Aware.Chinad. Bought a used pc, need help getting it going/cleaning

[Baraniski]

So I recently bought a pc from a friend, and I'm having some troubles getting running like new again. (I u debating the piracy issue, but it has pirated stuff on it which I need help removing. So I'm looking for assistance to find d out what's what and what I have to remove. Aaaaanyway I have an aware.Chinad that won't go away no matter what I scan it with. If I can get help removing the pirated files too (I have no idea what is pirated and what is legit) assistance would be great.

[kevinf80]

Hello and welcome,

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
  (Windows 8 users will be prompted about Windows SmartScreen protection - click More information and Run.)
• Press Scan button to run the tool....
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  

 

Let me see those two logs,

 

Kevin..

[Baraniski]

so i went through the computer and deleted as much pirated content as i can, i dont know if any is hidden anywhere but here are the logs

Addition.txt

FRST.txt

[Baraniski]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02
Ran by Tyler (administrator) on GADGET (26-10-2015 16:35:02)
Running from C:\Users\Tyler\Downloads
Loaded Profiles: Tyler &  (Available Profiles: Tyler & Mcx1-GADGET)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2785064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [synAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [97064 2011-05-05] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)
HKLM\...\Run: [installerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-18] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-06] (LogMeIn Inc.)
HKLM-x32\...\Run: [nagbu] => C:\Users\Tyler\AppData\Roaming\afght\hmjsqy\zeqlj.exe /autorun
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dllATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3192056 2013-11-14] (Disc Soft Ltd)
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Tyler\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\Run: [MouseServer] => "C:\Program Files (x86)\MouseServer\MouseServer.exe"
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\Run: [Rust Mod Menu.exe] => C:\Users\Tyler\Desktop\Rust ModMenu\Rust Mod Menu.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\Run: [Hobbyist Software VLC Streamer] => "C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57987712 2015-10-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\MountPoints2: F - F:\CD_Start.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\MountPoints2: {2dc64729-4b28-11e4-9032-10bf480c5be3} - G:\setup.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\MountPoints2: {debf2ee6-8539-11e3-9945-10bf480c5be3} - D:\Setup.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\MountPoints2: {debf2eea-8539-11e3-9945-10bf480c5be3} - F:\setup.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\MountPoints2: {e0fed710-6ca1-11e5-b289-00acd122768f} - D:\startme.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\...\MountPoints2: {e4a7ab05-e0d9-11e1-8e1d-10bf480c5be3} - F:\autorun.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3192056 2013-11-14] (Disc Soft Ltd)
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => "C:\Users\Tyler\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MouseServer] => "C:\Program Files (x86)\MouseServer\MouseServer.exe"
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Rust Mod Menu.exe] => C:\Users\Tyler\Desktop\Rust ModMenu\Rust Mod Menu.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Hobbyist Software VLC Streamer] => "C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57987712 2015-10-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: D - D:\setup.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\CD_Start.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2dc64729-4b28-11e4-9032-10bf480c5be3} - G:\setup.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {debf2ee6-8539-11e3-9945-10bf480c5be3} - D:\Setup.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {debf2eea-8539-11e3-9945-10bf480c5be3} - F:\setup.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e0fed710-6ca1-11e5-b289-00acd122768f} - D:\startme.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e4a7ab05-e0d9-11e1-8e1d-10bf480c5be3} - F:\autorun.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [steam] => "C:\Program Files (x86)\Steam\steam.exe" -silent
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [bitTorrent] => "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Pro Agent] => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => "C:\Users\Tyler\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ManyCam] => "C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe" /silent
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3192056 2013-11-14] (Disc Soft Ltd)
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GameTracker] => C:\Program Files (x86)\GameTracker\GTLite.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => "C:\Users\Tyler\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57987712 2015-10-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [MouseServer] => "C:\Program Files (x86)\MouseServer\MouseServer.exe"
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: F - F:\CD_Start.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2dc64729-4b28-11e4-9032-10bf480c5be3} - G:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {debf2ee6-8539-11e3-9945-10bf480c5be3} - F:\setup.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {debf2eea-8539-11e3-9945-10bf480c5be3} - F:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e4a7ab05-e0d9-11e1-8e1d-10bf480c5be3} - F:\Autorun.exe
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2015-10-25]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{E22439BA-8B66-436D-8AE8-5B6AF8CB3A65}: [DhcpNameServer] 172.16.1.254
Tcpip\..\Interfaces\{F80E3A28-A52C-41B7-B88E-253D2A2F9C48}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-CA&Src=MSE&Tid=000328B9&OHP=http%3A%2F%2Fwww.amazon.ca%2Fgp%2Fbit%2Famazonserp%2Fref%3Dbit%5Fbds%2Dp14%5Fserp%5Fie%5Fca%5Fdisplay%3Fie%3DUTF8%26tagbase%3Dbds%2Dp14%26tbrId%3Dv1%5Fabb%2Dchannel%2D14%5F0b4eb35667e54eaca67ba53a8108e2f9%5F16%5F37%5F20130805%5FCA%5Fie%5Fsp%5Fbundle&OSP=http%3A%2F%2Fsearch.zonealarm.com%2Fsearch%3Fsrc%3Dsp%26tbid%3Dbase2013%26Lan%3Den%26q%3D%7BsearchTerms%7D%26gu%3D9fddb03dbeb9488ab1b2f4072e562aea%26tu%3D11JL0009O2B000s%26sku%3D%26tstsId%3D%26ver%3D%26%26r%3D146
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {52A64A12-78CE-4E41-A0C5-7A88CD9C6189} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&q={searchTerms}&gu=9fddb03dbeb9488ab1b2f4072e562aea&tu=11JL0009O2B000s&sku=&tstsId=&ver=&&r=146
SearchScopes: HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-14] (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2015-09-15] (Perfect World Entertainment Inc)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-14] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\3khas5ma.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-07-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2015-09-15] (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\3khas5ma.default\searchplugins\nation-secure-search.xml [2013-11-13]
FF Extension: Ghostery - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\3khas5ma.default\Extensions\firefox@ghostery.com.xpi [2015-10-08]
FF Extension: Adblock Plus - C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\3khas5ma.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-10-08]

