iexplore.exe used for outgoing malicious website

aeriney · July 11, 2015

I'm getting a pop-up message from MBAM stating an outgoing malicious website has been blocked. It's several times per minute, but only on ONE user account out of three do I see this on my PC. Even while a MBAM complete scan is running, MBAM blocks the attempt but can't detect anything to quarantine.

Whatever is trying to access malicious websites is using iexplore.exe. Even without running internet explorer, I've noticed up to 9 iexplore.exe or iexplore.exe*32 processes running in the background (with no windows or tabs open at all).

I've attached the Farbar Recovery Tool logs. Please help! I think this is causing lots of slowdowns in our internet service, and maybe it is trying to steal information from our computer.

Addition.txt

FRST.txt

B-boy/StyLe/ · July 11, 2015

Hello! Welcome to Malwarebytes Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
The logs can take some time to research, so please be patient with me.
Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
Instructions that I give are for your system only!
Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

Before we proceed please read the following topic - Piracy

Let me check the logs and post back with a fix.

Regards,

Georgi

B-boy/StyLe/ · July 12, 2015

Hi,

No wonder your computer was infected. You use a lot of cracks. This is playing with fire though.

Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.

Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems.

So my advice is - stay away from them! Bitcoin miners and other malware samples are usually integrated into installers of game repacks so this is how your computer was most likely infected.

GOG, Steam and Origin offers a lot of discounts and I would recommend you to purchase the games you like and delete the pirated files from your hdd immediately...

2015-06-24 16:06 - 2012-07-09 20:16 - 00000000 ____D C:\Users\Al\Downloads\Portal.2.Crack.Fix-SKIDROW
2015-06-25 15:24 - 2015-06-25 15:24 - 00000000 ____D C:\Users\Riney\AppData\Local\SKIDROW
2015-06-25 15:15 - 2015-06-25 15:15 - 00000000 ____D C:\Users\Kevin Riney\AppData\Local\SKIDROW
2015-06-24 16:00 - 2015-06-25 22:44 - 00000000 ____D C:\Users\Riney\AppData\Local\{600A2F72-9741-4C11-AAF8-A4C20FACAB22}
2015-06-24 13:32 - 2015-06-24 13:32 - 00001994 _____ C:\Users\Public\Desktop\Portal 2.lnk
2015-06-21 09:47 - 2015-06-21 09:47 - 00016752 _____ C:\Users\Riney\Downloads\Microsoft.Flight.Simulator.X.Gold.Edition - SKIDROW (1).torrent
2015-06-19 21:49 - 2015-06-19 21:49 - 00016752 _____ C:\Users\Riney\Downloads\Microsoft.Flight.Simulator.X.Gold.Edition - SKIDROW.torrent

Most games have a demo version available to try before buying. I recommend you to stick with them instead of using insecure files downloaded from untrusted web sites so the choice is yours. Also regarding our forum rules, we are not tolerating any piracy here. Please remove the files from your computer or I am not going to help you further...

Also I suggest you to uninstall uTorrent. as well.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Libre Office or GIMP."

Also, please take a look here:

How cyber criminals infect victims via P2P with pirated software

STEP 1

Go ahead and uninstall iLivid from the Control Panel.

STEP 2

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

We need to downgrade Google Chrome to the latest stable release since Chrome installation is altered by malware. The adware has updated your browser to the developer version where Chrome internal checks are disabled and the adware will reinstall the malicious extensions periodically again if not downgraded...

Make sure that you export your passwords and favorites/bookmarks if you have any before you proceed with the steps below.

Check the links below for more information:

How to Export Bookmarks from Chrome.

How To Backup Saved Passwords In Google Chrome Browser (the file is wrongly detected by antivirus software as malware but it's safe to use).

Create a new Restore Point before you proceed just in case.

Now please download and install Revo Uninstaller 1.95.
Then please run Revo Uninstaller and select Google Chrome.
Please click Uninstall icon to uninstall the selected program.
Please choose Advanced.
Then click Next and follow the prompts.
Please click Select All and Delete to delete all registry items, folders and files listed by Revo.
If asked to restart the computer, please do so.

Now you can reinstall Google Chrome to the latest stable build Google Chrome 43.0.2357.132 Stable.

STEP 3

Run a new scan with FRST (make sure that Addition.txt is checked before you press the SCAN button) and then post both logs in your next reply for my review.

Regards,

Georgi

aeriney · July 12, 2015

Thanks for pointing that out. I'm going to run the Farbar scan again and get you the results very soon. Here's some interesting things that happened as I uninstalled the junk on my computer.

I uninstalled Google Chrome, but it won't let me reinstall using the file in your post. It won't even react when I click on "show me help with this problem" in the install window.
I am using internet explorer now. But when I tried to use it to come here, I got redirected three times even when I typed in the address myself. It tried to tell me the website was not found, or it redirected me to a download manager that looks like your site.

I'll have the new results to you in my next post.

B-boy/StyLe/ · July 12, 2015

No worries. We will fix the Google Chrome issue a bit later along with the IE redirects but first I need to see that you removed the illegal software from your computer. That's why I asked you to run FRST again. Please don't try to edit the logs. I'll find out. Thank you for your understanding.

Regards,

Georgi

aeriney · July 12, 2015

It's getting difficult to log onto this site because of redirects and slow response times. Here's the new logs. I tried to delete everything you mentioned plus some extra. Some items resisted being deleted because windows told me that they were open or being used by another process. Let me know if there is anything else I need to delete.

