Program Files\Google\Update
 
\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google 
 
Update;version=9 -> C:\Program Files\Google\Update
 
\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:
 
\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> 
 
 
{searchTerms}
CHR Profile: C:\Users\Danny\AppData\Local\Google
 
\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword 
 
(Beta)) - C:\Users\Danny\AppData\Local\Google
 
\Chrome\User Data\Default\Extensions
 
\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-27]
CHR Extension: (Google Wallet) - C:\Users\Danny
 
\AppData\Local\Google\Chrome\User Data\Default
 
\Extensions\nmmhkkegccagdldgiimedpiccmgmieda 
 
[2014-08-27]
 
========================== Services 
 
(Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be 
 
removed from the registry. The file will not be moved 
 
unless listed separately.)
 
S3 Origin Client Service; C:\Program Files\Origin
 
\OriginClientService.exe [1900400 2014-11-26] 
 
(Electronic Arts)
 
==================== Drivers (Whitelisted) 
 
====================
 
(If an entry is included in the fixlist, the service will be 
 
removed from the registry. The file will not be moved 
 
unless listed separately.)
 
R3 ISCT; C:\Windows\System32\DRIVERS
 
\ISCTD.sys [40936 2013-01-19] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys 
 
[41088 2010-10-20] (Intel Corporation)
R1 SCDEmu; C:\Windows\system32\Drivers
 
\SCDEmu.sys [116320 2014-06-27] (Power Software 
 
Ltd)
S3 MSICDSetup; \??\D:\CDriver.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) 
 
===================
 
 
(If an item is included in the fixlist, it will be removed 
 
from the registry. Any associated file could be listed 
 
separately to be moved.)
 
 
==================== One Month Created 
 
Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will 
 
be moved.)
 
2014-12-13 12:34 - 2014-12-13 12:35 - 00007152 
 
_____ () C:\Users\Danny\Downloads\FRST.txt
2014-12-13 12:34 - 2014-12-13 12:34 - 00000000 
 
____D () C:\FRST
2014-12-13 12:33 - 2014-12-13 12:34 - 01111552 
 
_____ (Farbar) C:\Users\Danny\Downloads\FRST.exe
2014-12-13 12:17 - 2014-12-13 12:17 - 00002215 
 
_____ () C:\Users\Public\Desktop\Gadwin PrintScreen 
 
(32-Bit).lnk
2014-12-13 12:17 - 2014-12-13 12:17 - 00000000 
 
____D () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Gadwin
2014-12-13 12:17 - 2014-12-13 12:17 - 00000000 
 
____D () C:\Program Files\Gadwin
2014-12-13 12:14 - 2014-12-13 12:15 - 13287142 
 
_____ () C:\Users\Danny\Downloads
 
\PrintScreen542_Setup.zip
2014-12-13 11:53 - 2014-12-13 11:55 - 00000000 
 
____D () C:\ProgramData\Max Secure
2014-12-13 11:24 - 2014-12-13 11:24 - 00368256 
 
_____ (RegNow.com) C:\Users\Danny\Downloads
 
\Download_MaxSDRDM.exe
2014-12-13 11:07 - 2014-12-13 11:07 - 00000000 
 
____D () C:\Users\Danny\AppData\Local\Max Secure 
 
Software
2014-12-13 11:06 - 2014-12-13 11:26 - 00000000 
 
____D () C:\Users\Danny\AppData\Roaming
 
\GetRightToGo
2014-12-13 10:48 - 2014-12-13 10:48 - 00370943 
 
_____ () C:\Users\Danny\Downloads\gmer.zip
2014-12-13 09:57 - 2014-12-13 09:57 - 02166272 
 
_____ () C:\Users\Danny\Desktop\AdwCleaner.exe
2014-12-13 09:49 - 2014-12-13 10:01 - 00000000 
 
____D () C:\AdwCleaner
2014-12-13 09:43 - 2014-12-13 09:43 - 00852505 
 
_____ () C:\Users\Danny\Downloads
 
\SecurityCheck.exe
2014-12-13 09:35 - 2014-12-13 09:35 - 00000539 
 
_____ () C:\Windows\Tasks\RegCure 
 
Pro_sch_421495FE-82D5-11E4-99F7-
 
448A5B95024A.job
2014-12-12 22:04 - 2014-12-12 22:06 - 00587518 
 
_____ () C:\Users\Danny\Downloads\E-
 
EyebrowsCollection.rar
2014-12-12 21:57 - 2014-12-12 21:57 - 00151376 
 
_____ () C:\Users\Danny\Downloads
 
\MTS_Elexis_1335502_InnocentEyebrowsByElexis.rar
2014-12-12 21:53 - 2014-12-12 22:02 - 08400231 
 
_____ () C:\Users\Danny\Downloads\Nizuni and The 
 
Pink Flamingo.zip
2014-12-12 15:10 - 2014-12-12 15:10 - 00015345 
 
_____ () C:\Users\Danny\Downloads\Brokengirls Pose 
 
Pack.rar
2014-12-12 14:48 - 2014-12-12 14:49 - 06514413 
 
_____ () C:\Users\Danny\Downloads\{artsims] 
 
Zombie Aphrodite.rar
2014-12-12 14:48 - 2014-12-12 14:48 - 01965170 
 
_____ () C:\Users\Danny\Downloads\[M1ssduo] 
 
Clothing_Boyfriend_TypePrints_T-Shirt_AF.zip
2014-12-12 14:48 - 2014-12-12 14:48 - 01607238 
 
_____ () C:\Users\Danny\Downloads\[M1ssduo] 
 
Clothing_Rolledup_Belted_Shorts_AF.zip
2014-12-12 14:47 - 2014-12-12 14:52 - 81417565 
 
_____ () C:\Users\Danny\Downloads\[moi]
 
tmblrgift02.rar
2014-12-12 14:46 - 2014-12-12 14:46 - 02448956 
 
_____ () C:\Users\Danny\Downloads
 
\BabyEmbroideryOnesies-SilwerMoonCC.zip
2014-12-12 14:29 - 2014-12-12 14:29 - 00000074 
 