Chrome:
=======
CHR HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tyler\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nklfajnmfbchcceflgddnkignfheooic] - <no Path/update_url>
CHR HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Tyler\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nklfajnmfbchcceflgddnkignfheooic] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\Tyler\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx <not found>
StartMenuInternet: Google Chrome.3FIF5QDKOJ5LGA2W5IM2WOATIE - C:\Users\Tyler\AppData\Local\Google\Chrome\Application\46.10.2479.3\switcher.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88400 2015-09-15] (Perfect World Entertainment Inc)
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [723192 2013-11-14] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174112 2015-01-03] (EasyAntiCheat Ltd)
S4 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-06] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2015-10-23] ()
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-05-28] ()
S4 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-06-05] (Razer Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 wxpSvc; C:\Program Files (x86)\webcamXP 5\wService.exe [5404472 2012-03-26] (Moonware Studios)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2014-01-24] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-05-22] () [File not signed]
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 libusbK; C:\Windows\System32\DRIVERS\libusbK.sys [47200 2014-11-02] (http://libusb-win32.sourceforge.net)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0121.sys [28768 2014-11-19] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 Neo_VPN2; C:\Windows\System32\DRIVERS\Neo_0126.sys [28768 2014-12-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-11-06] (Razer, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-26 16:35 - 2015-10-26 16:35 - 00027246 _____ C:\Users\Tyler\Downloads\FRST.txt
2015-10-26 16:33 - 2015-10-26 16:33 - 02197504 _____ (Farbar) C:\Users\Tyler\Downloads\FRST64.exe
2015-10-26 16:30 - 2015-10-26 16:31 - 00000000 ____D C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2015-10-26 02:06 - 2015-10-26 02:06 - 00021160 _____ C:\Windows\system32\.crusader
2015-10-26 01:57 - 2015-10-26 01:57 - 00384530 _____ C:\Users\Tyler\AppData\Local\census.cache
2015-10-26 01:57 - 2015-10-26 01:57 - 00187891 _____ C:\Users\Tyler\AppData\Local\ars.cache
2015-10-26 01:51 - 2015-10-26 01:51 - 00000010 _____ C:\Users\Tyler\AppData\Local\sponge.last.runtime.cache
2015-10-26 01:50 - 2015-10-26 02:06 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-26 01:44 - 2015-10-26 01:44 - 00000036 _____ C:\Users\Tyler\AppData\Local\housecall.guid.cache
2015-10-26 01:44 - 2015-05-29 01:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-10-26 01:14 - 2015-10-26 01:14 - 00000000 ____D C:\Users\Tyler\AppData\Local\CrashRpt
2015-10-26 00:01 - 2015-10-26 02:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-26 00:00 - 2015-10-26 00:39 - 00000000 ____D C:\Users\Tyler\Desktop\mbar
2015-10-25 23:09 - 2015-10-25 23:09 - 01713152 _____ C:\Users\Tyler\Desktop\Xpadder [5.7].exe
2015-10-25 22:35 - 2015-10-25 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-25 21:42 - 2015-10-25 22:26 - 00007878 _____ C:\sh4_service.log
2015-10-25 20:59 - 2015-10-25 20:59 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2015-10-25 15:42 - 2015-10-25 16:24 - 00000073 _____ C:\spyhunter.log
2015-10-25 11:57 - 2015-10-25 11:57 - 00000000 ____D C:\ASUS WebStorage
2015-10-25 11:36 - 2015-10-25 11:36 - 00000000 _____ C:\autoexec.bat
2015-10-25 11:35 - 2015-10-26 16:31 - 00000000 ____D C:\sh4ldr
2015-10-25 11:34 - 2015-10-25 11:34 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-10-25 00:28 - 2015-10-25 00:28 - 00000000 ____D C:\Users\Tyler\.android
2015-10-25 00:27 - 2015-10-25 00:27 - 00000000 ____D C:\Users\Tyler\AppData\LocalLow\VirtualStore
2015-10-24 11:48 - 2015-10-25 23:08 - 00003390 _____ C:\Windows\System32\Tasks\gyrn2f1g
2015-10-24 11:48 - 2015-10-25 23:08 - 00000000 ____D C:\Program Files\Common Files\qte0vw2h
2015-10-24 11:02 - 2015-10-26 11:42 - 00001016 _____ C:\Windows\Tasks\HF8AZUR46oA61LqdgUvcST.job
2015-10-24 11:02 - 2015-10-26 11:42 - 00001002 _____ C:\Windows\Tasks\oXXiKz9TqF7hP21.job
2015-10-24 11:02 - 2015-10-24 11:02 - 00004038 _____ C:\Windows\System32\Tasks\HF8AZUR46oA61LqdgUvcST
2015-10-24 11:02 - 2015-10-24 11:02 - 00004024 _____ C:\Windows\System32\Tasks\oXXiKz9TqF7hP21
2015-10-24 11:00 - 2015-10-24 15:00 - 00003432 _____ C:\Windows\System32\Tasks\Vruesemnese
2015-10-24 11:00 - 2015-10-24 11:00 - 00000000 _____ C:\ProgramData\inf.dat
2015-10-24 10:58 - 2015-10-26 11:42 - 00001018 _____ C:\Windows\Tasks\H1vwY3vdDCh70RjPMEImGHc.job
2015-10-24 10:58 - 2015-10-24 10:58 - 00004048 _____ C:\Windows\System32\Tasks\u24h2E284pO9WMEwc2bLxzSYRvS
2015-10-24 10:58 - 2015-10-24 10:58 - 00004040 _____ C:\Windows\System32\Tasks\H1vwY3vdDCh70RjPMEImGHc
2015-10-24 10:58 - 2015-10-24 10:58 - 00000000 ____D C:\ProgramData\adb
2015-10-24 10:57 - 2015-10-26 11:42 - 00001026 _____ C:\Windows\Tasks\u24h2E284pO9WMEwc2bLxzSYRvS.job
2015-10-24 10:55 - 2015-10-25 00:49 - 00000000 ____D C:\Users\Tyler\AppData\Local\Unity
2015-10-24 02:59 - 2015-10-24 02:59 - 00000202 _____ C:\Users\Tyler\Desktop\Rust.url
2015-10-24 01:14 - 2009-11-09 07:57 - 00115960 _____ (Valve Corporation) C:\steam_api.dll
2015-10-24 01:13 - 2015-10-24 01:13 - 00003360 _____ C:\Windows\System32\Tasks\{4ECADBBB-4483-4065-AEA3-073E36508632}
2015-10-23 21:33 - 2015-10-24 10:41 - 00000000 ____D C:\Program Files (x86)\Activision
2015-10-23 16:56 - 2015-10-23 16:58 - 00270776 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-10-23 16:56 - 2015-10-23 16:56 - 00270776 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-10-23 16:55 - 2015-10-23 16:55 - 00075136 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2015-10-22 12:11 - 2015-10-25 00:50 - 00000614 _____ C:\Users\Tyler\Desktop\ePSXe.exe - Shortcut.lnk
2015-10-21 22:14 - 2015-10-26 11:46 - 00000000 ____D C:\Users\Tyler\AppData\Local\LogMeIn Hamachi
2015-10-21 22:14 - 2015-10-21 22:14 - 00000000 ____D C:\Users\Tyler\AppData\Local\LogMeIn
2015-10-21 22:14 - 2015-10-21 22:14 - 00000000 ____D C:\ProgramData\LogMeIn
2015-10-21 22:13 - 2015-10-25 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-10-21 22:13 - 2015-10-25 00:50 - 00000922 _____ C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2015-10-21 22:13 - 2015-10-21 22:13 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-10-20 13:42 - 2015-10-25 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2015-10-20 13:42 - 2015-10-25 00:50 - 00001586 _____ C:\Users\Public\Desktop\Arc.lnk
2015-10-20 13:42 - 2015-10-20 13:47 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Arc
2015-10-20 13:42 - 2015-10-20 13:42 - 00000000 ____D C:\Users\Public\Documents\Arc
2015-10-20 13:41 - 2015-10-22 11:34 - 00000000 ____D C:\Program Files (x86)\Arc
2015-10-20 13:21 - 2015-10-20 13:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-10-20 13:21 - 2015-10-20 13:21 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2015-10-20 11:40 - 2015-10-20 11:40 - 00000000 ____D C:\Users\Tyler\AppData\LocalLow\CopyBugPaste
2015-10-20 11:28 - 2015-10-20 11:28 - 00000202 _____ C:\Users\Tyler\Desktop\Blacklight Retribution.url
2015-10-17 21:04 - 2015-10-17 21:04 - 00000202 _____ C:\Users\Tyler\Desktop\Warface.url
2015-10-16 19:08 - 2015-10-26 01:23 - 00000000 ____D C:\Users\Tyler\AppData\Local\wf-launcher
2015-10-16 15:47 - 2015-10-16 15:48 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\SpaceEngineersDedicated
2015-10-16 15:44 - 2015-10-16 16:29 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\SpaceEngineers
2015-10-16 15:38 - 2015-10-26 16:24 - 00000000 ____D C:\Games
2015-10-16 14:15 - 2015-10-16 14:23 - 00000044 _____ C:\Users\Tyler\jagex_cl_oldschool_LIVE.dat
2015-10-16 14:06 - 2015-10-16 14:06 - 00000000 ____D C:\.jagex_cache_32
2015-10-16 14:05 - 2015-10-16 14:34 - 00000023 _____ C:\Users\Tyler\jagexappletviewer.preferences
2015-10-16 13:59 - 2015-10-16 15:51 - 00000024 _____ C:\Users\Tyler\random.dat
2015-10-16 13:59 - 2015-10-16 15:50 - 00000044 _____ C:\Users\Tyler\jagex_cl_runescape_LIVE.dat
2015-10-16 13:56 - 2015-10-25 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EpicBot
2015-10-15 18:05 - 2015-10-15 18:05 - 00000000 ____D C:\Users\Tyler\Documents\My Cheat Tables
2015-10-15 14:50 - 2015-10-26 11:25 - 00000000 ____D C:\AdwCleaner
2015-10-15 14:33 - 2015-10-26 16:35 - 00000000 ____D C:\FRST
2015-10-12 22:52 - 2015-10-12 22:52 - 00000020 ___SH C:\Users\Tyler\ntuser.ini
2015-10-11 18:14 - 2015-10-18 00:46 - 00000000 ___HD C:\Users\Public\Documents\SystemData
2015-10-11 18:14 - 2015-10-11 18:14 - 00000000 ____D C:\Program Files (x86)\Windows Network Services
2015-10-09 13:40 - 2015-10-09 13:40 - 00000000 ____D C:\Users\Tyler\AppData\Local\EdgeOfReality
2015-10-09 10:59 - 2015-10-09 10:59 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\帮5淘
2015-10-08 22:08 - 2015-10-08 22:09 - 00000202 _____ C:\Users\Tyler\Desktop\Loadout.url
2015-10-08 07:59 - 2015-10-08 07:59 - 00186880 _____ (TODO: <Company name>) C:\Windows\system32\rsrcs.dll
2015-10-08 00:09 - 2015-10-08 00:09 - 00000000 ____D C:\Users\Tyler\AppData\Local\FalloutNV
2015-10-07 17:10 - 2015-10-07 17:13 - 00130312 _____ C:\Windows\DPINST.LOG
2015-10-07 17:06 - 2015-10-07 17:07 - 29249520 _____ (Sony Mobile Communications ) C:\Users\Tyler\AppData\Local\pcc.exe
2015-10-02 12:15 - 2015-10-16 13:44 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Trove
2015-10-02 12:08 - 2015-10-02 12:08 - 00000202 _____ C:\Users\Tyler\Desktop\Trove.url
2015-10-02 11:56 - 2015-10-02 11:56 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-10-02 11:56 - 2015-10-02 11:56 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-09-30 17:33 - 2015-10-25 00:50 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\chrome
2015-09-28 10:32 - 2015-09-28 10:32 - 00000000 _____ C:\Windows\SysWOW64\诈d涸͊lotserviceruntime.log
2015-09-27 20:34 - 2015-09-27 20:34 - 00000000 ____D C:\ProgramData\webcamXP 5
2015-09-27 14:43 - 2015-09-27 14:49 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Mobile Gamepad Server
2015-09-26 17:25 - 2015-10-25 00:50 - 00000000 ____D C:\ProgramData\chrome