Seems I can't attach files anymore, so I'll cut and paste the entire logs:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:11-07-2015
Ran by Al (administrator) on RINEY-PC on 12-07-2015 10:42:52
Running from C:\Users\Al\Desktop\Farbar Recovery Tool
Loaded Profiles: Al (Available Profiles: Riney & Al & Kevin Riney & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Alcatel-Lucent) C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\MAHostService.exe
(Joyent, Inc) C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\node.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(Alcatel-Lucent) C:\Program Files\ATT\8.4.1.11\ma\bin\pcTrayApp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584 2011-05-13] (Microsoft Corporation)
HKLM\...\Run: [ATT_McciTrayApp] => C:\Program Files\ATT\8.4.1.11\ma\bin\pcTrayApp.exe [2834432 2014-06-25] (Alcatel-Lucent)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [616272 2015-04-07] (McAfee, Inc.)
HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [416080 2015-06-11] (Perfect World Entertainment)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [719272 2015-04-02] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2015-07-09] (Raptr, Inc)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\Steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\Run: [uTDmedia] => regsvr32.exe C:\Users\Al\AppData\Local\UTDmedia\65yfk3f1.dll <===== ATTENTION
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\Run: [Ofnics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Al\AppData\Local\Akworks\65yfk3f1.dll
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\MountPoints2: {46b5638c-415a-11e1-aa24-406186e46dd7} - J:\AutoRun.EXE
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\MountPoints2: {831c4f79-c062-11e1-a730-0018f80c663a} - K:\setup.exe
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\MountPoints2: {a4117e1f-c83e-11e0-b297-806e6f6e6963} - D:\RunGame.exe
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe [2012-08-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-04-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
GroupPolicyUsers\S-1-5-21-3910217723-699518037-1373500746-1004\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3910217723-699518037-1373500746-1000\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-3910217723-699518037-1373500746-1001 -> DefaultScope {E7C4181C-E1B4-4E0D-BC21-8B647E355CEC} URL = https://search.yahoo.com/search?fr=mcafee&type=C011US679D20130210&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3910217723-699518037-1373500746-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3910217723-699518037-1373500746-1001 -> {E7C4181C-E1B4-4E0D-BC21-8B647E355CEC} URL = https://search.yahoo.com/search?fr=mcafee&type=C011US679D20130210&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-06-30] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll [2015-06-11] (Perfect World Entertainment Inc)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-30] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3910217723-699518037-1373500746-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3910217723-699518037-1373500746-1001 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-07-03] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-04-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-04-07] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{471923B3-62E5-43DE-8360-7ED9488DAB5E}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7AAF9B9D-8148-4DB3-96E1-2576D2DEC314}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7F5A6887-3182-488C-A0C4-2E099DF0722F}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7FF546ED-F791-4792-A08B-4CB10C23B36C}: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profiles\r789j3sd.default
FF DefaultSearchEngine: Secure Search
FF DefaultSearchEngine.US: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=C111US679D20130210&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-09] ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-06-16] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-30] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-04-07] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\npMotive.dll [2014-06-25] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\npArcPluginFF.dll [2015-06-11] (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3910217723-699518037-1373500746-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Al\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-21] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profiles\r789j3sd.default\user.js [2015-05-25]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2012-07-21] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-02-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-02-08] (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-06-03]
FF Extension: OpenH264 Video Codec Update - C:\Users\Al\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\jid1-OAMmxwMMkhxQvQ@jetpack [2015-05-25]
FF Extension: DirectPlay8Server Object - C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profiles\r789j3sd.default\Extensions\{DA7A718E-6E6E-B136-1D54-4C3ABD39029F} [2015-05-25]
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net [2015-06-13]
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-06-13]
FF Extension: WordExtra - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\korey@markus.me [2015-06-13]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [jid1-OAMmxwMMkhxQvQ@jetpack] - C:\Users\Al\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\jid1-OAMmxwMMkhxQvQ@jetpack
FF HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-25]
CHR Extension: (SiteAdvisor) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-08-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\Al\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-07-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2015-06-11] (Perfect World Entertainment Inc)
R2 AT&T Troubleshoot & Resolve; C:\Program Files (x86)\ATT\8.4.1.11\ma\bin\MAHostService.exe [321024 2014-06-25] (Alcatel-Lucent) [File not signed]
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-06-08] (BitRaider, LLC)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-07-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [753768 2015-04-07] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.450.0\McCSPServiceHost.exe [207344 2015-04-08] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [612688 2015-04-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [340744 2015-04-02] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [372144 2015-04-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [250672 2015-02-17] (McAfee, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2004488 2015-07-02] (Electronic Arts)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2013-10-22] (Alcatel-Lucent) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-09-11] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
S3 AN983X64; C:\Windows\System32\DRIVERS\AN983X64.sys [48128 2012-06-16] (Infineon Technologies AG)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2013-01-11] ()
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-06-08] (BitRaider)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [68784 2015-02-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2013-01-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [401736 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [337888 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [101872 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [488000 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [864072 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [482600 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100720 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340448 2015-02-17] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [60416 2008-07-22] (Realtek Semiconductor Corporation )
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 mfehidk01; \Device\mfehidk01.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 slb; \??\C:\AG\SB\ScarletBlade\avital\scarlb64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 10:42 - 2015-07-12 10:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-07-12 09:51 - 2015-07-12 09:51 - 00001264 _____ C:\Users\Al\Desktop\Revo Uninstaller.lnk
2015-07-12 09:51 - 2015-07-12 09:51 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-12 09:50 - 2015-07-12 09:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Al\Downloads\revosetup.exe
2015-07-12 09:50 - 2015-07-12 09:50 - 00819144 _____ (Google Inc.) C:\Users\Al\Downloads\43.0.2357.132_chrome_installer.exe
2015-07-11 23:54 - 2015-07-11 23:54 - 00000000 ____D C:\Users\Riney\AppData\Local\{66917805-380E-4407-A043-F4D3B39B3989}
2015-07-11 12:49 - 2015-07-11 12:49 - 03899702 _____ C:\Users\Kevin Riney\Downloads\Sugarpack_2.zip
2015-07-11 12:46 - 2015-07-11 12:46 - 00000000 ____D C:\Users\Kevin Riney\AppData\Roaming\AMD
2015-07-11 12:45 - 2015-07-11 12:45 - 00000000 ____D C:\Users\Kevin Riney\AppData\Roaming\Raptr
2015-07-11 12:45 - 2015-07-11 12:45 - 00000000 ____D C:\Users\Kevin Riney\AppData\Roaming\ATI
2015-07-11 12:45 - 2015-07-11 12:45 - 00000000 ____D C:\Users\Kevin Riney\AppData\Local\ATI
2015-07-11 12:45 - 2015-07-11 12:45 - 00000000 ____D C:\Users\Kevin Riney\AppData\Local\AMD
2015-07-11 11:53 - 2015-07-11 11:53 - 00000000 ____D C:\Users\Riney\AppData\Local\{7A69F718-C845-4553-87A6-EAA132E1C620}
2015-07-11 11:19 - 2015-07-11 23:20 - 00000000 ____D C:\Users\Al\AppData\Local\{1E07B307-DB56-4565-8680-A10B70F852C6}
2015-07-11 00:16 - 2015-07-12 10:42 - 00000000 ____D C:\Users\Al\Desktop\Farbar Recovery Tool
2015-07-11 00:06 - 2015-07-12 10:43 - 00000000 ____D C:\FRST
2015-07-10 23:32 - 2015-07-10 23:33 - 00000000 ____D C:\Users\Riney\AppData\Local\{3F81E5FC-A1B2-4E64-9267-0E183D212F2E}
2015-07-10 23:17 - 2015-07-10 23:17 - 00000000 ____D C:\Users\Al\AppData\Local\{02BE4E2C-09FF-4A0E-AE26-85112B65C160}
2015-07-10 10:43 - 2015-07-10 10:44 - 00000000 ____D C:\Users\Riney\AppData\Local\{9F871E08-155A-4658-B79E-532DC80E1A6C}
2015-07-10 09:33 - 2015-07-10 09:33 - 00000000 ____D C:\Users\Al\AppData\Local\{4E0948E8-67E6-479D-A20B-2CFA55514AB3}
2015-07-09 22:42 - 2015-07-09 22:42 - 00000000 ____D C:\Users\Riney\AppData\Local\{36C321A3-426A-41BD-8BAB-4CAC88B9E965}
2015-07-09 21:29 - 2015-07-09 21:29 - 00000000 ____D C:\Users\Al\AppData\Local\{38179689-14B5-42D4-83FA-EC7CD41D983D}
2015-07-09 10:41 - 2015-07-09 10:41 - 00000000 ____D C:\Users\Riney\AppData\Local\{04ECD833-7EB2-4E1E-885C-A54DC6FB7FE2}
2015-07-08 21:26 - 2015-07-09 09:28 - 00000000 ____D C:\Users\Al\AppData\Local\{2C085644-942F-4078-8E4C-B7F6650D0038}
2015-07-08 21:26 - 2015-07-08 21:26 - 00000000 ____D C:\Users\Al\AppData\Roaming\ATI
2015-07-08 21:26 - 2015-07-08 21:26 - 00000000 ____D C:\Users\Al\AppData\Local\ATI
2015-07-08 21:26 - 2015-07-08 21:26 - 00000000 ____D C:\Users\Al\AppData\Local\AMD
2015-07-08 11:18 - 2015-07-08 11:18 - 00000000 ____D C:\Users\Riney\AppData\Local\{7C650B00-F1C0-48CD-8510-712FEB67359E}
2015-07-08 08:51 - 2015-07-08 08:51 - 00000000 ____D C:\Users\Al\AppData\Local\{9D5CAB79-400A-45B0-9EE4-6704A23CE9A0}
2015-07-07 23:00 - 2015-07-07 23:00 - 00000000 ____D C:\Users\Riney\AppData\Local\{CCFB338F-3A2F-4CC1-8B7E-6DBC18591B82}
2015-07-07 20:42 - 2015-07-12 10:39 - 00000000 ____D C:\Users\Al\AppData\Roaming\Raptr
2015-07-07 20:42 - 2015-07-07 20:42 - 00000000 ____D C:\Users\Al\AppData\Local\{9CB60BE8-8C0D-4C92-9B92-57D25AA1E5F1}
2015-07-07 17:45 - 2015-07-07 17:45 - 03945478 _____ C:\Users\Riney\Desktop\ARC overview presentation.pptx
2015-07-07 14:22 - 2015-07-07 14:22 - 00000000 ____D C:\ProgramData\ATI
2015-07-07 14:21 - 2015-07-07 14:21 - 00000000 ____D C:\Users\Riney\AppData\Roaming\library_dir
2015-07-07 14:21 - 2015-07-07 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-07-07 14:18 - 2015-07-12 10:30 - 00000000 ____D C:\Program Files (x86)\Raptr
2015-07-07 14:18 - 2015-07-12 06:54 - 00000000 ____D C:\Users\Riney\AppData\Roaming\Raptr
2015-07-07 14:18 - 2015-07-07 14:18 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2015-07-07 14:17 - 2015-07-07 14:17 - 00058610 _____ C:\Windows\SysWOW64\CCCInstall_201507071417581519.log
2015-07-07 14:17 - 2015-07-07 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-07-07 14:11 - 2015-07-07 14:11 - 00000000 ____D C:\Program Files (x86)\AMD
2015-07-07 14:10 - 2015-07-07 14:17 - 00000000 ____D C:\Program Files\AMD
2015-07-07 14:09 - 2015-07-07 14:09 - 00000000 ____D C:\AMD
2015-07-07 14:00 - 2015-07-07 14:09 - 302470552 _____ (AMD Inc.) C:\Users\Riney\Downloads\amd-catalyst-omega-14.12-with-dotnet45-win7-64bit.exe
2015-07-07 13:56 - 2015-07-07 13:56 - 00000000 ____D C:\Users\Riney\AppData\Local\AMD
2015-07-07 13:55 - 2015-07-07 13:55 - 00000000 ____D C:\Users\Riney\AppData\Roaming\ATI
2015-07-07 13:55 - 2015-07-07 13:55 - 00000000 ____D C:\Users\Riney\AppData\Local\ATI
2015-07-07 13:47 - 2015-07-07 13:47 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-07-07 13:46 - 2015-07-07 14:18 - 00000000 ____D C:\ProgramData\AMD
2015-07-07 13:45 - 2013-03-28 21:13 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe
2015-07-07 13:45 - 2013-03-28 21:13 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe
2015-07-07 13:45 - 2013-03-28 21:13 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2015-07-07 13:45 - 2013-03-28 21:13 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2015-07-07 13:45 - 2013-03-28 20:38 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2015-07-07 13:45 - 2013-03-28 20:38 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2015-07-07 13:45 - 2013-03-28 20:38 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2015-07-07 13:45 - 2013-03-28 20:38 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2015-07-07 13:45 - 2013-02-27 13:08 - 00044066 _____ C:\Windows\atiogl.xml
2015-07-07 13:45 - 2011-09-12 17:06 - 00003917 _____ C:\Windows\SysWOW64\atipblag.dat
2015-07-07 13:45 - 2011-09-12 17:06 - 00003917 _____ C:\Windows\system32\atipblag.dat
2015-07-07 13:43 - 2015-07-07 14:15 - 00000000 ____D C:\Program Files\ATI Technologies
2015-07-07 13:43 - 2015-07-07 13:43 - 00000000 ____D C:\Program Files\ATI
2015-07-07 10:59 - 2015-07-07 10:59 - 00000000 ____D C:\Users\Riney\AppData\Local\{5CF9483D-76F2-40D7-BEA3-BD3A37345498}
2015-07-07 08:26 - 2015-07-07 08:27 - 00000000 ____D C:\Users\Al\AppData\Local\{4DE873D0-436A-4A30-B62B-5C719E065108}
2015-07-06 21:31 - 2015-07-06 21:31 - 00000000 ____D C:\Users\Riney\AppData\Local\{66910086-DF7F-443D-8218-32C968DF559C}
2015-07-06 15:10 - 2015-07-06 15:10 - 00000000 ____D C:\Users\Al\AppData\Local\{EA6DEF47-1612-42F2-BA66-DD403020D229}
2015-07-06 13:58 - 2015-07-06 13:58 - 00000000 ____D C:\Users\Riney\Documents\SH4
2015-07-06 13:20 - 2015-07-06 13:20 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-07-06 09:30 - 2015-07-06 09:30 - 00000000 ____D C:\Users\Riney\AppData\Local\{5EEDF3AB-C734-481C-8837-DE168816FAFE}
2015-07-05 23:25 - 2015-07-05 23:25 - 09898195 _____ C:\Users\Al\Downloads\UPDATE-SKU1-TO-P2.EXE
2015-07-05 23:20 - 2015-07-06 02:42 - 00000000 ____D C:\Users\Al\Documents\SimCity 4
2015-07-05 23:20 - 2015-07-05 23:20 - 00002118 _____ C:\Users\Public\Desktop\SimCity 4.lnk
2015-07-05 23:20 - 2015-07-05 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
2015-07-05 23:08 - 2015-07-05 23:08 - 00000479 _____ C:\Windows\eReg.dat