_____ () C:\Users\Danny\Documents\dcdd.txt
2014-12-11 14:41 - 2014-12-11 14:41 - 00000000 
 
____D () C:\Users\Danny\Downloads\Nicki Minaj The 
 
Pinkprint [DELUXE @ 320] 2014
2014-12-09 20:57 - 2014-12-09 20:57 - 00094115 
 
_____ () C:\Users\Danny\Downloads\[kanonlullabies] 
 
Love Hisha ♥.package
2014-12-09 18:45 - 2014-12-09 18:48 - 00000000 
 
____D () C:\Users\Danny\Downloads\Charli XCX - 
 
Sucker (2014)
2014-12-09 17:12 - 2014-12-09 17:12 - 00051762 
 
_____ () C:\Windows
 
\system32\CCCInstall_201412091712447712.log
2014-12-09 17:12 - 2014-12-09 17:12 - 00000000 
 
____D () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\AMD Catalyst Control Center
2014-12-09 17:12 - 2014-12-09 17:12 - 00000000 
 
____D () C:\ProgramData\ATI
2014-12-09 17:12 - 2014-12-09 17:12 - 00000000 
 
____D () C:\Program Files\AMD AVT
2014-12-08 21:24 - 2014-12-08 21:24 - 35233823 
 
_____ () C:\Users\Danny\Downloads\[sS] Update 
 
Curly Hair Dump.zip
2014-12-08 21:13 - 2014-12-08 21:16 - 15197282 
 
_____ () C:\Users\Danny\Downloads
 
\MK_Hair004_CloudNine.zip
2014-12-08 21:13 - 2014-12-08 21:16 - 14425714 
 
_____ () C:\Users\Danny\Downloads
 
\MK_Hair004_CloudNine_Toddler.zip
2014-12-08 21:13 - 2014-12-08 21:16 - 14385097 
 
_____ () C:\Users\Danny\Downloads
 
\MK_Hair004_CloudNine_Child.zip
2014-12-08 21:10 - 2014-12-08 21:11 - 06390527 
 
_____ () C:\Users\Danny\Downloads
 
\AG_afHairSTORE15AFRModern_Edit.rar
2014-12-08 21:10 - 2014-12-08 21:11 - 06007019 
 
_____ () C:\Users\Danny\Downloads\AikeaGuinea - 
 
AFHairAfroWrap01.rar
2014-12-08 21:10 - 2014-12-08 21:10 - 04497437 
 
_____ () C:\Users\Danny\Downloads
 
\AikeaGuinea_AMHairSTORE15AFRShort.rar
2014-12-07 21:59 - 2014-12-07 22:00 - 01339007 
 
_____ () C:\Users\Danny\Downloads
 
\Natef005_afSparkleShoes.sims3pack
2014-12-07 21:30 - 2014-12-07 21:51 - 98761361 
 
_____ () C:\Users\Danny\Downloads\Strip-club 
 
Wendy Secrets.Sims3Pack
2014-12-07 13:17 - 2014-12-07 13:20 - 00000000 
 
____D () C:\Users\Danny\Downloads\J. Cole - 2014 
 
Forest Hills Drive [LEAKED MP3 320 KBPS] 
 