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-26 16:26 - 2014-10-03 12:04 - 00000000 ____D C:\Users\Tyler\jagexcache
2015-10-26 16:22 - 2014-11-18 01:48 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Skype
2015-10-26 16:22 - 2012-07-14 06:04 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\BitTorrent
2015-10-26 16:21 - 2015-09-11 16:47 - 00001010 _____ C:\Windows\Tasks\VvnAaBBRSURBPPg5Xtp.job
2015-10-26 16:21 - 2015-09-11 16:47 - 00001004 _____ C:\Windows\Tasks\ceXtJqa1ZAfbXe2s.job
2015-10-26 16:21 - 2012-07-14 21:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-26 16:21 - 2012-05-01 00:00 - 01777207 _____ C:\Windows\WindowsUpdate.log
2015-10-26 11:50 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-26 11:50 - 2009-07-13 22:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-26 11:45 - 2015-02-08 02:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-26 11:43 - 2012-07-14 06:49 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2015-10-26 11:43 - 2012-07-14 06:49 - 00000000 ___HD C:\ASUS.DAT
2015-10-26 11:42 - 2015-09-19 10:37 - 00004900 _____ C:\Windows\setupact.log
2015-10-26 11:42 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-26 10:35 - 2015-09-19 15:45 - 00968618 _____ C:\Windows\PFRO.log
2015-10-26 10:32 - 2009-07-13 21:20 - 00000000 __RSD C:\Windows\Media
2015-10-26 01:41 - 2012-07-14 03:53 - 00000000 ____D C:\Users\Tyler\AppData\Local\Google
2015-10-26 01:41 - 2012-02-18 01:37 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-26 01:11 - 2014-07-08 22:23 - 00000000 ____D C:\ProgramData\GFACE
2015-10-26 00:01 - 2015-02-08 01:26 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-25 23:47 - 2014-12-04 11:44 - 00000000 ____D C:\Users\Tyler\AppData\Temp
2015-10-25 23:31 - 2012-07-14 06:48 - 00000000 ____D C:\Users\Tyler
2015-10-25 23:23 - 2012-07-14 14:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-25 19:48 - 2015-09-17 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-10-25 19:48 - 2015-09-11 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-10-25 19:48 - 2015-09-11 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-25 19:48 - 2015-08-14 20:59 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wurm Online
2015-10-25 19:48 - 2015-08-14 15:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-10-25 19:48 - 2015-07-27 15:27 - 00000000 ____D C:\Users\Tyler\Desktop\Tor Browser
2015-10-25 19:48 - 2015-07-15 13:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-10-25 19:48 - 2015-03-07 23:44 - 00000000 ____D C:\Users\TEMP
2015-10-25 19:48 - 2015-02-14 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-10-25 19:48 - 2015-02-08 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-25 19:48 - 2015-02-07 02:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-10-25 19:48 - 2014-11-17 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phantasy Star Online 2
2015-10-25 19:48 - 2014-10-19 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2015-10-25 19:48 - 2014-06-13 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-10-25 19:48 - 2014-01-24 19:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Ultra
2015-10-25 19:48 - 2013-10-07 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-25 19:48 - 2013-07-06 13:55 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecontrol for Minecraft
2015-10-25 19:48 - 2013-06-12 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-25 19:48 - 2013-03-14 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-25 19:48 - 2012-11-04 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\webcamXP 5
2015-10-25 19:48 - 2012-11-04 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2015-10-25 19:48 - 2012-11-01 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-10-25 19:48 - 2012-09-26 18:53 - 00000000 ____D C:\Users\Mcx1-GADGET
2015-10-25 19:48 - 2012-07-14 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CF Toolbox
2015-10-25 19:48 - 2012-07-14 21:11 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-10-25 19:48 - 2012-07-14 06:48 - 00000000 ___RD C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-25 19:48 - 2012-07-14 06:48 - 00000000 ___RD C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-25 19:48 - 2012-07-14 06:01 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-25 19:48 - 2012-07-14 06:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-25 19:48 - 2012-07-14 04:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-25 19:48 - 2012-05-01 00:15 - 00000000 ____D C:\ProgramData\P4G
2015-10-25 19:48 - 2012-05-01 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2015-10-25 19:48 - 2012-05-01 00:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-10-25 19:48 - 2012-02-18 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-10-25 19:48 - 2012-02-18 01:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-10-25 19:48 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-25 19:48 - 2009-07-13 21:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-25 19:48 - 2009-07-13 21:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-25 19:46 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2015-10-25 00:55 - 2015-09-17 15:32 - 00058016 _____ C:\Users\Tyler\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-25 00:53 - 2015-09-19 15:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-25 00:53 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-10-25 00:50 - 2015-09-17 20:35 - 00001252 _____ C:\Users\Public\Desktop\Razer Cortex.lnk
2015-10-25 00:50 - 2015-09-12 00:27 - 00000991 _____ C:\Users\Public\Desktop\ManyCam.lnk
2015-10-25 00:50 - 2015-09-11 23:07 - 00001620 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2015-10-25 00:50 - 2015-09-11 20:23 - 00002691 _____ C:\Users\Public\Desktop\Skype.lnk
2015-10-25 00:50 - 2015-09-11 17:17 - 00001395 _____ C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-25 00:50 - 2015-09-11 17:07 - 00000977 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-25 00:50 - 2015-09-11 17:07 - 00000721 _____ C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-10-25 00:50 - 2015-09-11 17:07 - 00000697 _____ C:\Users\Tyler\Desktop\Start Tor Browser.lnk
2015-10-25 00:50 - 2015-09-10 23:10 - 00001170 _____ C:\Users\Tyler\Desktop\ThrottleStop.exe - Shortcut.lnk
2015-10-25 00:50 - 2015-09-04 01:53 - 00001701 _____ C:\Users\Tyler\Desktop\Google Drive.lnk
2015-10-25 00:50 - 2015-09-04 00:54 - 00001066 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-10-25 00:50 - 2015-08-14 15:47 - 00001166 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.2.lnk
2015-10-25 00:50 - 2015-07-15 13:43 - 00000957 _____ C:\Users\Public\Desktop\Minecraft.lnk
2015-10-25 00:50 - 2015-02-08 01:27 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-25 00:50 - 2015-01-03 20:37 - 00001502 _____ C:\Users\Tyler\Desktop\Skype.lnk
2015-10-25 00:50 - 2015-01-01 12:37 - 00000812 _____ C:\Users\Tyler\Desktop\Steam.lnk
2015-10-25 00:50 - 2014-12-23 14:53 - 00002107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-10-25 00:50 - 2014-11-30 01:00 - 00001251 _____ C:\Users\Tyler\Desktop\Task Manager.lnk
2015-10-25 00:50 - 2014-11-02 15:33 - 00000637 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meiers Civilization Beyond Earth.lnk
2015-10-25 00:50 - 2014-07-18 21:42 - 00000525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Southpark Stick of Truth.lnk
2015-10-25 00:50 - 2014-01-24 19:48 - 00001989 _____ C:\Users\Public\Desktop\DAEMON Tools Ultra.lnk
2015-10-25 00:50 - 2012-07-15 00:24 - 00001412 _____ C:\Users\Tyler\Desktop\.minecraft.lnk
2015-10-25 00:50 - 2012-07-14 23:44 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-10-25 00:50 - 2012-07-14 06:50 - 00001395 _____ C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet-Explorer.lnk
2015-10-25 00:50 - 2012-02-18 01:43 - 00001364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-10-25 00:50 - 2012-02-18 01:43 - 00001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-10-25 00:50 - 2012-02-18 01:42 - 00001448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-10-25 00:50 - 2012-02-18 01:41 - 00002476 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-10-25 00:50 - 2012-02-18 01:36 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-10-25 00:50 - 2012-02-18 01:29 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2015-10-25 00:50 - 2009-07-28 23:08 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-10-25 00:50 - 2009-07-28 23:08 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-25 00:50 - 2009-07-13 23:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-10-25 00:50 - 2009-07-13 22:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-10-25 00:50 - 2009-07-13 22:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-10-25 00:50 - 2009-07-13 22:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-10-25 00:50 - 2009-07-13 22:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-10-25 00:50 - 2009-07-13 22:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-10-24 16:56 - 2015-09-11 16:43 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-10-24 16:52 - 2009-07-13 23:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-10-23 17:19 - 2015-01-01 14:22 - 00002156 _____ C:\Users\Tyler\Desktop\Xpadder.ini
2015-10-23 16:58 - 2012-07-22 18:51 - 00270776 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2015-10-22 11:49 - 2014-07-28 20:03 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-10-22 11:38 - 2012-05-01 00:16 - 00002295 _____ C:\Windows\system32\ServiceFilter.ini
2015-10-22 11:34 - 2009-07-13 23:08 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-20 13:42 - 2012-05-01 00:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-20 13:20 - 2014-11-02 03:45 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-16 23:00 - 2012-07-14 21:01 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 23:00 - 2012-07-14 21:01 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-16 23:00 - 2012-07-14 21:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-16 19:35 - 2015-09-17 12:01 - 00000000 ____D C:\Users\Tyler\Documents\Xpadder
2015-10-16 15:38 - 2012-02-18 01:46 - 00000000 ____D C:\AsusVibeData
2015-10-16 13:17 - 2015-07-16 17:05 - 00000000 ____D C:\Users\Tyler\Desktop\hax
2015-10-15 14:56 - 2015-02-08 01:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-15 14:51 - 2013-11-13 02:52 - 00000000 ____D C:\Windows\system32\log
2015-10-15 14:48 - 2015-09-12 00:28 - 00000000 ____D C:\Users\Tyler\AppData\Local\ManyCam
2015-10-15 14:41 - 2012-07-14 06:07 - 00000000 ____D C:\Users\Tyler\AppData\LocalLow\Temp
2015-10-15 14:41 - 2009-07-13 21:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-10-15 14:41 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-10-15 14:27 - 2015-09-11 02:12 - 00000000 ____D C:\Users\Tyler\Documents\Electronic Arts
2015-10-15 14:27 - 2015-09-11 00:42 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-10-15 14:27 - 2012-02-18 01:46 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-10-13 21:42 - 2015-09-12 09:51 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-10-13 17:23 - 2012-07-15 17:30 - 00000000 ____D C:\ProgramData\Skype
2015-10-12 22:52 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\tracing
2015-10-09 13:35 - 2015-09-17 13:31 - 00000000 ____D C:\Users\Tyler\AppData\Local\SKIDROW
2015-10-08 13:24 - 2015-09-04 01:53 - 00000000 ___RD C:\Users\Tyler\Google Drive
2015-10-08 13:23 - 2012-05-01 00:16 - 00003630 _____ C:\Windows\system32\AutoRunFilter.ini
2015-10-08 13:00 - 2012-11-01 22:46 - 00000000 ____D C:\Users\Tyler\AppData\Roaming\vlc
2015-10-08 02:05 - 2015-09-19 00:12 - 00000000 ____D C:\ProgramData\DivX
2015-10-08 02:05 - 2015-09-19 00:12 - 00000000 ____D C:\Program Files (x86)\DivX
2015-10-08 00:09 - 2013-05-06 20:16 - 00000000 ____D C:\Users\Tyler\Documents\My Games
2015-10-05 09:50 - 2015-02-08 01:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-02-08 01:26 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-09-30 20:28 - 2015-02-07 00:15 - 00000000 ____D C:\Users\Tyler\AppData\Local\Steam