2015-07-05 23:08 - 2015-07-05 23:08 - 00000000 ____D C:\Program Files (x86)\Maxis
2015-07-04 23:39 - 2015-07-05 23:41 - 00000000 ____D C:\Users\Al\AppData\Local\{B5DA9227-D8A4-4559-A003-FA9D00F4B491}
2015-07-04 14:09 - 2015-07-05 21:24 - 00000000 ____D C:\Users\Riney\AppData\Local\{BBF6F17A-99E7-48F3-9552-B2BAF0E75B67}
2015-07-03 21:45 - 2015-07-03 21:45 - 00000000 ____D C:\Users\Riney\AppData\Local\{3D595D8E-3136-4D52-9BF2-273BDA85C511}
2015-07-03 09:43 - 2015-07-03 09:44 - 00000000 ____D C:\Users\Riney\AppData\Local\{BB53ED02-AC6F-4D72-BC19-9648B163F301}
2015-07-03 08:19 - 2015-07-03 08:19 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\1D68207F.sys
2015-07-03 07:38 - 2015-07-03 07:38 - 00000000 ____D C:\Users\Al\AppData\Local\{F7820C61-7B93-4BBA-97F5-72F04BCA53F6}
2015-07-02 19:30 - 2015-07-02 19:30 - 00000000 ____D C:\Users\Al\AppData\Local\{8C47D086-8AC9-4D0D-B00B-4F3C0E24B79B}
2015-07-02 15:57 - 2015-07-02 15:57 - 00000000 ____D C:\Users\Riney\AppData\Local\{C930A492-5228-4C2A-A400-67758E2760BE}
2015-07-02 15:46 - 2015-07-02 15:46 - 00000000 ____D C:\Users\Riney\AppData\Local\{EC09AABD-673C-47FD-82CB-D35456F81DD4}
2015-07-02 07:30 - 2015-07-02 07:30 - 00000000 ____D C:\Users\Al\AppData\Local\{DEB9FCA7-EA40-43E5-85CE-93A6EF2BD38F}
2015-07-01 12:49 - 2015-07-01 12:49 - 00000000 ____D C:\Users\Al\AppData\Local\{745E3181-D5A3-4DD6-835C-4658C9086D87}
2015-07-01 11:11 - 2015-07-01 23:14 - 00000000 ____D C:\Users\Riney\AppData\Local\{77ED7E12-0D10-46D4-A80B-7CC8473DE364}
2015-06-30 15:17 - 2015-06-30 15:17 - 00000444 _____ C:\Users\Al\.powerschool_gradebook.properties
2015-06-30 15:16 - 2015-06-30 15:16 - 00000012 _____ C:\Users\Al\.gradebook_userdict.tlx
2015-06-30 15:15 - 2015-06-30 15:15 - 00004227 _____ C:\Users\Al\Downloads\launchGradeBook.jnlp
2015-06-30 15:15 - 2015-06-30 15:15 - 00001721 _____ C:\Users\Al\Downloads\LaunchGradebook.ptg
2015-06-30 08:53 - 2015-06-30 08:53 - 00000000 ____D C:\Users\Al\AppData\Local\{B3489405-1FE6-4BBC-BE6B-8CDC7B05A8A8}
2015-06-29 11:07 - 2015-06-30 23:10 - 00000000 ____D C:\Users\Riney\AppData\Local\{078E095A-567A-4F69-9482-A1C6B6C4F333}
2015-06-29 08:50 - 2015-06-29 20:52 - 00000000 ____D C:\Users\Al\AppData\Local\{5659E604-C9F8-4697-B12A-E29C18B11000}
2015-06-27 10:47 - 2015-06-28 22:49 - 00000000 ____D C:\Users\Riney\AppData\Local\{0FB063C7-BD4F-4125-BD56-A90F85270CDC}
2015-06-27 07:44 - 2015-06-28 19:47 - 00000000 ____D C:\Users\Al\AppData\Local\{AB039CB1-126B-4506-9326-659A8C5D50F2}
2015-06-26 22:46 - 2015-06-26 22:46 - 00000000 ____D C:\Users\Riney\AppData\Local\{437EAEB0-2DB9-4128-BDAA-BE99CE58AD81}
2015-06-26 16:12 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-06-26 10:58 - 2015-06-26 10:58 - 00000000 ____D C:\Users\Al\AppData\Local\{7DD1B37A-FF1B-4036-A7B8-2C0CF5D3E017}
2015-06-26 10:45 - 2015-06-26 10:45 - 00000000 ____D C:\Users\Riney\AppData\Local\{AE061569-871E-47D5-97C3-003ABF41E817}
2015-06-25 16:13 - 2015-06-25 16:13 - 00303256 _____ C:\Users\Kevin Riney\Downloads\1227108-32x-128x-vondoomcraft-mar-30-updates-and-stuff.htm
2015-06-25 16:12 - 2015-06-25 16:14 - 47417686 _____ C:\Users\Kevin Riney\Downloads\mc 16.zip
2015-06-24 12:43 - 2015-06-25 10:19 - 00000000 ____D C:\Users\Al\AppData\Local\{450B3EC1-CEB2-47F1-91EF-2658C99E5375}
2015-06-24 03:59 - 2015-06-24 03:59 - 00000000 ____D C:\Users\Riney\AppData\Local\{400E0A02-4B52-46A3-B8E1-2576B8B8C1CC}
2015-06-24 00:26 - 2015-06-24 00:26 - 00017556 _____ C:\Users\Riney\Downloads\[Hentai]_Futabu!!_-_01_[Raw](Febuary_2015)_[isohunt.to].torrent
2015-06-23 15:58 - 2015-06-23 15:58 - 00000000 ____D C:\Users\Riney\AppData\Local\{C8D4FB5B-F2A6-4362-B6B4-57C49847C581}
2015-06-23 14:46 - 2015-06-23 14:46 - 00000000 ____D C:\Users\Al\AppData\Roaming\uqmhd
2015-06-23 09:41 - 2015-06-23 09:41 - 00000000 ____D C:\Users\Al\AppData\Local\{E3C25522-6416-4967-9738-A67E7B683769}
2015-06-22 22:21 - 2015-06-22 22:21 - 00000000 ____D C:\Users\Riney\AppData\Local\{3DCB5D80-D291-44A3-8B2D-CBE59AE0B7FB}
2015-06-22 20:54 - 2015-06-22 20:55 - 00000000 ____D C:\Users\Kevin Riney\AppData\Roaming\Origin
2015-06-22 20:54 - 2015-06-22 20:55 - 00000000 ____D C:\Users\Kevin Riney\AppData\Local\Origin
2015-06-22 18:42 - 2015-06-22 18:42 - 01205744 _____ C:\Users\Kevin Riney\Downloads\Battlefield-Mod-1.7.10.jar
2015-06-22 17:50 - 2015-06-22 17:50 - 00000000 ____D C:\Users\Al\AppData\Local\{2CB8C3FA-2DBE-4E10-AF6E-8614044180F3}
2015-06-22 16:54 - 2015-06-22 16:54 - 00021521 _____ C:\Users\Kevin Riney\Downloads\Move-Plus-Mod-1.7.10 (1).jar
2015-06-21 19:39 - 2015-06-21 19:39 - 00000000 ____D C:\Users\Al\AppData\Local\{31E081DF-5D28-4D46-8A38-DC9B5DB01C18}
2015-06-21 17:56 - 2015-06-21 17:56 - 00039447 _____ C:\Users\Kevin Riney\Downloads\download_repair.htm
2015-06-21 14:59 - 2015-06-21 14:59 - 00000000 ____D C:\Users\Riney\AppData\Roaming\uqmhd
2015-06-21 14:11 - 2015-06-21 14:11 - 00001186 _____ C:\Users\Public\Desktop\Ur-Quan Masters HD.lnk
2015-06-21 14:11 - 2015-06-21 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ur-Quan Masters High Definition Beta 1
2015-06-21 14:11 - 2015-06-21 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ur-Quan Masters High Definition
2015-06-21 14:05 - 2015-06-21 14:11 - 00000000 ____D C:\Program Files (x86)\Ur-Quan Masters High Definition Beta 1
2015-06-21 09:57 - 2015-06-22 05:50 - 00000000 ____D C:\Program Files (x86)\PriceeMiinus
2015-06-21 09:57 - 2015-06-21 09:57 - 00000000 ____D C:\ProgramData\13250716444831342089
2015-06-21 07:34 - 2015-06-21 07:34 - 00000000 ____D C:\Users\Al\AppData\Local\{58DE1713-E7E5-4DE1-810D-D933951DEA7F}
2015-06-20 23:03 - 2015-06-21 11:05 - 00000000 ____D C:\Users\Riney\AppData\Local\{A3726848-2E95-4A02-A223-631FFB4384CC}
2015-06-20 19:33 - 2015-06-20 19:33 - 00000000 ____D C:\Users\Al\AppData\Local\{0B8C61CC-4CC6-4DCA-A381-188647540B89}
2015-06-20 18:27 - 2015-06-20 18:27 - 12401054 _____ C:\Users\Al\Downloads\kev.al.psd
2015-06-20 12:38 - 2015-06-20 12:38 - 00000000 ____D C:\Users\Al\Documents\PVZ Garden Warfare
2015-06-20 12:35 - 2015-06-23 10:22 - 00000000 ____D C:\Users\Al\AppData\Roaming\Origin
2015-06-20 12:35 - 2015-06-20 12:38 - 00000000 ____D C:\Users\Al\AppData\Local\Origin
2015-06-20 07:31 - 2015-06-20 07:31 - 00000000 ____D C:\Users\Al\AppData\Local\{D1B6EBBA-2A70-4FD3-B403-193239BEA128}
2015-06-19 18:45 - 2015-06-19 18:45 - 00000000 ____D C:\Users\Riney\Documents\PVZ Garden Warfare
2015-06-19 18:44 - 2015-06-19 18:44 - 00001399 _____ C:\Users\Public\Desktop\PVZ Garden Warfare.lnk
2015-06-19 18:44 - 2015-06-19 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PVZ Garden Warfare
2015-06-19 14:45 - 2015-06-19 14:47 - 00000000 ____D C:\Program Files (x86)\Origin Games
2015-06-19 14:43 - 2015-06-20 23:03 - 00000000 ____D C:\Users\Riney\AppData\Roaming\Origin
2015-06-19 14:43 - 2015-06-19 14:45 - 00000000 ____D C:\Users\Riney\AppData\Local\Origin
2015-06-19 14:36 - 2015-07-12 00:23 - 00000000 ____D C:\ProgramData\Origin
2015-06-19 14:36 - 2015-07-02 14:30 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-19 14:36 - 2015-06-19 18:45 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-06-19 14:36 - 2015-06-19 14:36 - 00000979 _____ C:\Users\Public\Desktop\Origin.lnk
2015-06-19 14:36 - 2015-06-19 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-06-19 14:35 - 2015-06-19 14:36 - 17116168 _____ (Electronic Arts, Inc.) C:\Users\Riney\Downloads\OriginThinSetup.exe
2015-06-19 14:16 - 2015-06-20 02:18 - 00000000 ____D C:\Users\Riney\AppData\Local\{90E64DC5-5E49-471B-AA5D-028B68545078}
2015-06-19 14:04 - 2015-06-19 14:04 - 00507339 _____ C:\Users\Kevin Riney\Downloads\Ganys End-1.8.7.jar
2015-06-19 09:46 - 2015-06-19 09:46 - 00000000 ____D C:\Users\Kevin Riney\AppData\Local\Steam
2015-06-19 09:35 - 2015-06-19 09:35 - 00000000 ____D C:\Users\Al\AppData\Local\{CCAC2AD9-65A2-485B-BD3C-C9E8869DC5C0}
2015-06-18 23:46 - 2015-06-18 23:46 - 00000000 ____D C:\Users\Riney\AppData\Local\{CE26B490-50B1-4E98-9755-796F0BE2DD4A}
2015-06-18 21:33 - 2015-06-18 21:34 - 00000000 ____D C:\Users\Al\AppData\Local\{A57D2DA3-E60F-4147-9839-E9B8E676F191}
2015-06-18 11:44 - 2015-06-18 11:44 - 00000000 ____D C:\Users\Riney\AppData\Local\{3E7FE416-E857-4882-B90C-C3456EEC8195}
2015-06-18 09:32 - 2015-06-18 09:32 - 00000000 ____D C:\Users\Al\AppData\Local\{CCDA0AE2-3828-4E84-ABCE-B06344BB2AF3}
2015-06-17 04:46 - 2015-06-17 21:31 - 00000000 ____D C:\Users\Al\AppData\Local\{10080520-A1CC-46F5-9FE0-0005D80FD2BA}
2015-06-16 12:35 - 2015-06-17 00:37 - 00000000 ____D C:\Users\Riney\AppData\Local\{9652A0D6-990C-4D04-A20E-CA9AC9E5A095}
2015-06-16 04:38 - 2015-06-16 04:38 - 00317332 _____ C:\Users\Al\Downloads\photo (5).htm
2015-06-15 11:44 - 2015-06-16 11:47 - 00000000 ____D C:\Users\Al\AppData\Local\{445DEC9B-7272-4064-BD5D-9E205C5E03D3}
2015-06-15 10:33 - 2015-06-15 10:33 - 00000000 ____D C:\Users\Riney\AppData\Local\{2C145848-F421-4644-B7DB-CE37B3E7DC82}
2015-06-14 23:44 - 2015-06-14 23:44 - 00000000 ____D C:\Users\Al\AppData\Local\{0F56DF35-1C0D-491E-A4A0-B82B7705BFBB}
2015-06-14 22:31 - 2015-06-14 22:32 - 00000000 ____D C:\Users\Riney\AppData\Local\{59027083-9184-414F-97F5-5B1391DD538B}
2015-06-14 19:46 - 2015-06-14 19:46 - 00000000 ____D C:\Program Files (x86)\SystemInclude
2015-06-14 19:16 - 2015-06-14 19:16 - 00748202 _____ C:\Users\Kevin Riney\Downloads\Ganys-Nether-Mod-1.7.10.jar
2015-06-14 15:37 - 2015-06-14 15:37 - 00210456 _____ C:\Users\Kevin Riney\Downloads\Sync-Mod-1.7.10.jar
2015-06-14 11:42 - 2015-06-14 11:43 - 00000000 ____D C:\Users\Al\AppData\Local\{C532036A-CCC7-419E-81EF-250D47D29ACE}
2015-06-13 17:17 - 2015-06-13 17:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-13 11:06 - 2015-06-13 23:08 - 00000000 ____D C:\Users\Al\AppData\Local\{804625EF-791D-49A6-B53B-A515717AFAFF}
2015-06-13 00:27 - 2015-06-14 00:29 - 00000000 ____D C:\Users\Riney\AppData\Local\{03B77363-F732-4B7A-956F-77B6F50AA211}
2015-06-12 12:41 - 2015-06-12 12:41 - 00581202 _____ C:\Users\Kevin Riney\Downloads\Spider Man Mod Installer 1.7.10 (1).zip
2015-06-12 12:05 - 2015-06-12 12:05 - 00581202 _____ C:\Users\Kevin Riney\Downloads\Spider Man Mod Installer 1.7.10.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-12 10:41 - 2011-08-16 15:51 - 01268367 _____ C:\Windows\WindowsUpdate.log
2015-07-12 10:37 - 2015-05-27 13:07 - 00010109 _____ C:\Windows\setupact.log
2015-07-12 10:37 - 2014-08-19 22:16 - 00000000 ____D C:\Program Files (x86)\ATT
2015-07-12 10:37 - 2014-07-03 03:02 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 10:37 - 2012-09-01 20:53 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-12 10:37 - 2012-09-01 08:30 - 00000632 __RSH C:\Users\Al\ntuser.pol
2015-07-12 10:37 - 2012-01-20 22:33 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-12 10:37 - 2011-08-16 17:17 - 00000000 ____D C:\Users\Al
2015-07-12 10:37 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-12 10:25 - 2009-07-13 23:45 - 00023392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-12 10:25 - 2009-07-13 23:45 - 00023392 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-12 10:10 - 2015-05-27 13:06 - 00030720 _____ C:\Windows\PFRO.log
2015-07-12 09:10 - 2012-04-18 08:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-12 00:45 - 2015-03-17 08:56 - 01638912 ___SH C:\Users\Al\Downloads\Thumbs.db
2015-07-11 15:43 - 2014-09-28 20:30 - 00000000 ____D C:\Users\Kevin Riney\AppData\Roaming\.minecraft
2015-07-11 12:45 - 2012-09-01 08:31 - 00001244 __RSH C:\Users\Kevin Riney\ntuser.pol
2015-07-11 12:45 - 2012-09-01 08:31 - 00000000 ____D C:\Users\Kevin Riney
2015-07-10 23:32 - 2012-09-01 08:30 - 00001232 __RSH C:\Users\Riney\ntuser.pol
2015-07-10 23:32 - 2011-08-16 14:55 - 00000000 ____D C:\Users\Riney
2015-07-10 23:21 - 2009-07-14 00:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-09 16:01 - 2013-04-05 17:20 - 00000000 ____D C:\Users\Al\Documents\Rainbow Bridge
2015-07-09 15:10 - 2012-04-18 08:36 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 15:10 - 2012-04-18 08:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-09 15:10 - 2011-09-03 11:54 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-07 17:25 - 2011-09-15 20:57 - 00000000 ____D C:\Users\Riney\AppData\Local\Adobe
2015-07-07 17:22 - 2011-09-03 11:54 - 00000000 ____D C:\Users\Riney\AppData\Roaming\Adobe
2015-07-07 10:57 - 2013-02-10 12:57 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-07-06 19:14 - 2012-12-10 15:11 - 00000000 ____D C:\Users\Riney\Desktop\rpg
2015-07-06 18:28 - 2015-04-16 21:00 - 00000000 ____D C:\Users\Al\Downloads\Order Confirmation MyPublisher_files
2015-07-06 15:40 - 2012-06-01 14:36 - 00024866 _____ C:\Users\Al\Desktop\AT & T Corporate info..txt
2015-07-06 13:54 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-06 13:49 - 2013-06-21 01:27 - 00000000 ____D C:\Users\Riney\Desktop\games
2015-07-06 13:47 - 2015-06-02 09:56 - 00369006 _____ C:\Windows\DirectX.log
2015-07-06 13:35 - 2013-12-08 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-07-06 13:20 - 2011-09-25 17:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-03 08:19 - 2014-07-02 19:56 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-03 08:19 - 2014-07-02 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-03 08:19 - 2014-07-02 19:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-02 16:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-30 12:43 - 2013-10-27 02:39 - 00000000 ____D C:\ProgramData\Oracle
2015-06-30 11:09 - 2014-07-20 00:07 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-06-30 11:09 - 2011-09-27 16:24 - 00000000 ____D C:\Program Files (x86)\Java
2015-06-30 10:52 - 2015-02-13 23:15 - 00000000 ____D C:\Users\Al\Documents\American Red Cross
2015-06-26 16:12 - 2012-06-04 13:58 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-06-24 19:56 - 2014-12-23 09:57 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-23 20:52 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-06-23 13:30 - 2011-08-16 15:05 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-23 11:01 - 2014-10-16 16:29 - 00000184 _____ C:\Users\Kevin Riney\Desktop\eula.txt
2015-06-20 18:24 - 2011-09-03 14:21 - 00000000 ____D C:\Users\Al\AppData\Roaming\Adobe
2015-06-20 09:26 - 2013-06-01 10:10 - 00000000 __SHD C:\Windows\ftpcache
2015-06-19 18:43 - 2014-06-18 03:13 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-19 13:34 - 2012-12-18 10:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-18 11:24 - 2013-01-28 04:09 - 00000000 ____D C:\ProgramData\APN
2015-06-18 11:24 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Performance
2015-06-18 08:41 - 2014-07-02 19:56 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-07-02 19:56 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2013-11-27 15:59 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-16 04:49 - 2015-05-25 11:22 - 00000000 ____D C:\Users\Al\Desktop\arc database
2015-06-14 19:47 - 2015-05-25 16:27 - 00000000 ____D C:\ProgramData\9be436a20000461c
2015-06-13 11:06 - 2015-06-05 23:08 - 00000000 __SHD C:\Users\Riney\AppData\Local\EmieBrowserModeList
2015-06-13 11:06 - 2014-08-25 23:40 - 00000000 __SHD C:\Users\Riney\AppData\Local\EmieUserList
2015-06-13 11:06 - 2014-08-25 23:40 - 00000000 __SHD C:\Users\Riney\AppData\Local\EmieSiteList
2015-06-13 03:43 - 2012-09-11 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-13 00:27 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-12 21:18 - 2015-06-10 11:18 - 00000000 ____D C:\Users\Al\AppData\Local\{73D10D6C-577C-46A0-80F4-126B14A61729}
2015-06-12 12:42 - 2015-05-03 19:16 - 00000000 ____D C:\Minecraft_Backup