[GLODLS]
2014-12-06 16:02 - 2014-12-06 16:02 - 01839258 
 
_____ () C:\Users\Danny\Downloads
 
\Pixicat_Converse_M01.rar
2014-12-06 12:58 - 2014-12-06 12:58 - 00069096 
 
_____ () C:\Users\Danny\Downloads
 
\io_s3py_animation-1.60.zip
2014-12-06 11:55 - 2014-12-06 11:55 - 00000000 
 
____D () C:\Users\Danny\Downloads\Arctic Monkeys 
 
- Suck It And See
2014-12-06 10:32 - 2014-12-06 10:35 - 00000000 
 
____D () C:\Users\Danny\Downloads\Arctic Monkeys 
 
- AM (2013) [FLAC]
2014-12-03 19:12 - 2014-12-03 19:12 - 00000000 
 
____D () C:\Users\Danny\AppData\Roaming
 
\TSRWorkshop
2014-12-03 19:12 - 2014-12-03 19:12 - 00000000 
 
____D () C:\Users\Danny\AppData\Local\TSR 
 
Workshop
2014-12-03 19:12 - 2014-12-03 19:12 - 00000000 
 
____D () C:\Users\Danny\AppData\Local\Ibibi_HB
2014-12-03 19:11 - 2014-12-03 19:11 - 00000000 
 
____D () C:\Users\Danny\AppData\Roaming\The 
 
Sims Resource
2014-12-03 19:11 - 2010-06-02 04:55 - 00527192 
 
_____ (Microsoft Corporation) C:\Windows
 
\system32\XAudio2_7.dll
2014-12-03 19:11 - 2010-06-02 04:55 - 00074072 
 
_____ (Microsoft Corporation) C:\Windows
 
\system32\XAPOFX1_5.dll
2014-12-03 19:11 - 2010-05-26 11:41 - 02106216 
 
_____ (Microsoft Corporation) C:\Windows
 
\system32\D3DCompiler_43.dll
2014-12-03 19:11 - 2010-05-26 11:41 - 01998168 
 
_____ (Microsoft Corporation) C:\Windows
 
\system32\D3DX9_43.dll
2014-12-03 19:11 - 2010-05-26 11:41 - 01868128 
 
_____ (Microsoft Corporation) C:\Windows
 
\system32\d3dcsx_43.dll
2014-12-03 19:11 - 2010-05-26 11:41 - 00470880 
 
_____ (Microsoft Corporation) C:\Windows
 
\system32\d3dx10_43.dll
2014-12-03 19:11 - 2010-05-26 11:41 - 00248672 
 
_____ (Microsoft Corporation) C:\Windows
 
\system32\d3dx11_43.dll
2014-12-03 19:11 - 2010-02-04 10:01 - 00022360 
 
_____ (Microsoft Corporation) C:\Windows
 
\system32\X3DAudio1_7.dll
2014-12-03 18:51 - 2014-12-03 18:51 - 00000000 
 
____D () C:\ProgramData\S4Studio
2014-12-03 18:41 - 2014-12-03 18:41 - 00000000 
 
____D () C:\Users\Danny\AppData\Roaming\S4Studio
2014-12-03 18:41 - 2014-12-03 18:41 - 00000000 
 
____D () C:\Users\Danny\AppData\Local\S4Studio
2014-12-01 16:53 - 2014-12-01 16:53 - 00000000 
 
____D () C:\Users\Danny\Downloads\Azealia Banks - 
 
Broke With Expensive Taste [2014] 320
2014-11-29 14:29 - 2014-11-29 14:29 - 00002152 
 
_____ () C:\Users\Danny\AppData\Local\recently-
 
used.xbel
2014-11-26 20:32 - 2014-11-26 20:32 - 00000000 
 
____D () C:\Users\Danny\Downloads\Jessie J - Sweet 
 
Talker (Deluxe Edition) [ChattChitto RG]
2014-11-26 13:32 - 2014-12-13 12:18 - 00000000 
 
____D () C:\Users\Danny\AppData\Roaming\Gadwin
2014-11-26 13:32 - 2014-12-13 12:18 - 00000000 
 
____D () C:\Users\Danny\AppData\Local\Gadwin
2014-11-25 19:52 - 2014-11-25 19:52 - 00000000 
 
__RHD () C:\Users\Danny\AppData\Roaming
 
\SecuROM
2014-11-24 17:06 - 2014-11-29 14:29 - 00000000 
 
____D () C:\Users\Danny\AppData\Local\gtk-2.0
2014-11-24 16:59 - 2014-11-29 14:29 - 00000000 
 
____D () C:\Users\Danny\.gimp-2.8
2014-11-24 16:59 - 2014-11-24 16:59 - 00000000 
 
____D () C:\Users\Danny\AppData\Local\gegl-0.2
2014-11-24 16:59 - 2014-11-24 16:59 - 00000000 
 
____D () C:\Users\Danny\AppData\Local\fontconfig
2014-11-24 16:54 - 2014-12-04 19:40 - 00000000 
 
____D () C:\Users\Danny\Desktop\Siggy
2014-11-23 22:42 - 2014-11-23 22:46 - 00000000 
 
____D () C:\Users\Danny\Downloads\Iggy Azalea - 
 
Reclassified (2014) [MP3 @ 320 KBPS]
2014-11-22 11:52 - 2014-12-13 12:31 - 00000830 
 
_____ () C:\Windows\Tasks\Adobe Flash Player 
 
Updater.job
2014-11-22 11:52 - 2014-12-10 14:31 - 00701104 
 
_____ (Adobe Systems Incorporated) C:\Windows
 
\system32\FlashPlayerApp.exe
2014-11-22 11:52 - 2014-12-10 14:31 - 00071344 
 
_____ (Adobe Systems Incorporated) C:\Windows
 
\system32\FlashPlayerCPLApp.cpl
2014-11-20 21:44 - 2014-11-20 21:44 - 00071704 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\atimpc32.dll
2014-11-20 21:44 - 2014-11-20 21:44 - 00071704 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\amdpcom32.dll
2014-11-20 21:41 - 2014-11-20 21:41 - 00265416 
 
_____ (Advanced Micro Devices) C:\Windows
 
\system32\Drivers\amdacpksd.sys
2014-11-20 21:38 - 2014-11-20 21:38 - 16955392 
 
_____ (Advanced Micro Devices, Inc.) C:\Windows
 
\system32\Drivers\atikmdag.sys
2014-11-20 21:35 - 2014-11-20 21:35 - 00038912 
 
_____ () C:\Windows\system32\kdbsdk32.dll
2014-11-20 21:33 - 2014-11-20 21:33 - 00203776 
 
_____ () C:\Windows\system32\clinfo.exe
2014-11-20 21:33 - 2014-11-20 21:33 - 00083456 
 
_____ (Advanced Micro Devices Inc.) C:\Windows
 
\system32\OpenVideo.dll
2014-11-20 21:33 - 2014-11-20 21:33 - 00073216 
 
_____ (Advanced Micro Devices Inc.) C:\Windows
 
\system32\OVDecode.dll
2014-11-20 21:32 - 2014-11-20 21:32 - 40987136 
 
_____ (Advanced Micro Devices Inc.) C:\Windows
 
\system32\amdocl.dll
2014-11-20 21:31 - 2014-11-20 21:31 - 00058880 
 
_____ (Khronos Group) C:\Windows
 
\system32\OpenCL.dll
2014-11-20 21:19 - 2014-11-20 21:19 - 23621632 
 
_____ (Advanced Micro Devices, Inc.) C:\Windows
 
\system32\atioglxx.dll
2014-11-20 21:19 - 2014-11-20 21:19 - 00038912 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\amdmmcl.dll
2014-11-20 21:18 - 2014-11-20 21:18 - 00113664 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\mantle32.dll
2014-11-20 21:17 - 2014-11-20 21:17 - 00631912 
 
_____ () C:\Windows\system32\atiapfxx.blb
2014-11-20 21:17 - 2014-11-20 21:17 - 00367104 
 
_____ (Advanced Micro Devices, Inc.) C:\Windows
 
\system32\atiapfxx.exe
2014-11-20 21:17 - 2014-11-20 21:17 - 00052224 
 
_____ (Advanced Micro Devices Inc.) C:\Windows
 
\system32\aticalrt.dll
2014-11-20 21:16 - 2014-11-20 21:16 - 14302208 
 
_____ (Advanced Micro Devices Inc.) C:\Windows
 
\system32\aticaldd.dll
2014-11-20 21:16 - 2014-11-20 21:16 - 00049152 
 
_____ (Advanced Micro Devices Inc.) C:\Windows
 
\system32\aticalcl.dll
2014-11-20 21:15 - 2014-11-20 21:15 - 04590592 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\amdmantle32.dll
2014-11-20 21:13 - 2014-11-20 21:13 - 03471376 
 