==================== Files in the root of some directories =======

2014-03-22 20:12 - 2014-06-22 13:49 - 0000000 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2015-10-26 01:57 - 2015-10-26 01:57 - 0187891 _____ () C:\Users\Tyler\AppData\Local\ars.cache
2015-10-26 01:57 - 2015-10-26 01:57 - 0384530 _____ () C:\Users\Tyler\AppData\Local\census.cache
2015-10-26 01:44 - 2015-10-26 01:44 - 0000036 _____ () C:\Users\Tyler\AppData\Local\housecall.guid.cache
2015-10-24 10:47 - 2015-10-24 10:46 - 0000187 _____ () C:\Users\Tyler\AppData\Local\Matity.exe.config
2015-10-07 17:06 - 2015-10-07 17:07 - 29249520 _____ (Sony Mobile Communications                                  ) C:\Users\Tyler\AppData\Local\pcc.exe
2015-10-26 01:51 - 2015-10-26 01:51 - 0000010 _____ () C:\Users\Tyler\AppData\Local\sponge.last.runtime.cache
2014-11-30 01:16 - 2014-11-30 01:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-24 11:00 - 2015-10-24 11:00 - 0000000 _____ () C:\ProgramData\inf.dat
2012-05-01 00:20 - 2012-05-01 00:20 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-05-01 00:19 - 2012-05-01 00:19 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-05-01 00:18 - 2012-05-01 00:19 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\ProgramData\inf.dat