==================== Files in the root of some directories =======

2014-05-27 17:38 - 2014-05-27 17:38 - 0638836 _____ () C:\Program Files (x86)\ePSXe190.zip
2014-09-04 18:33 - 2014-09-05 01:33 - 0000067 _____ () C:\Users\Al\AppData\Roaming\WB.CFG
2015-05-10 19:52 - 2015-05-10 21:29 - 0004608 _____ () C:\Users\Al\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-08 16:10 - 2015-01-23 21:10 - 0007619 _____ () C:\Users\Al\AppData\Local\Resmon.ResmonCfg
2012-12-27 15:49 - 2012-12-27 15:49 - 0005101 _____ () C:\ProgramData\cyzlxojr.ycm
2012-12-26 11:33 - 2012-12-26 11:33 - 0000122 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Al\AppData\Local\Temp\AutoRun.exe
C:\Users\Al\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Al\AppData\Local\Temp\bitool.dll
C:\Users\Al\AppData\Local\Temp\cres.dll
C:\Users\Al\AppData\Local\Temp\cshell.dll
C:\Users\Al\AppData\Local\Temp\ppipromotion1.exe
C:\Users\Al\AppData\Local\Temp\sres.dll
C:\Users\Riney\AppData\Local\Temp\cres.dll
C:\Users\Riney\AppData\Local\Temp\cshell.dll
C:\Users\Riney\AppData\Local\Temp\raptrpatch.exe
C:\Users\Riney\AppData\Local\Temp\raptr_stub.exe
C:\Users\Riney\AppData\Local\Temp\sres.dll
C:\Users\Riney\AppData\Local\Temp\_isD9CB.exe
C:\Users\Riney\AppData\Local\Temp\_isDFDE.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-03 03:51

==================== End of log ============================

aeriney · July 12, 2015

Here's the Addition.txt - still can't attach files. I'm using Mozilla Firefox now and I think it is missing some plugin that allows the attachments. I hope this is acceptable.