_____ () C:\Windows\system32\atiumdva.cap
2014-11-20 21:13 - 2014-11-20 21:13 - 00085504 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\mantleaxl32.dll
2014-11-20 21:12 - 2014-11-20 21:12 - 00626688 
 
_____ (AMD) C:\Windows\system32\atieclxx.exe
2014-11-20 21:12 - 2014-11-20 21:12 - 00212992 
 
____N (AMD) C:\Windows\system32\atiesrxx.exe
2014-11-20 21:12 - 2014-11-20 21:12 - 00164352 
 
_____ (AMD) C:\Windows\system32\atitmmxx.dll
2014-11-20 21:12 - 2014-11-20 21:12 - 00030720 
 
_____ (AMD) C:\Windows\system32\atimuixx.dll
2014-11-20 21:10 - 2014-11-20 21:10 - 00651264 
 
_____ (AMD) C:\Windows\system32\coinst_14.50.dll
2014-11-20 21:09 - 2014-11-20 21:09 - 00069632 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\atiglpxx.dll
2014-11-20 21:08 - 2014-11-20 21:08 - 00472576 
 
_____ (Advanced Micro Devices, Inc.) C:\Windows
 
\system32\Drivers\atikmpag.sys
2014-11-20 21:08 - 2014-11-20 21:08 - 00133632 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\atigktxx.dll
2014-11-20 21:08 - 2014-11-20 21:08 - 00043520 
 
_____ (Advanced Micro Devices, Inc.) C:\Windows
 
\system32\Drivers\ati2erec.dll
2014-11-17 19:20 - 2014-11-17 19:20 - 00001051 
 
_____ () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\GIMP 2.lnk
2014-11-17 19:19 - 2014-11-17 19:20 - 00000000 
 
____D () C:\Program Files\GIMP 2
2014-11-17 18:45 - 2014-11-17 18:45 - 00000000 
 
____D () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\AMD Gaming Evolved
 
==================== One Month Modified 
 
Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will 
 
be moved.)
 
2014-12-13 12:17 - 2014-08-27 23:00 - 00000886 
 
_____ () C:\Windows\Tasks
 
\GoogleUpdateTaskMachineUA.job
2014-12-13 12:16 - 2014-09-07 20:07 - 00007451 
 
_____ () C:\Users\Danny\Desktop\stuff.txt
2014-12-13 12:14 - 2014-08-19 03:21 - 01721681 
 
_____ () C:\Windows\WindowsUpdate.log
2014-12-13 12:12 - 2014-08-19 08:31 - 00000000 
 
____D () C:\Users\Danny\AppData\Roaming\Raptr
2014-12-13 12:12 - 2014-08-19 03:38 - 00058408 
 
_____ () C:\Users\Danny\AppData\Local
 
\GDIPFONTCACHEV1.DAT
2014-12-13 12:11 - 2014-08-27 23:00 - 00000882 
 
_____ () C:\Windows\Tasks
 
\GoogleUpdateTaskMachineCore.job
2014-12-13 12:11 - 2010-11-20 16:48 - 00017438 
 
_____ () C:\Windows\PFRO.log
2014-12-13 12:11 - 2009-07-13 23:53 - 00000006 
 
____H () C:\Windows\Tasks\SA.DAT
2014-12-13 12:11 - 2009-07-13 23:39 - 00041724 
 
_____ () C:\Windows\setupact.log
2014-12-13 12:11 - 2009-07-13 23:33 - 00269536 
 
_____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-13 10:39 - 2014-09-06 18:18 - 00114904 
 
_____ (Malwarebytes Corporation) C:\Windows
 
\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 10:25 - 2014-09-06 18:18 - 00001064 
 
_____ () C:\Users\Public\Desktop\Malwarebytes 
 
Anti-Malware.lnk
2014-12-13 10:25 - 2014-09-06 18:18 - 00000000 
 
____D () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Malwarebytes Anti-Malware
2014-12-13 10:25 - 2014-09-06 18:18 - 00000000 
 