Some files in TEMP:
====================
C:\Users\Tyler\AppData\Local\Temp\5399iklit_559_setup.exe
C:\Users\Tyler\AppData\Local\Temp\browsercontrol1239000803597817554.dll
C:\Users\Tyler\AppData\Local\Temp\browsercontrol2623766237888833733.dll
C:\Users\Tyler\AppData\Local\Temp\browsercontrol2639446794779498302.dll
C:\Users\Tyler\AppData\Local\Temp\browsercontrol3563708349805696799.dll
C:\Users\Tyler\AppData\Local\Temp\browsercontrol594698835352994042.dll
C:\Users\Tyler\AppData\Local\Temp\browsercontrol7710712048452628331.dll
C:\Users\Tyler\AppData\Local\Temp\browsercontrol8525223851399264385.dll
C:\Users\Tyler\AppData\Local\Temp\browsercontrol9161155911810557685.dll
C:\Users\Tyler\AppData\Local\Temp\HitmanPro.exe
C:\Users\Tyler\AppData\Local\Temp\install1417124.exe
C:\Users\Tyler\AppData\Local\Temp\IQIYIsetup_spl004@kb037.exe
C:\Users\Tyler\AppData\Local\Temp\jna1107913173844020027.dll
C:\Users\Tyler\AppData\Local\Temp\jna1831284584238153839.dll
C:\Users\Tyler\AppData\Local\Temp\jna2193700267469856735.dll
C:\Users\Tyler\AppData\Local\Temp\jna3082462365745942607.dll
C:\Users\Tyler\AppData\Local\Temp\jna3104310335588658729.dll
C:\Users\Tyler\AppData\Local\Temp\jna5807727250398086267.dll
C:\Users\Tyler\AppData\Local\Temp\jna6646858016901994309.dll
C:\Users\Tyler\AppData\Local\Temp\jna8571494536191710375.dll
C:\Users\Tyler\AppData\Local\Temp\qdAstsetup13.exe
C:\Users\Tyler\AppData\Local\Temp\qqpcmgr_v11.0.16794.227_74736_Silence.exe
C:\Users\Tyler\AppData\Local\Temp\sqlite3.dll
C:\Users\Tyler\AppData\Local\Temp\tu17p84.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\BDSandBoxUISkin32.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-21 01:59

==================== End of FRST.txt ============================

[Baraniski]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02
Ran by Tyler (2015-10-26 16:36:08)
Running from C:\Users\Tyler\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-14 12:48:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3666182603-3330038474-3966174749-500 - Administrator - Disabled)
Guest (S-1-5-21-3666182603-3330038474-3966174749-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3666182603-3330038474-3966174749-1003 - Limited - Enabled)
Mcx1-GADGET (S-1-5-21-3666182603-3330038474-3966174749-1001 - Limited - Enabled) => C:\Users\Mcx1-GADGET
Tyler (S-1-5-21-3666182603-3330038474-3966174749-1000 - Administrator - Enabled) => C:\Users\Tyler

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.2.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.28 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0014 - ASUS)
BitTorrent (HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\BitTorrent) (Version: 7.9.2.34947 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\BitTorrent) (Version: 7.9.2.34947 - BitTorrent Inc.)
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Hardsuit Labs)
Blue Satin Skin (HKLM-x32\...\{FB7D6550-9260-42E6-83C8-BF3A7E54442F}) (Version: 2.2.1 - Screaming Bee)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® 4 - Modern Warfare 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare 1.7 Patch (x32 Version:  - ) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Command And Conquer Red Alert 2 Yuri's Revenge 1.001 (HKLM-x32\...\Command_And_Conquer_Yuri's_Revenge_1.001_MPI) (Version:  - )
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 2.1.0.0187 - Disc Soft Ltd)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fable - The Lost Chapters (HKLM-x32\...\Steam App 204030) (Version:  - Lionhead Studios)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel® Chipset Device Software (x32 Version: 10.0.27 - Intel® Corporation) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Driver Update Utility 2.2 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.385 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.385 - LogMeIn, Inc.) Hidden
Male Voice Pack (HKLM-x32\...\{2CC32E0E-9A10-4BCC-94F0-614F85375F59}) (Version: 1.3.1 - Screaming Bee)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
ManyCam 5.0.4 (HKLM-x32\...\ManyCam) (Version: 5.0.4 - Visicom Media Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MyFreeCodec (HKU\S-1-5-21-3666182603-3330038474-3966174749-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.5.31.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.6.0 - Synaptics Incorporated)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Translator Fun Voice Pack (HKLM-x32\...\{C39768C1-82E7-4466-8526-2D8AC44B768F}) (Version: 1.5.1 - Screaming Bee)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warface (HKLM-x32\...\Steam App 291480) (Version:  - Crytek)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

25-10-2015 01:43:02 Installed DirectX
25-10-2015 18:09:33 Windows Update
25-10-2015 20:58:23 Installed SpyHunter
25-10-2015 22:37:24 Removed Male Voice Pack
25-10-2015 23:30:14 JRT Pre-Junkware Removal
26-10-2015 01:04:45 JRT Pre-Junkware Removal
26-10-2015 02:01:36 Checkpoint by HitmanPro
26-10-2015 02:06:03 Checkpoint by HitmanPro
26-10-2015 16:24:55 Removed RuneScape Launcher 1.2.7
26-10-2015 16:29:30 Removed SpyHunter