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by Al at 2015-07-12 10:45:52
Running from C:\Users\Al\Desktop\Farbar Recovery Tool
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3910217723-699518037-1373500746-500 - Administrator - Disabled)
Al (S-1-5-21-3910217723-699518037-1373500746-1001 - Administrator - Enabled) => C:\Users\Al
Guest (S-1-5-21-3910217723-699518037-1373500746-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3910217723-699518037-1373500746-1003 - Limited - Enabled)
Kevin Riney (S-1-5-21-3910217723-699518037-1373500746-1004 - Limited - Enabled) => C:\Users\Kevin Riney
Riney (S-1-5-21-3910217723-699518037-1373500746-1000 - Administrator - Enabled) => C:\Users\Riney
UpdatusUser (S-1-5-21-3910217723-699518037-1373500746-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Photoshop Elements 8.0 (HKLM-x32\...\Adobe Photoshop Elements 8.0) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.02 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
ATT Management Agent (HKLM-x32\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.4.1.11 - AT&T)
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version: - )
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cars Mater-National (HKLM-x32\...\{62D64F27-745D-49C0-A308-B08DFF16ECA0}) (Version: 1.00.0000 - THQ\Disney-Pixar)
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
Chromium (HKU\.DEFAULT\...\Chromium) (Version: 45.0.2406.0 - Chromium)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC Universe Online (HKLM-x32\...\Steam App 24200) (Version: - Sony Online Entertainment)
EZ Vinyl/Tape Converter 10 by Ion Audio (HKLM-x32\...\EZ Vinyl/Tape Converter by Ion Audio_is1) (Version: - Ion Audio LLC)
Giants (HKLM-x32\...\{97370293-96EC-11D4-9DEF-00104B70C5FB}) (Version: - )
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.7.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.7.0 - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.1029 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.354 - McAfee, Inc.)
MechWarrior 3 (HKLM-x32\...\MechWarrior 3) (Version: - )
MechWarrior Online (HKLM-x32\...\{73bcb521-8936-42d7-ad00-ec2bb399e26c}) (Version: 1.4.3.0 - Piranha Games Inc.)
MechWarrior Online (x32 Version: 1.4.3.0 - Piranha Games Inc.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.5.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 en-US)) (Version: 31.5.0 - Mozilla)
MSI Afterburner 2.3.0 (HKLM-x32\...\Afterburner) (Version: 2.3.0 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPublisher (HKLM-x32\...\MyPublisher) (Version: - MyPublisher, Inc.)
NVIDIA 3D Vision Controller Driver 301.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 301.42 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.16.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenOffice.org 3.2 (HKLM-x32\...\{6ADD0603-16EF-400D-9F9E-486432835002}) (Version: 3.2.9483 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.5.20.5318 - Electronic Arts, Inc.)
Picaboo Desktop (HKLM-x32\...\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1) (Version: 11.1.0 - Picaboo Corporation)
Picaboo Desktop (x32 Version: 11.1.0 - Picaboo Corporation) Hidden
Pirate101 (HKLM-x32\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
PVZ Garden Warfare (HKLM-x32\...\{A5AC7D7B-C1D5-4AF9-8829-993DA335BE1B}) (Version: 1.0.3.0 - Electronic Arts)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Silent Hunter 4 Wolves of the Pacific (HKLM-x32\...\{0D005F09-A5F4-473B-A901-5735C6AF5628}) (Version: 1.04.0000 - Ubisoft)
Silent Hunter III (x32 Version: 1.00.0000 - Ubisoft) Hidden
SimCity 4 (HKLM-x32\...\{611BD998-34B9-4DDA-00AE-0CB4632E86FA}) (Version: - )
Standalone Flash Player 1.2 (HKLM-x32\...\{A3B31D43-75F4-4CF4-8330-6DE62C3540FA}_is1) (Version: - StandaloneFlashPlayer.com)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.22 - Bioware/EA)
Star Wars X-Wing Alliance (HKLM-x32\...\{7AD8FE70-1A35-492C-9AA8-E9F9C1833040}) (Version: 1.0.0.0 - LucasArts, Totally Games)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Incredibles (HKLM-x32\...\{098F0462-A6D9-4FB4-87B0-0F46BF0E7EFB}) (Version: 1.00.0000 - THQ)
The Mega Map Pack (HKLM-x32\...\The Mega Map Pack) (Version: - )
The Movies 1.1 Patch (x32 Version: 1.0 - Activision) Hidden
TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Tron 2.0 (HKLM-x32\...\{FC272B66-8372-49EF-A642-28CAD2B9EAC9}) (Version: - )
Ultimate Spider-Man (HKLM-x32\...\InstallShield_{CC35B08B-4EC1-4759-B159-0EC4E69C3E7C}) (Version: 1.00.0000 - Activision)
Ultimate Spider-Man (x32 Version: 1.00.0000 - Activision) Hidden
Unity Web Player (HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Ur-Quan Masters High Definition Beta 1 (HKLM-x32\...\Ur-Quan Masters High Definition Beta 1) (Version: - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinX Free DVD Ripper 4.5.14 (HKLM-x32\...\WinX Free DVD Ripper_is1) (Version: - Digiarty Software,Inc.)
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

08-07-2015 22:36:27 Scheduled Checkpoint
12-07-2015 09:49:08 thisday7.12.15
12-07-2015 09:53:56 Revo Uninstaller's restore point - The Movies
12-07-2015 09:55:28 Revo Uninstaller's restore point - µTorrent
12-07-2015 09:57:27 Revo Uninstaller's restore point - Readiris Pro 14
12-07-2015 09:59:40 Revo Uninstaller's restore point - Google Chrome
12-07-2015 10:00:59 Revo Uninstaller's restore point - Google Chrome
12-07-2015 10:02:50 Revo Uninstaller's restore point - Google Chrome

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {000F155E-17D1-460B-9EF7-3F4D136D1900} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {0131A352-824D-4FBB-A72B-25475C1E89C4} - System32\Tasks\{F03C8E96-239D-410D-BD4D-F51A431F1EE3} => pcalua.exe -a "E:\utr\utrr\dldcom\Readiris Pro\Readiris Pro.exe" -d "E:\utr\utrr\dldcom\Readiris Pro"
Task: {0C9C21DC-E01A-4B3D-BB14-72457B7F666F} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {0D1E2E11-53A0-4C0F-B4E6-21240085B52C} - System32\Tasks\{452C9113-4745-4AD9-9423-554294ADF854} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Motive\InstallHelper.exe" -c /UninstallVendor=ATT-RC /Dir=C:\Program Files (x86)\ATT-RC
Task: {1ED86A24-269E-4331-AFD2-09CF99F02FE9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {1F05E8E7-E464-4EB7-87AE-8448A64F68F3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {28E11AF0-5411-4383-B98A-07E86FD43BEF} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {44F6494A-C09D-4F74-AA01-2FE334BF40BD} - \AmiUpdXp No Task File <==== ATTENTION
Task: {4877791B-174C-4889-B829-A0118A8138DA} - System32\Tasks\{1E1D1929-72FD-4CBA-AFE2-D6D57F0A5F61} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {57CD6869-A3EF-47ED-A24A-065077FDB9C1} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {5DCA0630-E436-4C33-8E8A-D3607B3963D0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6793E2AC-1DF3-4901-84C6-03281AABFD85} - System32\Tasks\{70E966F7-F48F-4137-90C0-F41289E1853B} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe
Task: {807DF08F-94A1-449D-BE8B-020885904D04} - System32\Tasks\{A525E9EE-0846-4D30-A97A-A978A0040874} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/24200
Task: {880D5548-964D-4ABA-9AC1-A5AD810573CF} - System32\Tasks\{8A732C82-EF2F-4DA0-8C89-1664D822DEC8} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe
Task: {93902331-2DFE-4B7D-A835-54F9FF0FEFC6} - System32\Tasks\{71800683-A37E-4759-A341-DF91B4EA04D8} => C:\Program Files (x86)\Ubisoft\SilentHunterIII\sh3.exe
Task: {983B4E84-E0AE-466F-ABD0-D84C7372CF41} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {A4625586-30DD-4346-89EC-FE3572A24DA5} - System32\Tasks\{23F47966-6AFA-4D1D-AF15-5BB6EE4DD449} => pcalua.exe -a D:\autorun\setup.exe -d D:\autorun
Task: {A9AEA4B9-570F-4F5E-9944-D4B261545628} - System32\Tasks\{D9F66690-715D-48BC-BC2B-7EE7ED4F1CBB} => pcalua.exe -a J:\setup\rsrc\Autorun.exe -d J:\
Task: {BA9A0337-F524-4EA4-8090-54D34A036906} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {BBB793A2-7448-4902-9199-4C4C6624BABE} - System32\Tasks\{54872D59-EBA5-43CB-AB33-5B9E3FB5AF46} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{0556F885-2415-4666-B53E-33727E46AEA1} /l1033
Task: {CBA30A8B-2986-49FD-AC8B-57B315366798} - System32\Tasks\{EB4FC652-893A-4B5C-8DAE-C6008DAA6718} => pcalua.exe -a "C:\Users\Al\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCLTH0M\sentry_setup[1].exe" -d C:\Users\Al\Desktop
Task: {EC71C373-A41C-4537-9A2D-56C9DC34D628} - System32\Tasks\Wsutil Update => C:\Users\Al\AppData\Roaming\Microsoft\wsTask.exe
Task: {EE543A41-C2FF-455E-82C4-AC08C1E55688} - System32\Tasks\{5548AB3D-29C0-48A3-9CA6-19B452B83A1B} => pcalua.exe -a "C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe" -d "C:\Program Files (x86)\Perfect World Entertainment\Arc"
Task: {F183296D-EFFA-48CD-A83D-C7BEEA149864} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FD185F2C-065F-4256-A66E-B106D11B6762} - \ASP No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-11 22:30 - 2014-09-11 22:30 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-04-01 18:08 - 2014-04-01 18:08 - 00244736 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2014-04-01 18:08 - 2014-04-01 18:08 - 00271360 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2014-04-01 18:08 - 2014-04-01 18:08 - 00237056 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 08:55 - 2013-04-24 08:55 - 01581056 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 17:55 - 2013-04-18 17:55 - 00068608 _____ () C:\Program Files (x86)\ATT\8.4.1.11\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2015-05-25 16:48 - 2015-05-25 16:48 - 00165888 _____ () C:\Users\Al\AppData\Local\UTDmedia\65yfk3f1.dll
2013-03-12 17:10 - 2015-04-16 12:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-23 06:49 - 2015-04-22 21:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-23 06:49 - 2015-04-22 21:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-23 06:49 - 2015-04-22 21:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-10-05 10:38 - 2015-06-04 13:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2014-10-05 10:38 - 2014-12-01 16:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-10-05 10:38 - 2014-12-01 16:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-10-05 10:38 - 2014-12-01 16:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-10-05 10:38 - 2014-12-01 16:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-10-05 10:38 - 2014-12-01 16:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2012-01-20 22:36 - 2015-06-04 13:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-05-25 16:48 - 2015-05-25 16:48 - 00165888 _____ () C:\Users\Al\AppData\Local\Akworks\65yfk3f1.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2014-08-13 19:37 - 2014-08-13 19:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-13 19:37 - 2014-08-13 19:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-20 19:05 - 2013-11-20 19:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 19:56 - 2014-06-17 19:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2012-01-20 22:36 - 2015-05-11 14:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\sony.com -> sony.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3910217723-699518037-1373500746-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Al\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Al^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Al^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Riney^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: XtremeTuner HD => C:\Program Files\XtremeTuner HD\XtremeTuner HD.exe OnlyApplySettings