____D () C:\Program Files\Malwarebytes Anti-
 
Malware
2014-12-13 00:05 - 2009-07-13 23:34 - 00040144 
 
____H () C:\Windows\system32\7B296FB0-376B-
 
497e-B012-9C450E1B7327-5P-1.C7483456-A289-
 
439d-8115-601632D005A0
2014-12-13 00:05 - 2009-07-13 23:34 - 00040144 
 
____H () C:\Windows\system32\7B296FB0-376B-
 
497e-B012-9C450E1B7327-5P-0.C7483456-A289-
 
439d-8115-601632D005A0
2014-12-13 00:04 - 2014-08-25 11:51 - 00000000 
 
____D () C:\Users\Danny\AppData\Roaming\vlc
2014-12-12 21:24 - 2014-10-16 20:52 - 00000000 
 
____D () C:\Users\Danny\Desktop\2
2014-12-12 21:24 - 2014-08-21 04:04 - 00000000 
 
____D () C:\Users\Danny\Desktop\T
2014-12-12 21:24 - 2014-08-19 05:44 - 00000000 
 
____D () C:\Users\Danny\Documents\Electronic Arts
2014-12-11 19:21 - 2014-08-27 23:02 - 00002129 
 
_____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 14:53 - 2014-08-20 04:26 - 00000000 
 
____D () C:\Users\Danny\AppData\Roaming\uTorrent
2014-12-10 20:40 - 2014-08-19 08:12 - 00000000 
 
____D () C:\ProgramData\Origin
2014-12-10 20:40 - 2014-08-19 08:12 - 00000000 
 
____D () C:\Program Files\Origin
2014-12-10 16:35 - 2014-08-28 00:59 - 00000000 
 
____D () C:\Users\Danny\Downloads\multi-rigs
2014-12-10 14:17 - 2009-07-13 21:37 - 00000000 
 
____D () C:\Windows\Microsoft.NET
2014-12-09 18:34 - 2014-11-04 11:20 - 00000404 
 
_____ () C:\Users\Danny\Documents\names 
 
Trainstationshit.txt
2014-12-09 17:13 - 2014-08-19 08:23 - 00000000 
 
____D () C:\AMD
2014-12-09 17:12 - 2014-08-19 03:35 - 00000000 
 
____D () C:\ProgramData\AMD
2014-12-09 17:12 - 2014-08-19 03:35 - 00000000 
 
____D () C:\Program Files\AMD
2014-12-09 17:10 - 2014-08-19 03:30 - 00000000 
 
____D () C:\Program Files\ATI Technologies
2014-12-09 16:19 - 2014-08-19 08:31 - 00000000 
 
____D () C:\Program Files\Raptr
2014-12-06 15:06 - 2014-10-25 16:46 - 00001249 
 
_____ () C:\Users\Danny\Documents\MUSIC.txt
2014-12-03 18:54 - 2014-08-28 00:35 - 00002054 
 
_____ () C:\Users\Public\Desktop\Blender.lnk
2014-12-03 17:42 - 2010-11-20 16:01 - 00781298 
 
_____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-28 13:30 - 2014-10-12 12:20 - 00000000 
 
____D () C:\Users\Danny\Downloads\Bopthgmes
2014-11-26 13:52 - 2009-07-13 23:52 - 00000000 
 
___RD () C:\ProgramData\Microsoft\Windows\Start 
 
Menu\Programs\Games
2014-11-24 16:59 - 2014-08-19 03:21 - 00000000 
 
____D () C:\Users\Danny
2014-11-21 06:14 - 2014-09-06 18:18 - 00075480 
 
_____ (Malwarebytes Corporation) C:\Windows
 
\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-09-06 18:18 - 00051928 
 
_____ (Malwarebytes Corporation) C:\Windows
 
\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2014-09-06 18:18 - 00023256 
 
_____ (Malwarebytes Corporation) C:\Windows
 
\system32\Drivers\mbam.sys
2014-11-20 21:44 - 2014-04-17 21:42 - 09401480 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\atidxx32.dll
2014-11-20 21:44 - 2014-04-17 21:42 - 00126848 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\atiuxpag.dll
2014-11-20 21:44 - 2013-12-06 17:02 - 00100032 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\atiu9pag.dll
2014-11-20 21:44 - 2013-12-06 17:00 - 01127496 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\aticfx32.dll
2014-11-20 21:43 - 2013-12-06 16:58 - 07558816 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\atiumdva.dll
2014-11-20 21:43 - 2013-12-06 16:57 - 07077776 
 
_____ (Advanced Micro Devices, Inc. ) C:\Windows
 
\system32\atiumdag.dll
2014-11-20 21:12 - 2013-12-06 15:53 - 00442368 
 
_____ (Advanced Micro Devices, Inc.) C:\Windows
 
\system32\atidemgy.dll
2014-11-20 21:09 - 2013-12-06 15:22 - 00903168 
 
_____ (Advanced Micro Devices, Inc.) C:\Windows
 
\system32\atiadlxx.dll
 
==================== Bamital & volsnap 
 
Check =================
 
(There is no automatic fix for files that do not pass 
 
verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally 
 
signed
C:\Windows\system32\wininit.exe => File is digitally 
 
signed
C:\Windows\system32\svchost.exe => File is digitally 
 
signed
C:\Windows\system32\services.exe => File is digitally 
 
signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally 
 
signed
C:\Windows\system32\rpcss.dll => File is digitally 
 
signed
C:\Windows\system32\Drivers\volsnap.sys => File is 
 
digitally signed
 
 
LastRegBack: 2014-11-30 15:40
 
==================== End Of Log 
 
============================
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool 
 
(x86) Version: 13-12-2014
Ran by Danny at 2014-12-13 12:35:31
Running from C:\Users\Danny\Downloads
Boot Mode: Normal
=====================================
 
=====================
 
 
==================== Security Center 
 
========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) 
 
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs 
 
======================
 
(Only the adware programs with "hidden" flag could be 
 
added to the fixlist to unhide them. The adware 
 
programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2355208074-2561605029-
 
1672976813-1000\...\uTorrent) (Version: 3.4.2.35702 - 
 
BitTorrent Inc.)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe 
 
Flash Player ActiveX) (Version: 15.0.0.246 - Adobe 
 
Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{21342FD6
 
-425D-2349-100B-85FA79C77A20}) (Version: 
 
8.0.916.0 - Advanced Micro Devices, Inc.)
Blender (HKLM\...\Blender) (Version: 2.70a - Blender 
 
Foundation)
Gadwin PrintScreen (32-Bit) (HKLM\...\{40475700-
 
0CC9-4B2C-A365-293E82D784BC}) (Version: 5.4.2.0 
 
- Gadwin Systems)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 
 
- The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 
 
39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google 
 
Inc.) Hidden
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4
 
-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 
 
(HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 
 
2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...
 
\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 
 
1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...
 
\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 
 
8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 
 
9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-
 
BD6F-21E6EC160475}) (Version: 9.0.30729 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 
 
9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-
 
88E4-87755C07200F}) (Version: 9.0.30729.6161 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 
 
10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289
 
-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 
 
11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-
 
5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 
 
12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-
 
8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft 
 
Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-
 
CD27-46CB-8448-16D4FB29AA13}) (Version: 
 
3.0.5305.0 - Microsoft Corp.)
Origin (HKLM\...\Origin) (Version: 9.4.22.2815 - 
 
Electronic Arts, Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 6.0 - 
 
Power Software Ltd)
Raptr (HKLM\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM\...
 