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-10-26 11:43 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0038EFF2-D851-4583-A9DF-801D9A545269} - \snf -> No File <==== ATTENTION
Task: {0355AB2A-3131-4927-92B2-84FCE5377287} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {03ADBEAF-8B88-445C-A64F-F39FB04350E0} - \SMW_UpdateTask_Time_323734363932393532342d5723322a78455a4137574532 -> No File <==== ATTENTION
Task: {04F632E1-4995-469A-ADC2-A22BF5F5E09B} - System32\Tasks\oXXiKz9TqF7hP21 => C:\Users\Tyler\AppData\Roaming\oXXiKz9TqF7hP21.exe <==== ATTENTION
Task: {06F0887D-7022-4AE4-83AE-92918E4F042A} - System32\Tasks\VvnAaBBRSURBPPg5Xtp => C:\Users\Tyler\AppData\Roaming\VvnAaBBRSURBPPg5Xtp.exe <==== ATTENTION
Task: {0CE4CEB0-3601-43CD-BF65-471962AB28DD} - \0bd447ad-5361-46fb-a09f-d30b0878b98c-1-7 -> No File <==== ATTENTION
Task: {0DB39988-9F20-4645-A161-357C79A3E903} - \0bd447ad-5361-46fb-a09f-d30b0878b98c-5_user -> No File <==== ATTENTION
Task: {0F4B7227-62A9-45AD-B997-6B78426E5F51} - \1fd558bf-2f63-4070-8891-3e2e3f82401e-7 -> No File <==== ATTENTION
Task: {113D8B8B-EE58-47A9-9909-48B18195E760} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-GADGET => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {11CF0598-1A50-436D-B0B9-B9A7D35CB033} - \Advanced System~Protector_startup -> No File <==== ATTENTION
Task: {12CD9EA3-EF34-4C1C-84FA-3FE5BC08767B} - \ASP -> No File <==== ATTENTION
Task: {14D16494-304C-4F45-AF08-22559B9118AA} - \PC SpeedUp Service Deactivator -> No File <==== ATTENTION
Task: {14F7CFDB-F5C0-459E-9C7C-FEE527257269} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {171FEE90-E567-499C-8CBB-6A3168A40A5D} - \1fd558bf-2f63-4070-8891-3e2e3f82401e-10_user -> No File <==== ATTENTION
Task: {1C775EF6-3288-4D84-8008-305ABB0C2695} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {2182F1F9-2F3D-4AAB-A0A3-16B5A51938DC} - \1fd558bf-2f63-4070-8891-3e2e3f82401e-1-7 -> No File <==== ATTENTION
Task: {25E82892-DB50-4990-A978-3529C1136041} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {31FEC4CB-DD99-486C-9AF7-6913DDCF1DA1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {39871C46-2B76-40E4-AAB3-AEE493A784E6} - System32\Tasks\Vruesemnese => C:\ProgramData\Vruesemnese\1.0.6.1\ahamnuuf.exe
Task: {39B32ABA-D606-41DB-8E9F-518CD4CB32C0} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.)
Task: {3BE6AA46-7399-4FBB-B8C6-B60D6025375A} - System32\Tasks\Opera scheduled Autoupdate 1442011588 => C:\Program Files (x86)\Opera\launcher.exe
Task: {3C3410DC-CE39-4DD6-BD95-784CE793F8B9} - \1fd558bf-2f63-4070-8891-3e2e3f82401e-1-6 -> No File <==== ATTENTION
Task: {3DF7B901-3E8F-4C16-A1E8-D7BDD187C3C3} - System32\Tasks\{14FDE901-E789-4C45-904F-76E576F1C343} => Chrome.exe hxxp://ui.skype.com/ui/0/6.22.81.105/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {3E1AF25E-8381-488E-AC67-582347D78332} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {44291833-162C-4643-BA8F-D878FDAE211F} - System32\Tasks\{8AC80838-2AF3-4293-BA4C-AB3AFF31CD9B} => pcalua.exe -a C:\Users\Tyler\Desktop\asuuuu\Setup.exe -d C:\Users\Tyler\Desktop\asuuuu
Task: {46708CD3-E3CE-4423-9934-6126903699C7} - \APSnotifierPP1 -> No File <==== ATTENTION
Task: {485D5E74-0E03-437D-958B-F9AF6FB08B14} - System32\Tasks\{50CFF42F-D346-4960-AFA1-516F7F51E77D} => pcalua.exe -a "C:\Program Files (x86)\Desk 365\eUninstall.exe"
Task: {4A862DDD-5300-4293-AF19-EDF3C710B5B3} - \d5fc2b52-7cbd-4b57-9549-312af4118038-10_user -> No File <==== ATTENTION
Task: {4CDC0D5E-684D-4933-BE98-BEAD77677DFF} - \SMW_UpdateTask_Time_323734363932393532342d5723322a78455a4137574532 -> No File <==== ATTENTION
Task: {502485BB-9763-47C5-B830-1A95876B2B15} - \BAUpd -> No File <==== ATTENTION
Task: {5053E9E7-FAB6-4296-A181-C94A60517FFC} - \d5fc2b52-7cbd-4b57-9549-312af4118038-5 -> No File <==== ATTENTION
Task: {50991A76-D205-48EF-B847-C202A04892EE} - System32\Tasks\{51C6C8D3-2C0A-4F5A-83C5-8F04E790949E} => pcalua.exe -a I:\SETUP.EXE -d I:\
Task: {52839B14-9F45-4F1E-A512-4A8A9EBCC826} - \9ec177f6-8298-4ed3-a42c-719cc51c5bfc-5 -> No File <==== ATTENTION
Task: {55D41CE0-843C-440F-A415-750CDE27C8ED} - \0bd447ad-5361-46fb-a09f-d30b0878b98c-6 -> No File <==== ATTENTION
Task: {56256FDC-3098-4B31-A23A-7DC1776B6895} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-05-07] (Oracle Corporation)
Task: {565598EF-D46A-4DDA-AA0A-8CE77E508993} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {586B5946-76F3-47F5-B045-C70A1787C376} - \7977bafe-59bc-4e42-a86a-b9e55d3390c0-5 -> No File <==== ATTENTION
Task: {59561BAA-823F-4590-A9B3-BC9B52B97F5C} - System32\Tasks\Global Updates AT - zedhbdnvnmi3ywv => C:\Users\Tyler\AppData\Local\zedhbdnvnmi3ywv\zhvhcdnknme3dgv.exe
Task: {5AB1B8BB-37E8-4609-BDAC-E46ACF571C75} - \9ec177f6-8298-4ed3-a42c-719cc51c5bfc-10_user -> No File <==== ATTENTION
Task: {5AEF2608-DBF3-469C-B5B1-F3F1AEE73562} - \1fd558bf-2f63-4070-8891-3e2e3f82401e-5 -> No File <==== ATTENTION
Task: {5B947211-EDD2-4341-8565-6797FBE7EC08} - System32\Tasks\H1vwY3vdDCh70RjPMEImGHc => C:\Users\Tyler\AppData\Roaming\H1vwY3vdDCh70RjPMEImGHc.exe <==== ATTENTION
Task: {5B982AAF-0D22-4B70-B74E-ED30F36A58A8} - System32\Tasks\ceXtJqa1ZAfbXe2s => C:\Users\Tyler\AppData\Roaming\ceXtJqa1ZAfbXe2s.exe <==== ATTENTION
Task: {5D0C24C4-304E-417A-89C4-D4ED30C75F4D} - \Desk 365 RunAsStdUser -> No File <==== ATTENTION
Task: {60A328F6-4396-4A5A-B32A-644B306BE9B5} - System32\Tasks\wake up => C:\Program Files (x86)\Windows Media Player\wmplayer.exe [2013-05-09] (Microsoft Corporation)
Task: {640208AE-54C1-4BC3-91C1-FC64F502ABF5} - \VisualBeeRecovery -> No File <==== ATTENTION
Task: {64B621F1-9EE7-48DE-8B72-38FA1AD44F3A} - \APSnotifierPP3 -> No File <==== ATTENTION
Task: {71ACCB30-8F1A-420B-BEDA-1D0612731AA3} - System32\Tasks\gyrn2f1g => C:\Program Files\Common Files\qte0vw2h\687c4vn3tvymm.exe <==== ATTENTION
Task: {73A2448C-79DD-44CA-AFE4-C45D4CC0D5C5} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: {74D3FDC5-661A-4DA7-947F-2D9F8212E086} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {750D8291-4859-4E9B-9C87-5B7892C5E103} - \RegClean Pro -> No File <==== ATTENTION
Task: {82156D3F-A02A-4DDD-A2A5-A5CDD37DD414} - \0bd447ad-5361-46fb-a09f-d30b0878b98c-7 -> No File <==== ATTENTION
Task: {86966DF1-B098-4A16-A34D-CB1C69A34236} - \IBUpd -> No File <==== ATTENTION
Task: {86CF991A-8C9F-4CFB-960A-B42526F9B92F} - System32\Tasks\Maintenance Service-zerhtzntnki3lwv => C:\Users\Tyler\AppData\Local\zerhtzntnki3lwv\zgjhcznvnmq3lmv.exe
Task: {8759B4B8-E044-4431-A228-6039B2244C08} - \1fd558bf-2f63-4070-8891-3e2e3f82401e-5_user -> No File <==== ATTENTION