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E74E6BC2-3A6B-4936-8EEA-D6863700F76A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{036F9A53-79B8-4F0E-9432-6C0AA0E0D8FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C234719C-9E36-4C40-A7EE-365AD677B72E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7EB797B7-21ED-4490-B32B-70CF5D9C5DF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{0A55D07C-A02A-4232-814D-CA4544B1E539}C:\program files (x86)\giants\giants.exe] => (Block) C:\program files (x86)\giants\giants.exe
FirewallRules: [uDP Query User{57CC6238-B80C-4B02-A969-99B3D7CA319F}C:\program files (x86)\giants\giants.exe] => (Block) C:\program files (x86)\giants\giants.exe
FirewallRules: [{41DC52F5-8F0D-40A5-B8E1-AB97B9DD9D1A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{67246E38-2B26-464E-AA99-BD267B955D3F}] => (Allow) LPort=2869
FirewallRules: [{C07C2239-51E0-4CA6-AD9A-5851B53573B5}] => (Allow) LPort=1900
FirewallRules: [{E622A444-011F-4721-A428-75CA24FB148D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [TCP Query User{6D56A66B-CC5F-4ADB-9FE2-9249BA31CF0A}C:\microprose\mechwarrior3\mech3.exe] => (Block) C:\microprose\mechwarrior3\mech3.exe
FirewallRules: [uDP Query User{6D0D875F-FB85-4DEE-84E4-A7F01EB0333E}C:\microprose\mechwarrior3\mech3.exe] => (Block) C:\microprose\mechwarrior3\mech3.exe
FirewallRules: [{D9E69578-C172-4209-9FF5-FAD71A148DAE}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{2C93966D-EAF3-4657-A14B-D5D58BF404FF}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\USBSetup.exe
FirewallRules: [{927757B8-3161-429D-AFAC-3889357ACF79}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{2E091706-DD0B-4941-BBFB-48BF153A7990}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{22665363-8599-48F6-98C9-1F2756D94E03}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\red orchestra\System\ROEd.exe
FirewallRules: [{DE750762-8408-4E29-A047-CAEAFD6C379C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\red orchestra\System\ROEd.exe
FirewallRules: [{52DE0C12-8D42-4F8D-8697-E4B0D0C47ABC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\spore\runme.exe
FirewallRules: [{C074AA50-7822-4359-8CC2-E64BC51AF4D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\spore\runme.exe
FirewallRules: [{38DF6690-3088-4420-985D-5D06EF78E0A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\spore\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{EF6E6A65-2A96-48EB-A710-5B82B27995E3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\spore\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{0E60F5F9-8757-438E-8DC4-D6599CD206B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\microsoft flight\Flight.exe
FirewallRules: [{E625FA01-4DBF-4660-9D4C-7157FC6235A4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\microsoft flight\Flight.exe
FirewallRules: [{33A87386-ACCD-4BD8-9870-0405878F563B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{4BBEC9FD-BAF3-4001-B2DC-3BA67AC1F2CB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3A1191A5-F1E4-40D4-B5FD-BB4626966A01}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\red orchestra\System\RedOrchestra.exe
FirewallRules: [{FBC166A2-CE91-4A31-A2C0-7597D2ED6F87}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\red orchestra\System\RedOrchestra.exe
FirewallRules: [{F3759796-4212-4804-981F-350A8FCE6DD8}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{FA2B3E00-36D9-49EB-914E-F7C0F9AD9DEC}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{2A0C6F93-29EE-4131-87F0-83CD8A292FA3}C:\program files (x86)\perfect world entertainment\champions online_en\champions online\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\champions online_en\champions online\live\gameclient.exe
FirewallRules: [uDP Query User{983A94B1-F2D6-4A86-A8DF-348F6770545D}C:\program files (x86)\perfect world entertainment\champions online_en\champions online\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\champions online_en\champions online\live\gameclient.exe
FirewallRules: [{E51254A3-8BBE-462B-8E3D-E01AB1B396D6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F0765C94-E59D-4F1F-8689-1F8CEEA56BE8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{24D24BB0-922B-4622-94AB-DAA2C778FEE9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9D43A5FA-BFF9-438C-BE3F-1429A043B31F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{76324DB6-2C7B-4A99-98BE-222843CB0670}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F15417D2-4315-4C82-8EFF-5157F1731ABA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AB56F711-6E4D-45B9-922A-E39508D55A0D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CB3592CD-7CFB-44D1-A244-4EBFF278549B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{58C96413-51FB-4BE6-8BBD-04E52858F06B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DC Universe Online\LaunchPad.exe
FirewallRules: [{294ADE52-3BB5-4E78-9028-FD16084ADE27}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DC Universe Online\LaunchPad.exe
FirewallRules: [{CD75F1C9-7ACB-4F25-BD6E-F5191062F88A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A7314AD7-2C91-490E-8FA6-6B13C29475CC}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{E0DC47C4-A71D-4B22-83D1-8AD9391D54CB}] => (Allow) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{F6FC172C-284C-4158-9AF0-91D21B3424CE}] => (Allow) C:\Users\Al\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{89654F59-EBF0-4BE5-9306-722954771A36}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{75C79678-4318-49BF-8B37-010A411B0778}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{75BDCC38-9198-4843-86C0-E56193125FAA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{09EB3525-9F85-4461-8B82-246A3BC2AEB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2AF75E89-23CC-4152-99CF-B3597E416957}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{C0240F68-F10A-4A78-86C7-AEEB77FC3368}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{83F8647E-A747-4294-B030-21BFF6CA4AA9}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{284BEF11-11F0-453A-ACA1-BA083ED89A6A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{80709347-A543-48A0-BA84-611FC2E224C1}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{1BEF692E-8ED6-4C3E-908A-740A5F3B4C3B}] => (Allow) C:\Program Files (x86)\Origin Games\Plants vs Zombies Garden Warfare\PVZ.Main_Win64_Retail.exe
FirewallRules: [{D77FC1D3-6363-4C3E-A81E-879DE128B96F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\red orchestra\System\RedOrchestra.exe
FirewallRules: [{B72BE247-4ADA-481D-9CAF-FC75CBA4698F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\red orchestra\System\RedOrchestra.exe
FirewallRules: [{20E2141B-D5FC-4E8D-9A0B-4EE278847D01}] => (Allow) E:\utr\utrr\uTorrent.exe
FirewallRules: [{38B29142-AD6F-4725-B958-73CDA9610BA4}] => (Allow) E:\utr\utrr\uTorrent.exe
FirewallRules: [{706EE77D-6848-4866-AD26-99F8F32DF23E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{3C5E654F-9974-4E9A-A375-36BE7DFAF078}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{018EFE8F-0E8E-4683-922E-0EB084E3525D}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{6EDACFF8-2313-4D40-923C-4DBEAF2E9DDD}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2015 08:43:59 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (07/11/2015 06:28:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5023

Error: (07/11/2015 06:28:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5023

Error: (07/11/2015 06:28:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/11/2015 06:28:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4025

Error: (07/11/2015 06:28:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4025

Error: (07/11/2015 06:28:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/11/2015 06:28:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011

Error: (07/11/2015 06:28:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011

Error: (07/11/2015 06:28:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (07/12/2015 10:39:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/12/2015 10:39:39 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/12/2015 10:39:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/12/2015 10:19:55 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}

Error: (07/12/2015 10:13:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (07/12/2015 10:13:07 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/12/2015 10:12:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (07/11/2015 10:52:47 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (07/11/2015 05:23:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (07/11/2015 05:23:57 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Microsoft Office:
=========================
Error: (05/28/2015 07:33:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 99097 seconds with 5460 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2014-08-19 20:28:33.300
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\ntdll.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-07-26 08:51:15.338
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC78AF.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-26 08:51:15.335
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC78AF.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-26 08:51:15.333
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC78AF.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-07-26 08:51:15.330
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC78AF.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-23 12:15:20.219
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC4298.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-23 12:15:20.213
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC4298.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-23 12:15:20.206
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC4298.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-05-23 12:15:20.179
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC4298.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2014-04-15 19:57:22.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC8835.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon II X3 425 Processor
Percentage of memory in use: 40%
Total physical RAM: 8191.18 MB
Available physical RAM: 4894.38 MB
Total Virtual: 16380.57 MB
Available Virtual: 12640.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:487.48 GB) NTFS
Drive d: (ATICD12-135) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A6F70EE8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of log ============================

B-boy/StyLe/ · July 12, 2015

Hi,

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for this user, for use on that particular machine.

Let me know how are things after the fix above.