\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) 
 
(Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM\...
 
\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) 
 
(Version: 6.0.1.6839 - Realtek Semiconductor Corp.)
s3oc - Sims3 Object Cloner (HKLM\...\s3oc) (Version: 
 
13-1112-2036 - Peter L Jones)
s3pe - Sims3 Package Editor (HKLM\...\s3pe) 
 
(Version: 13-1112-2033 - Peter L Jones)
The Sims 4 Deluxe Edition version 1.2.16.10 (HKLM
 
\...\The Sims 4 Deluxe Edition_is1) (Version: 1.2.16.10 
 
- Mr DJ)
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-
 
A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic 
 
Arts)
The Sims™ 3 Ambitions (HKLM\...\{910F4A29-1134
 
-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - 
 
Electronic Arts)
The Sims™ 3 Generations (HKLM\...\{E6B88BD6-
 
E4B2-4701-A648-B6DAC6E491CC}) (Version: 
 
8.0.152 - Electronic Arts)
The Sims™ 3 Island Paradise (HKLM\...
 
\{DB21639E-FE55-432C-BCA2-0C5249E3F79E}) 
 
(Version: 19.0.101 - Electronic Arts)
The Sims™ 3 Late Night (HKLM\...\{45057FCE-
 
5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - 
 
Electronic Arts)
The Sims™ 3 Pets (HKLM\...\{C12631C6-804D-
 
4B32-B0DD-8A496462F106}) (Version: 10.0.96 - 
 
Electronic Arts)
The Sims™ 3 Seasons (HKLM\...\{3DE92282-CB49-
 
434F-81BF-94E5B380E889}) (Version: 16.0.136 - 
 
Electronic Arts)
The Sims™ 3 Showtime (HKLM\...\{3BBFD444-
 
5FAB-49F6-98B1-A1954E831399}) (Version: 12.0.273 
 
- Electronic Arts)
The Sims™ 3 Supernatural (HKLM\...\{B37DAFA5-
 
717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 
 
15.0.135 - Electronic Arts)
The Sims™ 3 University Life (HKLM\...
 
\{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}) 
 
(Version: 18.0.126 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM\...
 
\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) 
 
(Version: 2.17.2 - Electronic Arts)
VLC media player (HKLM\...\VLC media player) 
 
(Version: 2.1.5 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) 
 
(Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID 
 
(selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed 
 
from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2355208074-
 
2561605029-1672976813-1000_Classes\CLSID
 
\{AB8902B4-09CA-4bb6-B78D-
 
A8F59079A8D5}\localserver32 -> rundll32.exe 
 
javascript:"\..\mshtml.dll,RunHTMLApplication ";eval
 
("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry 
 
has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2355208074-
 
2561605029-1672976813-1000_Classes\CLSID
 
\{D45F043D-F17F-4e8a-8435-
 
70971D9FA46D}\InprocServer32 -> C:\Program Files
 
\Blender Foundation\Blender\BlendThumb.dll ()
 
==================== Restore Points  
 
=========================
 
04-12-2014 00:11:38 Installed SlimDX Runtime .NET 
 
2.0 (January 2012)
04-12-2014 00:12:18 Installed TSR Workshop
04-12-2014 00:51:18 Removed SlimDX Runtime .NET 
 
2.0 (January 2012)
04-12-2014 00:52:12 Removed TSR Workshop
09-12-2014 22:15:03 Microsoft Visual C++ 2012 
 
Redistributable (x86) - 11.0.50727
13-12-2014 16:56:25 Installed Spyware Detector
13-12-2014 17:17:15 Installed Gadwin PrintScreen (32
 
-Bit)
 
==================== Hosts content: 
 
==========================
 
(If needed Hosts: directive could be included in the 
 
fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 
 
____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks 
 
(whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed 
 
from registry. Any associated file could be listed 
 
separately to be moved.)
 
Task: {094B145C-5E16-4535-9A0A-8E30AB397031} - 
 
System32\Tasks\GoogleUpdateTaskMachineUA => 
 
C:\Program Files\Google\Update\GoogleUpdate.exe 
 
[2014-08-27] (Google Inc.)
Task: {6F157659-F376-4D7A-B6EF-32F7971E4867} - 
 
System32\Tasks\{52B416CB-95A3-4B74-8C32-
 
D3C7A89A6A9C} => pcalua.exe -a "C:\Program 
 
Files\The SIMS 4 Deluxe Edition\__Installer
 
\vp6\vp6install.exe" -d "C:\Program Files\The SIMS 4 
 
Deluxe Edition\__Installer\vp6"
Task: {70C00691-2B4B-4E61-A010-A880450644B6} - 
 
System32\Tasks\Adobe Flash Player Updater => C:
 
\Windows\system32\Macromed\Flash
 
\FlashPlayerUpdateService.exe [2014-12-10] (Adobe 
 
Systems Incorporated)
Task: {C6AD947E-6AE3-41C8-808D-
 
E844529BAAF2} - System32\Tasks
 
\GoogleUpdateTaskMachineCore => C:\Program 
 
Files\Google\Update\GoogleUpdate.exe [2014-08-27] 
 
(Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file 
 
will be moved. The file which is running by the task will 
 
not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player 
 
Updater.job => C:\Windows\system32\Macromed
 
\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks
 
\GoogleUpdateTaskMachineCore.job => C:\Program 
 
Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks
 
\GoogleUpdateTaskMachineUA.job => C:\Program 
 
Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegCure 
 
Pro_sch_421495FE-82D5-11E4-99F7-
 
448A5B95024A.job => C:\Program Files\ParetoLogic
 
\RegCure Pro\RegCurePro.exe <==== ATTENTION
 
==================== Loaded Modules 
 
(whitelisted) =============
 
2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 
 
_____ () C:\Program Files\Raptr\_ctypes.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 
 
_____ () C:\Program Files\Raptr\_socket.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 
 
_____ () C:\Program Files\Raptr\_ssl.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 
 
_____ () C:\Program Files\Raptr\PyQt4.QtGui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 
 
_____ () C:\Program Files\Raptr\sip.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 
 
_____ () C:\Program Files\Raptr\PyQt4.QtCore.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 
 
_____ () C:\Program Files\Raptr
 
\PyQt4.QtNetwork.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 
 
_____ () C:\Program Files\Raptr\win32api.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 
 
_____ () C:\Program Files\Raptr\pywintypes26.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 
 
_____ () C:\Program Files\Raptr\select.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 
 
_____ () C:\Program Files\Raptr\_hashlib.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 
 
_____ () C:\Program Files\Raptr\win32process.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ 
 
() C:\Program Files\Raptr\win32file.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 
 
_____ () C:\Program Files\Raptr\_sqlite3.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 
 
_____ () C:\Program Files\Raptr\sqlite3.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 
 
_____ () C:\Program Files\Raptr\win32gui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 
 
_____ () C:\Program Files\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 
 
_____ () C:\Program Files\Raptr\pyexpat.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 
 
_____ () C:\Program Files\Raptr\winsound.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 
 
_____ () C:\Program Files\Raptr\pythoncom26.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00016384 
 
_____ () C:\Program Files\Raptr\win32trace.pyd
2014-08-13 19:37 - 2014-08-13 19:37 - 00113171 
 
_____ () C:\Program Files\Raptr\libvlc.dll
2014-08-13 19:37 - 2014-08-13 19:37 - 02396691 
 
_____ () C:\Program Files\Raptr\libvlccore.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 
 
_____ () C:\Program Files\Raptr\unicodedata.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 
 
_____ () C:\Program Files\Raptr
 
\win32com.shell.shell.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 
 
_____ () C:\Program Files\Raptr\PIL._imaging.pyd
2013-11-20 19:05 - 2013-11-20 19:05 - 00256000 
 
_____ () C:\Program Files\Raptr\amd_ags.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 
 
_____ () C:\Program Files\Raptr\gobject._gobject.pyd
2014-06-17 19:56 - 2014-06-17 19:56 - 02717595 
 
_____ () C:\Program Files\Raptr
 
\heliotrope._purple.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 
 
_____ () C:\Program Files\Raptr\libxml2-2.dll
2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 
 
_____ () C:\Program Files\Raptr\zlib1.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 
 
_____ () C:\Program Files\Raptr\plugins\libaim.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 
 
_____ () C:\Program Files\Raptr\liboscar.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 
 
_____ () C:\Program Files\Raptr\plugins\libicq.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 
 
_____ () C:\Program Files\Raptr\plugins\libirc.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 
 
_____ () C:\Program Files\Raptr\plugins\libmsn.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 
 
_____ () C:\Program Files\Raptr\plugins\libxmpp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 
 
_____ () C:\Program Files\Raptr\libjabber.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 
 
_____ () C:\Program Files\Raptr\plugins\libyahoo.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 
 
_____ () C:\Program Files\Raptr\libymsg.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 
 
_____ () C:\Program Files\Raptr\plugins\libyahoojp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 
 
_____ () C:\Program Files\Raptr\plugins\ssl-nss.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 
 
_____ () C:\Program Files\Raptr\plugins\ssl.dll
2014-12-11 19:21 - 2014-12-05 20:50 - 01077064 
 
_____ () C:\Program Files\Google\Chrome
 
\Application\39.0.2171.95\libglesv2.dll
2014-12-11 19:21 - 2014-12-05 20:50 - 00211272 
 
_____ () C:\Program Files\Google\Chrome
 
\Application\39.0.2171.95\libegl.dll
2014-12-11 19:21 - 2014-12-05 20:50 - 09009480 
 
_____ () C:\Program Files\Google\Chrome
 
\Application\39.0.2171.95\pdf.dll
2014-12-11 19:21 - 2014-12-05 20:50 - 01677128 
 
_____ () C:\Program Files\Google\Chrome
 
\Application\39.0.2171.95\ffmpegsumo.dll
 
==================== Alternate Data Streams 
 
(whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate 
 
Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) 
 
===================
 
(If an item is included in the fixlist, it will be removed 
 
from the registry. The "AlternateShell" will be 
 
restored.)
 
 
==================== EXE Association 
 
(whitelisted) =============
 
(If an entry is included in the fixlist, the default will be 
 
restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK 
 
MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: 
 
==========================
 
Administrator (S-1-5-21-2355208074-2561605029-
 
1672976813-500 - Administrator - Disabled)
Danny (S-1-5-21-2355208074-2561605029-
 
1672976813-1000 - Administrator - Enabled) => C:
 
\Users\Danny
Guest (S-1-5-21-2355208074-2561605029-
 
1672976813-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2355208074-2561605029
 
-1672976813-1002 - Limited - Enabled)
 
==================== Faulty Device Manager 
 
Devices =============
 
 
==================== Event log errors: 
 
=========================
 
Application errors:
==================
Error: (12/13/2014 00:29:35 PM) (Source: Application 
 
Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, 
 
version: 11.0.9600.17239, time stamp: 0x4a5bc6b8
Faulting module name: Flash32_15_0_0_246.ocx, 
 
version: 15.0.0.246, time stamp: 0x548106ae
Exception code: 0xc0000005
Fault offset: 0x0064da28
Faulting process id: 0x1138
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (12/13/2014 00:12:57 PM) (Source: WinMgmt) 
 
(EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM 
 
__InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2014 00:11:56 PM) (Source: Winlogon) 
 
(EventID: 4103) (User: )
Description: Windows license activation failed. Error 
 
0x80070005.
 