Task: {8BD36AD8-3C13-4AF5-B6BA-F30EE8483F1F} - \SMWUpd -> No File <==== ATTENTION
Task: {92765BF7-9C24-40F0-874C-53C45BAAA615} - \Smp -> No File <==== ATTENTION
Task: {98537D1B-0645-489C-8A5C-DAF9FEA63D42} - \9ec177f6-8298-4ed3-a42c-719cc51c5bfc-5_user -> No File <==== ATTENTION
Task: {99342665-F9E5-4917-9BE8-419B2FEA9C0E} - System32\Tasks\Rueiviimhre => C:\ProgramData\Rueiviimhre\1.0.5.1\esnneefm.exe
Task: {9DED50C2-ED01-4E82-935D-971A71CC16C1} - \1fd558bf-2f63-4070-8891-3e2e3f82401e-6 -> No File <==== ATTENTION
Task: {A58660B2-6BC8-4B37-AF6C-99FA1D54050F} - \0bd447ad-5361-46fb-a09f-d30b0878b98c-1-6 -> No File <==== ATTENTION
Task: {A6C8CB9A-4AF3-4BA3-B4CE-F199D6C1E211} - \Smp -> No File <==== ATTENTION
Task: {AA2F8D34-92F3-4528-931A-017259482A6B} - System32\Tasks\{A5B912B3-C124-4F93-A2AF-5770571F4336} => pcalua.exe -a C:\Windows\iun6002.exe -c "C:\Program Files (x86)\Command And Conquer Red Alert 2 Yuri's Revenge\irunin.ini"
Task: {AB5C54A8-58A8-4FD7-85D4-8E4EB661D112} - \0bd447ad-5361-46fb-a09f-d30b0878b98c-4 -> No File <==== ATTENTION
Task: {ACC609AC-AAD1-42C9-85A7-19F518647173} - \1fd558bf-2f63-4070-8891-3e2e3f82401e-4 -> No File <==== ATTENTION
Task: {AD8662F3-FFFF-4A49-A8CC-13830A18B907} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {B09A5CCE-2B5B-4D6C-9BFD-9768EAE139EB} - \0bd447ad-5361-46fb-a09f-d30b0878b98c-10_user -> No File <==== ATTENTION
Task: {B212D762-A844-4A61-B225-8F5AF814AE41} - \1fd558bf-2f63-4070-8891-3e2e3f82401e-3 -> No File <==== ATTENTION
Task: {B24BEDAB-59D7-4F34-8212-B825B595BB1C} - \d5fc2b52-7cbd-4b57-9549-312af4118038-5_user -> No File <==== ATTENTION
Task: {B253CBFF-FD92-4658-AB87-7F59C22B918C} - \snp -> No File <==== ATTENTION
Task: {C4654E43-D4E4-4F55-9F92-17A527B09423} - \APSnotifierPP2 -> No File <==== ATTENTION
Task: {C6F71A11-9661-4287-966A-0E5A1905DA6D} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {CB36B50E-7DD1-435D-8555-4381F9B8867B} - System32\Tasks\{65D5A3FF-AAC8-4516-89FD-73CFB9329644} => Chrome.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.22.81.105&LastError=12002
Task: {CBBF3C24-1D24-46DD-9D82-0AB04B679D8D} - System32\Tasks\HF8AZUR46oA61LqdgUvcST => C:\Users\Tyler\AppData\Roaming\HF8AZUR46oA61LqdgUvcST.exe <==== ATTENTION
Task: {CEBE50E3-48E3-4334-84D5-8C656E97E67C} - \Inst_Rep -> No File <==== ATTENTION
Task: {D386C160-5740-4704-BDE8-1478C6149503} - System32\Tasks\{CB5A86A0-4710-4110-8FDC-8A2EA625FD58} => pcalua.exe -a F:\INSTALL.EXE -d F:\
Task: {DAAE29A6-5467-4AFC-A4D6-7A674998B7A5} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
Task: {E0E84790-DE49-4F9E-A563-6CA36672B03F} - \1fd558bf-2f63-4070-8891-3e2e3f82401e-11 -> No File <==== ATTENTION
Task: {E2569262-BAC5-4216-9086-54642113631B} - \Advanced System~Protector -> No File <==== ATTENTION
Task: {E2FE2805-389B-45B5-A197-37792A217376} - System32\Tasks\u24h2E284pO9WMEwc2bLxzSYRvS => C:\Users\Tyler\AppData\Roaming\u24h2E284pO9WMEwc2bLxzSYRvS.exe <==== ATTENTION
Task: {E5833A5B-4424-45C6-982D-5DA317897FE3} - \7977bafe-59bc-4e42-a86a-b9e55d3390c0-5_user -> No File <==== ATTENTION
Task: {E5E30F50-2191-4B10-93F7-51F3501BA106} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {F14EED6F-4F6B-4C1B-A6D7-F77B7F1E54B0} - System32\Tasks\{4ECADBBB-4483-4065-AEA3-073E36508632} => pcalua.exe -a "C:\Games\Call of Duty Modern Warfare 2 full game  MP - SP+updater  -=AviaRa=-\play-singleplayer.exe" -d "C:\Games\Call of Duty Modern Warfare 2 full game  MP - SP+updater  -=AviaRa=-\"
Task: {F45E8D95-5562-4A58-B757-23E9F50D526C} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27] (Adobe Systems Incorporated)
Task: {F6CB1CA8-6BDB-4A1D-BA76-77E6DA979628} - \Crossbrowse -> No File <==== ATTENTION
Task: {F8FA9F48-3690-48AF-915F-97B2D34C5349} - \0bd447ad-5361-46fb-a09f-d30b0878b98c-3 -> No File <==== ATTENTION
Task: {FAE423BB-B7E7-4D71-8658-163D2E37DF8A} - \0bd447ad-5361-46fb-a09f-d30b0878b98c-5 -> No File <==== ATTENTION
Task: {FEFEE66E-B56A-43D9-8595-DB9E91C4BABF} - System32\Tasks\{B420654E-984C-4BAB-96D7-72103AB9D31C} => pcalua.exe -a "C:\Users\Tyler\Downloads\Screaming Bee MorphVOX Pro 4.4.17 + Addons [ChingLiu]\Addons\Plug-ins\PluginMorphVOXEffectsRack_Install.exe" -d "C:\Users\Tyler\Downloads\Screaming Bee MorphVOX Pro 4.4.17 + Addons [ChingLiu]\Addons\Plug-ins"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ceXtJqa1ZAfbXe2s.job => C:\Users\Tyler\AppData\Roaming\ceXtJqa1ZAfbXe2s.exe <==== ATTENTION
Task: C:\Windows\Tasks\H1vwY3vdDCh70RjPMEImGHc.job => C:\Users\Tyler\AppData\Roaming\H1vwY3vdDCh70RjPMEImGHc.exe <==== ATTENTION
Task: C:\Windows\Tasks\HF8AZUR46oA61LqdgUvcST.job => C:\Users\Tyler\AppData\Roaming\HF8AZUR46oA61LqdgUvcST.exe <==== ATTENTION
Task: C:\Windows\Tasks\oXXiKz9TqF7hP21.job => C:\Users\Tyler\AppData\Roaming\oXXiKz9TqF7hP21.exe <==== ATTENTION
Task: C:\Windows\Tasks\u24h2E284pO9WMEwc2bLxzSYRvS.job => C:\Users\Tyler\AppData\Roaming\u24h2E284pO9WMEwc2bLxzSYRvS.exe <==== ATTENTION
Task: C:\Windows\Tasks\VvnAaBBRSURBPPg5Xtp.job => C:\Users\Tyler\AppData\Roaming\VvnAaBBRSURBPPg5Xtp.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-05-12 03:49 - 2014-05-12 03:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2015-10-23 16:55 - 2015-10-23 16:55 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-03-28 20:46 - 2011-05-05 06:30 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2012-03-28 20:45 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-12-06 17:21 - 2011-12-06 17:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-03-27 02:56 - 2012-03-27 02:56 - 02080768 _____ () C:\Program Files (x86)\webcamXP 5\IPCameraRTSP.ax
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3666182603-3330038474-3966174749-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-3666182603-3330038474-3966174749-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AFBAgent => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: wxpSvc => 3
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{60BF36DF-74D9-4160-99C5-CAAE552CD331}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{1E8BD3EA-A0D7-44A2-A901-0F5A8F271DEE}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{9096551D-55F6-421A-A6AB-AD1B79852241}] => (Allow) S:\Steam\Steam.exe
FirewallRules: [{AA197C0E-05B7-4CAF-8A5A-ECCE404AE78E}] => (Allow) S:\Steam\Steam.exe
FirewallRules: [{D837312C-AB8A-4234-A9BC-15AD0CD96348}] => (Allow) S:\Steam\bin\steamwebhelper.exe
FirewallRules: [{5C20A7DD-7BF3-4FFB-9CF6-370BF6C47781}] => (Allow) S:\Steam\bin\steamwebhelper.exe