Regards,

Georgi

aeriney · July 12, 2015

Done! Here's the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by Al at 2015-07-12 11:30:36 Run:1
Running from C:\Users\Al\Desktop\Farbar Recovery Tool
Loaded Profiles: Al (Available Profiles: Riney & Al & Kevin Riney & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\Run: [uTDmedia] => regsvr32.exe C:\Users\Al\AppData\Local\UTDmedia\65yfk3f1.dll <===== ATTENTION
C:\Users\Al\AppData\Local\UTDmedia
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\...\Run: [Ofnics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Al\AppData\Local\Akworks\65yfk3f1.dll
C:\Users\Al\AppData\Local\Akworks
HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => No File
GroupPolicyUsers\S-1-5-21-3910217723-699518037-1373500746-1004\User: Group Policy Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3910217723-699518037-1373500746-1000\User: Group Policy Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3910217723-699518037-1373500746-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF DefaultSearchEngine: Secure Search
FF DefaultSearchEngine.US: Secure Search
FF SearchEngineOrder.1: Secure Search
FF SelectedSearchEngine: Secure Search
FF user.js: detected! => C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profiles\r789j3sd.default\user.js [2015-05-25]
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net [2015-06-13]
FF Extension: WordExtra - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\korey@markus.me [2015-06-13]
CHR HKLM-x32\...\Chrome\Extension: [hphibigbodkkohoglgfkddblldpfohjl] - C:\Program Files (x86)\TorrentHandler\TorrentHandler.crx [Not Found]
2015-06-21 09:57 - 2015-06-22 05:50 - 00000000 ____D C:\Program Files (x86)\PriceeMiinus
2015-06-21 09:57 - 2015-06-21 09:57 - 00000000 ____D C:\ProgramData\13250716444831342089
2015-06-18 11:24 - 2013-01-28 04:09 - 00000000 ____D C:\ProgramData\APN
2015-06-14 19:47 - 2015-05-25 16:27 - 00000000 ____D C:\ProgramData\9be436a20000461c
2015-06-14 19:46 - 2015-06-14 19:46 - 00000000 ____D C:\Program Files (x86)\SystemInclude
File: C:\ProgramData\cyzlxojr.ycm
iLivid (x32 Version: 1.92.0.112243 - Bandoo Media Inc.) Hidden <==== ATTENTION
Task: {0131A352-824D-4FBB-A72B-25475C1E89C4} - System32\Tasks\{F03C8E96-239D-410D-BD4D-F51A431F1EE3} => pcalua.exe -a "E:\utr\utrr\dldcom\Readiris Pro\Readiris Pro.exe" -d "E:\utr\utrr\dldcom\Readiris Pro"
Task: {0D1E2E11-53A0-4C0F-B4E6-21240085B52C} - System32\Tasks\{452C9113-4745-4AD9-9423-554294ADF854} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Motive\InstallHelper.exe" -c /UninstallVendor=ATT-RC /Dir=C:\Program Files (x86)\ATT-RC
Task: {44F6494A-C09D-4F74-AA01-2FE334BF40BD} - \AmiUpdXp No Task File <==== ATTENTION
Task: {4877791B-174C-4889-B829-A0118A8138DA} - System32\Tasks\{1E1D1929-72FD-4CBA-AFE2-D6D57F0A5F61} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {807DF08F-94A1-449D-BE8B-020885904D04} - System32\Tasks\{A525E9EE-0846-4D30-A97A-A978A0040874} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/24200
Task: {A4625586-30DD-4346-89EC-FE3572A24DA5} - System32\Tasks\{23F47966-6AFA-4D1D-AF15-5BB6EE4DD449} => pcalua.exe -a D:\autorun\setup.exe -d D:\autorun
Task: {A9AEA4B9-570F-4F5E-9944-D4B261545628} - System32\Tasks\{D9F66690-715D-48BC-BC2B-7EE7ED4F1CBB} => pcalua.exe -a J:\setup\rsrc\Autorun.exe -d J:\
Task: {BBB793A2-7448-4902-9199-4C4C6624BABE} - System32\Tasks\{54872D59-EBA5-43CB-AB33-5B9E3FB5AF46} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{0556F885-2415-4666-B53E-33727E46AEA1} /l1033
Task: {CBA30A8B-2986-49FD-AC8B-57B315366798} - System32\Tasks\{EB4FC652-893A-4B5C-8DAE-C6008DAA6718} => pcalua.exe -a "C:\Users\Al\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCLTH0M\sentry_setup[1].exe" -d C:\Users\Al\Desktop
Task: {EC71C373-A41C-4537-9A2D-56C9DC34D628} - System32\Tasks\Wsutil Update => C:\Users\Al\AppData\Roaming\Microsoft\wsTask.exe
Task: {EE543A41-C2FF-455E-82C4-AC08C1E55688} - System32\Tasks\{5548AB3D-29C0-48A3-9CA6-19B452B83A1B} => pcalua.exe -a "C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe" -d "C:\Program Files (x86)\Perfect World Entertainment\Arc"
Task: {FD185F2C-065F-4256-A66E-B106D11B6762} - \ASP No Task File <==== ATTENTION
Reg: reg query "HKLM\SOFTWARE\Google"
Reg: reg query "HKLM\SOFTWARE\Wow6432Node\Google"
Reg: reg query "HKLM\SOFTWARE\Google\Update\ClientState" /s
Reg: reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState" /s
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
Hosts:
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\Software\Microsoft\Windows\CurrentVersion\Run\\UTDmedia => value removed successfully
C:\Users\Al\AppData\Local\UTDmedia => moved successfully.
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ofnics => value removed successfully
C:\Users\Al\AppData\Local\Akworks => moved successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0PerformanceMonitor" => key removed successfully
HKCR\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208} => key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3910217723-699518037-1373500746-1004\User => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3910217723-699518037-1373500746-1000\User => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
Firefox DefaultSearchEngine removed successfully
Firefox DefaultSearchEngine.US removed successfully
Firefox SearchEngineOrder.1 removed successfully
Firefox SelectedSearchEngine removed successfully
C:\Users\Al\AppData\Roaming\Mozilla\Firefox\Profiles\r789j3sd.default\user.js => moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net => moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\korey@markus.me => moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hphibigbodkkohoglgfkddblldpfohjl => key not found.
C:\Program Files (x86)\PriceeMiinus => moved successfully.
C:\ProgramData\13250716444831342089 => moved successfully.
C:\ProgramData\APN => moved successfully.
C:\ProgramData\9be436a20000461c => moved successfully.
C:\Program Files (x86)\SystemInclude => moved successfully.

========================= File: C:\ProgramData\cyzlxojr.ycm ========================

MD5: 30EC602CE5B7CE7115C631287F85C811
Creation and modification date: 2012-12-27 15:49 - 2012-12-27 15:49
Size: 0005101
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright$creamod:

====== End of File: ======

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\\SystemComponent => value not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0131A352-824D-4FBB-A72B-25475C1E89C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0131A352-824D-4FBB-A72B-25475C1E89C4}" => key removed successfully
C:\Windows\System32\Tasks\{F03C8E96-239D-410D-BD4D-F51A431F1EE3} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F03C8E96-239D-410D-BD4D-F51A431F1EE3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D1E2E11-53A0-4C0F-B4E6-21240085B52C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D1E2E11-53A0-4C0F-B4E6-21240085B52C}" => key removed successfully
C:\Windows\System32\Tasks\{452C9113-4745-4AD9-9423-554294ADF854} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{452C9113-4745-4AD9-9423-554294ADF854}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{44F6494A-C09D-4F74-AA01-2FE334BF40BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44F6494A-C09D-4F74-AA01-2FE334BF40BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AmiUpdXp" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4877791B-174C-4889-B829-A0118A8138DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4877791B-174C-4889-B829-A0118A8138DA}" => key removed successfully
C:\Windows\System32\Tasks\{1E1D1929-72FD-4CBA-AFE2-D6D57F0A5F61} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1E1D1929-72FD-4CBA-AFE2-D6D57F0A5F61}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{807DF08F-94A1-449D-BE8B-020885904D04}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{807DF08F-94A1-449D-BE8B-020885904D04}" => key removed successfully
C:\Windows\System32\Tasks\{A525E9EE-0846-4D30-A97A-A978A0040874} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A525E9EE-0846-4D30-A97A-A978A0040874}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4625586-30DD-4346-89EC-FE3572A24DA5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4625586-30DD-4346-89EC-FE3572A24DA5}" => key removed successfully
C:\Windows\System32\Tasks\{23F47966-6AFA-4D1D-AF15-5BB6EE4DD449} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{23F47966-6AFA-4D1D-AF15-5BB6EE4DD449}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9AEA4B9-570F-4F5E-9944-D4B261545628}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9AEA4B9-570F-4F5E-9944-D4B261545628}" => key removed successfully
C:\Windows\System32\Tasks\{D9F66690-715D-48BC-BC2B-7EE7ED4F1CBB} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D9F66690-715D-48BC-BC2B-7EE7ED4F1CBB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBB793A2-7448-4902-9199-4C4C6624BABE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBB793A2-7448-4902-9199-4C4C6624BABE}" => key removed successfully
C:\Windows\System32\Tasks\{54872D59-EBA5-43CB-AB33-5B9E3FB5AF46} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{54872D59-EBA5-43CB-AB33-5B9E3FB5AF46}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBA30A8B-2986-49FD-AC8B-57B315366798}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBA30A8B-2986-49FD-AC8B-57B315366798}" => key removed successfully
C:\Windows\System32\Tasks\{EB4FC652-893A-4B5C-8DAE-C6008DAA6718} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EB4FC652-893A-4B5C-8DAE-C6008DAA6718}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC71C373-A41C-4537-9A2D-56C9DC34D628}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC71C373-A41C-4537-9A2D-56C9DC34D628}" => key removed successfully
C:\Windows\System32\Tasks\Wsutil Update => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wsutil Update" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE543A41-C2FF-455E-82C4-AC08C1E55688}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE543A41-C2FF-455E-82C4-AC08C1E55688}" => key removed successfully
C:\Windows\System32\Tasks\{5548AB3D-29C0-48A3-9CA6-19B452B83A1B} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5548AB3D-29C0-48A3-9CA6-19B452B83A1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD185F2C-065F-4256-A66E-B106D11B6762}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD185F2C-065F-4256-A66E-B106D11B6762}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP" => key removed successfully

========= reg query "HKLM\SOFTWARE\Google" =========

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome

========= End of Reg: =========

========= reg query "HKLM\SOFTWARE\Wow6432Node\Google" =========

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Common
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Drive
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Google Earth Plus
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Google Photos Screensaver
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\GoogleEarthPlugin
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Picasa
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update

========= End of Reg: =========

========= reg query "HKLM\SOFTWARE\Google\Update\ClientState" /s =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg query "HKLM\SOFTWARE\Wow6432Node\Google\Update\ClientState" /s =========

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}
    lang    REG_SZ    en
    RollCallDayStartSec    REG_DWORD    0x556d5470
    LastCheckSuccess    REG_DWORD    0x556e0704
    usagestats    REG_DWORD    0x0
    browser    REG_DWORD    0x2
    DayOfLastRollCall    REG_DWORD    0xc02