Error: (12/13/2014 11:56:23 AM) (Source: VSS) 
 
(EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: 
 
Unexpected error querying for the IVssWriterCallback 
 
interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in 
 
either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer 
 
Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   
 
Writer Name: System Writer
   Writer Instance ID: 
 
{7331e7ff-9547-4b4f-8003-5a1354a06d10}
 
Error: (12/13/2014 11:30:02 AM) (Source: WinMgmt) 
 
(EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM 
 
__InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2014 11:28:48 AM) (Source: Winlogon) 
 
(EventID: 4103) (User: )
Description: Windows license activation failed. Error 
 
0x80070005.
 
Error: (12/13/2014 10:31:26 AM) (Source: WinMgmt) 
 
(EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM 
 
__InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2014 10:29:47 AM) (Source: Winlogon) 
 
(EventID: 4103) (User: )
Description: Windows license activation failed. Error 
 
0x80070005.
 
Error: (12/13/2014 10:17:57 AM) (Source: WinMgmt) 
 
(EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM 
 
__InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2014 10:16:14 AM) (Source: Winlogon) 
 
(EventID: 4103) (User: )
Description: Windows license activation failed. Error 
 
0x80070005.
 
 
System errors:
=============
Error: (12/13/2014 00:12:58 PM) (Source: DCOM) 
 
(EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-
 
A8F59079A8D5}
 
Error: (12/13/2014 00:11:43 PM) (Source: EventLog) 
 
(EventID: 6008) (User: )
Description: The previous system shutdown at 
 
12:10:26 PM on ‎12/‎13/‎2014 was unexpected.
 
Error: (12/13/2014 00:09:05 PM) (Source: Service 
 
Control Manager) (EventID: 7034) (User: )
Description: The MaxMerger service terminated 
 
unexpectedly.  It has done this 1 time(s).
 
Error: (12/13/2014 00:09:05 PM) (Source: Service 
 
Control Manager) (EventID: 7034) (User: )
Description: The MaxWatchDogService service 
 
terminated unexpectedly.  It has done this 1 time(s).
 
Error: (12/13/2014 11:31:09 AM) (Source: DCOM) 
 
(EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-
 
A8F59079A8D5}
 
Error: (12/13/2014 11:27:32 AM) (Source: Service 
 
Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends 
 
on the Server service which failed to start because of 
 
the following error: 
%%1068
 
Error: (12/13/2014 11:27:32 AM) (Source: Service 
 
Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends 
 
on the Server service which failed to start because of 
 
the following error: 
%%1068
 
Error: (12/13/2014 11:27:32 AM) (Source: Service 
 
Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends 
 
on the Server service which failed to start because of 
 
the following error: 
%%1068
 
Error: (12/13/2014 11:26:50 AM) (Source: Service 
 
Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends 
 
on the Server service which failed to start because of 
 
the following error: 
%%1068
 
Error: (12/13/2014 11:26:50 AM) (Source: Service 
 
Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends 
 
on the Server service which failed to start because of 
 
the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (12/13/2014 00:29:35 PM) (Source: Application 
 
Error) (EventID: 1000) (User: )
Description: 
 
iexplore.exe11.0.9600.172394a5bc6b8Flash32_15_0_0
 
_246.ocx15.0.0.246548106aec00000050064da2811380
 
1d016f932a7cd57C:\Program Files\Internet Explorer
 
\iexplore.exeC:\Windows\system32\Macromed\Flash
 
\Flash32_15_0_0_246.ocx9b04f2c8-82ed-11e4-8104-
 
448a5b95024a
 
Error: (12/13/2014 00:12:57 PM) (Source: WinMgmt) 
 
(EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM 
 
__InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2014 00:11:56 PM) (Source: Winlogon) 
 
(EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (12/13/2014 11:56:23 AM) (Source: VSS) 
 
(EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer 
 
Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   
 
Writer Name: System Writer
   Writer Instance ID: 
 
{7331e7ff-9547-4b4f-8003-5a1354a06d10}
 
Error: (12/13/2014 11:30:02 AM) (Source: WinMgmt) 
 
(EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM 
 
__InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2014 11:28:48 AM) (Source: Winlogon) 
 
(EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (12/13/2014 10:31:26 AM) (Source: WinMgmt) 
 
(EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM 
 
__InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2014 10:29:47 AM) (Source: Winlogon) 
 
(EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (12/13/2014 10:17:57 AM) (Source: WinMgmt) 
 
(EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM 
 
__InstanceModificationEvent WITHIN 60 WHERE 
 
TargetInstance ISA "Win32_Processor" AND 
 
TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/13/2014 10:16:14 AM) (Source: Winlogon) 
 
(EventID: 4103) (User: )
Description: 0x800700050x00000000
 
 
==================== Memory info 
 
=========================== 
 
Processor: Intel® Pentium® CPU G2030 @ 
 
3.00GHz
Percentage of memory in use: 30%
Total physical RAM: 3554.86 MB
Available physical RAM: 2458.68 MB
Total Pagefile: 7108.02 MB
Available Pagefile: 5445.75 MB
Total Virtual: 2559.88 MB
Available Virtual: 2410.37 MB
 
==================== Drives 
 
================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:377.39 GB) 
 
NTFS
 
==================== MBR & Partition Table 
 
==================
 
=====================================
 
===================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 
 
GB) (Disk ID: CC3B91AE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 
 
NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 
 
NTFS)
 
==================== End Of Log 
 
============================
 
Right now they disappeared
 
 
ScreenShot12-13-14at1252PM_zps439c4693.p
 
 
 
 
But before this is what it looked like in the volume mixer tab
 
ScreenShot12-13-14at1229PM001_zpsb2f836b
 
 
ScreenShot12-13-14at1240PM_zps63d43e82.p
 
 
ScreenShot12-13-14at1229PM_zps5d56b908.p
 
Link to post
Share on other sites

Okay right after I posted this I got that little windows beep again and sure enough when I opened my volume mixer there was some ad playing in the background... but no window pops up...Nothing. I'm just completely dumbfounded. And yesterday Internet Explorer decided it would stop letting me download things so I have no clue what's going on.

Link to post
Share on other sites

  • 2 months later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.