==================== Faulty Device Manager Devices =============

Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2015 04:34:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spyhunter4.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 9c8

Start Time: 01d11015bc3bd58f

Termination Time: 24

Application Path: C:\Program Files (x86)\Enigma Software Group\SpyHunter\Spyhunter4.exe

Report Id: a394d669-7c31-11e5-ad8b-00acd122768f

Error: (10/26/2015 04:29:30 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3666182603-3330038474-3966174749-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {111b81d0-e315-48a6-890b-1d09436d3299}

Error: (10/26/2015 04:24:55 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-3666182603-3330038474-3966174749-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.


Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {c0e09722-5902-4a2d-9616-defa35d91132}

Error: (10/26/2015 11:35:09 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (10/26/2015 11:29:09 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (10/26/2015 11:27:07 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (10/26/2015 11:26:50 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\Tyler\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (10/26/2015 10:32:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 25.10.2015.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12ac

Start Time: 01d10fcb62f2e1bd

Termination Time: 10

Application Path: C:\Users\Tyler\Downloads\FRST64.exe

Report Id: 0e66bc9f-7bc0-11e5-ab55-00acd122768f

Error: (10/26/2015 02:06:20 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000018c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,000000000289EF40.72).  hr = 0x80070005, Access is denied.
.

Error: (10/26/2015 02:06:20 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000cc8,SYSTEM\CurrentControlSet\Services\VSS\Diag\MSSearch Service Writer,0,REG_BINARY,000000000CEDE430.72).  hr = 0x80070005, Access is denied.
.


Operation:
   BackupShutdown Event

Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {a96c5aab-bb30-46cb-b094-1d62da1d3175}


System errors:
=============
Error: (10/26/2015 11:27:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 100 milliseconds: Run the configured recovery program.

Error: (10/26/2015 11:25:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Antimalware Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

Error: (10/26/2015 11:25:31 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%834

    Error Code: 0x8007043c

    Error description: This service cannot be started in Safe Mode

    Reason: %%858

Error: (10/26/2015 11:01:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (10/26/2015 11:00:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (10/26/2015 11:00:22 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/26/2015 11:00:22 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/26/2015 11:00:21 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/26/2015 11:00:16 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/26/2015 10:59:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


==================== Memory info ===========================

Processor: Intel® Core i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 37%
Total physical RAM: 7969.14 MB
Available physical RAM: 5004.43 MB
Total Virtual: 166720.22 MB
Available Virtual: 163506.1 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:400.42 GB) (Free:96.51 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive s: (Steam) (Fixed) (Total:170.75 GB) (Free:26.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=400.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=170.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Baraniski]

Call of duty patches are showing up on the additional, but i cannot find the on the PC with a search

[kevinf80]

Continue as follows:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• Double click on Adwcleaner.exe to run the tool.
• Click on the Scan in the Actions box
• Please wait fot the scan to finish..
• When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
• Click on the Cleaning box.
• Next click OK on the "Closing Programs" pop up box.
• Click OK on the Information box & again OK to allow the necessary reboot
• After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...
  

Next,
 
Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts. (re-enable when done)
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.
  

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me see those logs, also give an update on any remaining issues or concerns..

 

Thank you,

 

Kevin
 

Fixlist.txt

[Baraniski]

heres the fixlog, ill send the others after

Fixlog.txt

[Baraniski]

adw cleaner log

AdwCleanerS7.txt

[Baraniski]

JRT.txt

 

 

JRT.txt

[Baraniski]

MRT logs and well, all the text files i guess, when i scan with malawarebytes i get this still

wiatrace.log

mrt.log

[kevinf80]

Your system was awash with malware/infection, including ZeroAccess so this was never going to be a quick fix. What is "wiatrace.log" what produces that log?

 

Next,

 

Scan with ZOEK

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:
  

services_list;standardsearch;autoclean;emptyclsid;emptyfolderscheck;deleteiedefaults;firefoxlook;chromelook;FFdefaults;CHRdefaults;

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
  

Please include its content in your next reply. Don't forget to re-enable security software!

 

Let me see that log, also let me know if there are any remaining issues or concerns...

 

Thank you,

 

Kevin
 

[Baraniski]

i found that other log stuck with the MRT log in a wiatrace folder. but heres the Zoek log

zoek-results.log

[kevinf80]

Thanks for the zoek log, what is the current status of your system, are there any remaining issues or concerns?

[Baraniski]

Mostly everything is gone from the pc most often stuff isn't coming back, but that Chinad keeps poping up no matter what. When I try to play some thing windowed it like to blink and move around a bit. Startup will take forever to load sometimes. But it's mostly this Chinad

[kevinf80]

In reply 11 you posted a screen shot from Malwarebytes, can you give me the full Location Address of the Adware.Chinad entry..

[Baraniski]

Hkey local machine/software/microsoft/windows/current version/shell extensions/ approved and its just in there, ive tried removing it manually but that doesnt seem to do anything

[kevinf80]

Thanks for the image, open regedit again, navigate to that key you provided once again. Right click direct on the CLSID No. and select Delete

 

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\APPROVED\{646BAAE7-7538-4866-8eee-974C0AA910AB}

 

Re-boot after the deletion completes, check if the issue returns..

[Baraniski]

MAN! your are honestly the most wicked person in the world, ive been trying to get rid of this bullshit for 4/5 days. first thing i did was delete it in the registry, but now since i guess i ran all these programs the registry file stopped readding itself, thank you soooo much man +rep. and ill seriously consider donating! thank you so daamn much!

[kevinf80]

Run couple more scans, if these are clear we can clean up, remove tools etc...

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
• Close the program > Don't Fix anything!
  

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log
 

Cheers,

 

Kevin.....

[Baraniski]

the blinking taskbars are still an issue, will send the logs haha

[kevinf80]

Thanks for the update, "blinking taskbars" what do you mean/refer to. which tasksbars?

[Baraniski]

here you go

roguekiller.txt

mrt.log

[Baraniski]

what i meant really was blinking tasks, like firefox will flash now and again and show the desktop sometimes

[kevinf80]

Double-click RogueKiller.exe to run again. (Vista/7/8/10 right-click and select Run as Administrator)

When "initializing/pre-scan” completes  press the Scan button, this may take a few minutes to complete.

When the scan completes open the Registry tab and locate the following detections:


[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | nagbu : C:\Users\Tyler\AppData\Roaming\afght\hmjsqy\zeqlj.exe /autorun [x][x] -> Found


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked.

Hit the Delete button, when complete select "Report" in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference.

 

Let me know if there is any improvement...