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{2BF2CA35-CCAF-4E58-BAB7-4163BFA03B88}\CurrentState
    StateValue    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{3C122445-AECE-4309-90B7-85A6AEF42AC0}
    usagestats    REG_DWORD    0x0
    lang    REG_SZ    en
    brand    REG_SZ    GGLS
    InstallTime    REG_DWORD    0x504ff625
    browser    REG_DWORD    0x4
    pv    REG_SZ    1.22.9403.0223
    LastCheckSuccess    REG_DWORD    0x5586a6c3
    ActivePingDayStartSec    REG_DWORD    0x54d7177f
    RollCallDayStartSec    REG_DWORD    0x558660ec
    UpdateTime    REG_DWORD    0x557bed40
    DayOfLastActivity    REG_DWORD    0xb90
    DayOfLastRollCall    REG_DWORD    0xc15
    LastInstallerSuccessLaunchCmdLine    REG_SZ    "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /firstrun

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{3C122445-AECE-4309-90B7-85A6AEF42AC0}\CurrentState
    StateValue    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
    brand    REG_SZ    GGOT
    InstallTime    REG_DWORD    0x4e625bb1
    pv    REG_SZ    1.3.27.5
    LastCheckSuccess    REG_DWORD    0x5586a6c3
    UpdateTime    REG_DWORD    0x555682ec
    RollCallDayStartSec    REG_DWORD    0x558660ec
    experiment_labels    REG_SZ    omaha=v3_23_9|Thu, 03 Apr 2014 23:58:49 GMT
    DayOfLastRollCall    REG_DWORD    0xc15

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}\CurrentState
    StateValue    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
    UninstallString    REG_SZ    C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\setup.exe
    brand    REG_SZ    AFAB
    ap    REG_SZ    2.0-dev-multi
    pv    REG_SZ    43.0.2357.124
    RollCallDayStartSec    REG_DWORD    0x558660ec
    LastCheckSuccess    REG_DWORD    0x5586a6c3
    UpdateTime    REG_DWORD    0x557711bc
    usagestats    REG_DWORD    0x0
    ActivePingDayStartSec    REG_DWORD    0x558660ec
    UninstallArguments    REG_SZ     --uninstall --multi-install --system-level
    DayOfLastActivity    REG_DWORD    0xc15
    DayOfLastRollCall    REG_DWORD    0xc15
    experiment_labels    REG_SZ    crdiff=got_courgette|Wed, 18 Jun 2014 23:35:11 GMT
    LastInstallerResult    REG_DWORD    0x0
    LastInstallerError    REG_DWORD    0x2
    msi    REG_DWORD    0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}\CurrentState
    StateValue    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}
    lang    REG_SZ    en
    brand    REG_SZ    GGGE
    InstallTime    REG_DWORD    0x4f2ce415
    browser    REG_DWORD    0x2
    usagestats    REG_DWORD    0x0
    pv    REG_SZ    7.1.5.1557
    LastCheckSuccess    REG_DWORD    0x5586a6c3
    RollCallDayStartSec    REG_DWORD    0x558660ec
    UpdateTime    REG_DWORD    0x556e079d
    DayOfLastRollCall    REG_DWORD    0xc15

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\CurrentState
    StateValue    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
    pv    REG_SZ    43.0.2357.124
    brand    REG_SZ    AFAB
    InstallTime    REG_DWORD    0x4e72ac83
    UninstallString    REG_SZ    C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\Installer\setup.exe
    UninstallArguments    REG_SZ     --uninstall --multi-install --chrome --system-level
    LastCheckSuccess    REG_DWORD    0x5586a6c3
    ActivePingDayStartSec    REG_DWORD    0x558660ec
    RollCallDayStartSec    REG_DWORD    0x558660ec
    UpdateTime    REG_DWORD    0x4ec846ad
    lang    REG_SZ    en
    browser    REG_DWORD    0x2
    ap    REG_SZ    2.0-dev-multi-chrome
    LastInstallerResult    REG_DWORD    0x0
    LastInstallerError    REG_DWORD    0x1
    LastInstallerSuccessLaunchCmdLine    REG_SZ    "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
    InstallerResult    REG_DWORD    0x0
    InstallerError    REG_DWORD    0x2
    client    REG_SZ    BA40
    InstallerResultUIString    REG_SZ    The installer failed to uncompress archive. Please download Google Chrome again.
    DayOfLastActivity    REG_DWORD    0xc15
    DayOfLastRollCall    REG_DWORD    0xc15
    msi    REG_DWORD    0x0
    usagestats    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}\CurrentState
    StateValue    REG_DWORD    0x10

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}
    pv    REG_SZ    43.0.2357.124
    RollCallDayStartSec    REG_DWORD    0x558660ec
    LastCheckSuccess    REG_DWORD    0x536bcba8
    DayOfLastRollCall    REG_DWORD    0xc15

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}\CurrentState
    StateValue    REG_DWORD    0x11

========= End of Reg: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{395D0CAB-5CBD-48B1-A520-403BC75585D9} canceled.
{AF59CD06-2C66-4D57-8A03-FFFB27D3DD41} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3910217723-699518037-1373500746-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 3.1 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 11:38:24 ====

B-boy/StyLe/ · July 12, 2015

Hi,

Thank you for the log.

Now please proceed as follows:

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

This script was written specifically for this user, for use on that particular machine.

Try to reinstall Google Chrome now from the link above and also please let me know how are things now.

Regards,

Georgi

aeriney · July 12, 2015

Okay, here's the fix log from the second run:

Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by Al at 2015-07-12 15:40:04 Run:2
Running from C:\Users\Al\Desktop\Farbar Recovery Tool
Loaded Profiles: Al (Available Profiles: Riney & Al & Kevin Riney & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\Al\AppData\Roaming\Microsoft\wsTask.exe
CMD: Dir /b c:\*wsTask.exe* /s
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}
end
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Users\Al\AppData\Roaming\Microsoft\wsTask.exe" => File/Folder not found.

========= Dir /b c:\*wsTask.exe* /s =========

B-boy/StyLe/ · July 12, 2015

Hi,

The log seems cut-off. Can you please post the full log?

aeriney · July 12, 2015

That's all that was in the file. It may have been interrupted because it ran for a very short time before it asked to restart the computer. Should I delete the fixlog.txt file and try again?

B-boy/StyLe/ · July 12, 2015

Hi,

Please use this modified script instead => fixlist.txt and then please open the Control Panel and uninstall Google Update Helper. The entry should be now visible. Then restart the computer and try to reinstall Google Chrome.

Let me know about the results.

Regards,

Georgi

aeriney · July 12, 2015

Did everything but install Google Chrome. The file I downloaded from this thread earlier does not work.

Should I install it from google's website instead?

B-boy/StyLe/ · July 12, 2015

Can you please post the latest fixlog.txt?

B-boy/StyLe/ · July 12, 2015

In addition please try this as well => fixlist.txt

Then reboot the computer and post the fixlog.txt and try again to reinstall Google Chrome.

If no luck again then please use this offline installer and let me know about the results.

Will talk to you tomorrow since I need my sleep now.

Regards,

Georgi

aeriney · July 12, 2015

Here's the fixlog.txt that was created BEFORE uninstalling Google Update Helper.

It's really short. After this, I'll run the next fixlist.txt you sent and try to install Google Chrome again.

Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by Al at 2015-07-12 16:22:00 Run:3
Running from C:\Users\Al\Desktop\Farbar Recovery Tool
Loaded Profiles: Al (Available Profiles: Riney & Al & Kevin Riney & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
2012-12-27 15:49 - 2012-12-27 15:49 - 0005101 _____ () C:\ProgramData\cyzlxojr.ycm
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
end
*****************

C:\ProgramData\cyzlxojr.ycm => moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}\\SystemComponent => value not found.

==== End of Fixlog 16:22:00 ====

aeriney · July 12, 2015

Here's the latest fixlog.txt. Next I'll try the Google Chrome installer from this thread again.

Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by Al at 2015-07-12 18:13:57 Run:4
Running from C:\Users\Al\Desktop\Farbar Recovery Tool
Loaded Profiles: Al (Available Profiles: Riney & Al & Kevin Riney & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome
DeleteKey: HKEY_CURRENT_USER\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF}
end
*****************

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome => key not found.
HKEY_CURRENT_USER\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D} => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D} => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{4DC8B4CA-1BDA-483e-B5FA-D3C12E15B62D} => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{430FD4D0-B729-4F61-AA34-91526481799D} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{8A69D345-D564-463C-AFF1-A69D9E530F96} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Update\ClientState\{FDA71E6F-AC4C-4A00-8B70-9958A68906BF} => key not found.

==== End of Fixlog 18:13:57 ====

aeriney · July 12, 2015

I downloaded a fresh copy of the chrome installer you posted in this thread and tried again. I got the same results.

It states "Installation failed. The installer failed to start."

aeriney · July 12, 2015

I tried the Google Chrome standalone installer. I got the same results. "Google Chrome Installer Failed to Start." See you again tomorrow, and thanks.

B-boy/StyLe/ · July 13, 2015

Hi,

Can you please temporarily uninstall

Google Drive
Google Earth

Chromium

Next let's check for leftovers from the previous installations:

Please download SystemLook from the link below and save it to your Desktop.
SystemLook_x64.exe

Double-click SystemLook_x64.exe to run it.
Copy the content of the following codebox into the main textfield:
:folderfind
Google
:regfind
Google
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /s
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress /s
HKLM\System\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations /s
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Regards,

Georgi

aeriney · July 13, 2015

Okay, thanks for being patient. I was busy yesterday. I'll get to work on this right now.

aeriney · July 13, 2015

Did it... I actually uninstalled Google Drive and Google Earth last night, but I couldn't find Chromium. Not even Revo Uninstaller listed it as being installed on my PC.

Here's the systemlook.txt log:

SystemLook 30.07.11 by jpshortstuff
Log created at 16:11 on 13/07/2015 by Al
Administrator - Elevation successful

No Context:     :folderfind

No Context:     Google

No Context:     :regfind

No Context:     Google

No Context:     :reg

No Context:     HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /s

No Context:     HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress /s

No Context:     HKLM\System\CurrentControlSet\Control\SessionManager\PendingFileRenameOperations /s

No Context:     HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

No Context:     HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

-= EOF =-

B-boy/StyLe/ · July 13, 2015

Hi,

No worries about the delay.

However you put the script in SystemLook in incorrect way.

I just tried the script myself and it seems that there is an empty space beside the commands. Probably an issue with the Ipboard forum system.

Please remove the empty space and run the script again.

:folderfind
Google
:regfind
Google
:reg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /s
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\InProgress /s
HKLM\System\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations /s
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

It should look like this:

Thanks!

Regards,

Georgi

iexplore.exe used for outgoing malicious website

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information