Jump to content

ninthclub and camelcap virus


Recommended Posts

I'm just copying and pasting what i posted in another thread. Was asked to make my own topic. It was about ninthclub.com and camelcap.com being blocked with malwarebytes every time I try to browse on firefox or chrome, but when I scan my computer with malwarebytes, it doesn't find and remove the issue.

 

 

I'm having the same issue on firefox and chrome. My IE wont even open. Malwarebytes blocks something from ninthclub.com and sometimes something from camelcap.com. There has been a couple others but i dont remember them and these are the main 2. Also, video stopped working on firefox everywhere except youtube and chrome stopped loading pages all together. It's like its not even trying to load them. I don't even get to an error message or anything and this also includes the settings page.

 

So I gathered the information that you asked the other guy for and here it is: (In the FRST log I highlighted, underlined and enlarged a line of text for a file that kept popping up with "ydsGNMAAUWqgBBt.exe has stopped working". It stopped happening when I bought malewarebytes but its obviously still affecting something. Every time I track down a version of that file and delete it, it comes back.)

 

Malewarebytes log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/30/2015
Scan Time: 6:41 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.10.30.07
Rootkit Database: v2015.10.28.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Macedizzle

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 367331
Time Elapsed: 53 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

_______________________________________________________

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-10-2015
Ran by Macedizzle (administrator) on MACEDIZZLE (30-10-2015 19:40:23)
Running from C:\Users\Macedizzle\Downloads
Loaded Profiles: Macedizzle (Available Profiles: Macedizzle & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe
() C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-27] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-579903058-137395532-2418355931-1000\...\Run: [3690935216] => regsvr32.exe "C:\ProgramData\Vohve\DehbOmvob.dll"
HKU\S-1-5-18\...\RunOnce: [isMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2
Tcpip\..\Interfaces\{FE07A412-2512-4951-83FE-14D65E5606C6}: [DhcpNameServer] 71.10.216.1 71.10.216.2

Internet Explorer:
==================
URLSearchHook: HKU\S-1-5-21-579903058-137395532-2418355931-1000 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKLM-x32 -> DefaultScope {C25F7D09-7224-4827-97F2-7D895BB05BEB} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-579903058-137395532-2418355931-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-579903058-137395532-2418355931-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-579903058-137395532-2418355931-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-20] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Macedizzle\AppData\Roaming\Mozilla\Firefox\Profiles\6bggr8l0.default-1446244318840
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-30] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-20] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore => not found

Chrome:
=======
CHR HomePage: Default -> about:home
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?CUI=UN33899355722046212&ctid=CT3279141&SearchSource=48","hxxp://search.conduit.com/?CUI=UN29598048081466128&ctid=CT3279141&SearchSource=48","hxxp://mysearch.avg.com?cid={A7F3CA6C-8462-4C19-8274-5417C2924751}&mid=3834c98ab71c47d38112d16c22623f64-4f9ac4e76022c0346a5580789a9d832360431931〈=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-10-26 23:14:39&v=17.0.0.12&pid=safeguard&sg=0&sap=hp","hxxp://search.conduit.com/?ctid=CT3279412&SearchSource=48&CUI=UN39575475273011824&UM=2&sspv=TB_CNI1","hxxp://start.mysearchdial.com/?f=1&a=suma0103&cd=2XzuyEtN2Y1L1Qzu0EzzyEtD0FtBtCyByB0E0AzzyC0C0BtCtN0D0Tzu0CyBzztDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=145805346&ir=","hxxp://search.yahoo.com/?type=AC6CABBA6ED3B4F86BCF_s55_g_e&fr=conduit","hxxp://mysearch.avg.com/?cid={A7F3CA6C-8462-4C19-8274-5417C2924751}&mid=3834c98ab71c47d38112d16c22623f64-4f9ac4e76022c0346a5580789a9d832360431931〈=en&ds=co012&coid=avgtbdisco&pr=sa&d=2013-10-26%2023:14:39&v=17.0.0.12&pid=safeguard&sg=0&sap=hp"
CHR Profile: C:\Users\Macedizzle\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S4 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-30] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42088 2015-06-03] (Anchorfree Inc.)
S3 avchv; system32\DRIVERS\avchv.sys [X]
S1 qknfd; system32\drivers\qknfd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-30 19:40 - 2015-10-30 19:40 - 00012421 _____ C:\Users\Macedizzle\Downloads\FRST.txt
2015-10-30 19:39 - 2015-10-30 19:40 - 00000000 ____D C:\FRST
2015-10-30 19:39 - 2015-10-30 19:39 - 02198016 _____ (Farbar) C:\Users\Macedizzle\Downloads\FRST64.exe
2015-10-30 18:32 - 2015-10-30 18:32 - 00000000 ____D C:\Users\Macedizzle\Desktop\Old Firefox Data
2015-10-30 17:52 - 2015-10-30 17:52 - 28849904 _____ C:\Users\Macedizzle\Downloads\vlc-2.2.1-win32.exe
2015-10-30 17:49 - 2015-10-30 17:49 - 13155552 _____ (Microsoft Corporation) C:\Users\Macedizzle\Downloads\Silverlight_x64.exe
2015-10-30 17:45 - 2015-10-30 17:45 - 00584288 _____ (Oracle Corporation) C:\Users\Macedizzle\Downloads\jre-8u65-windows-i586-iftw.exe
2015-10-30 17:45 - 2015-10-30 17:45 - 00003194 _____ C:\Windows\System32\Tasks\{D3BF4046-4EC0-4270-AD30-2E35DAE068CB}
2015-10-30 16:40 - 2015-10-30 16:45 - 01068672 _____ C:\Users\Macedizzle\AppData\Local\ec4950f3c9f7662c86fe489dcc1d2a17
2015-10-30 16:39 - 2015-10-30 18:10 - 00570915 _____ C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe
2015-10-30 13:00 - 2015-10-30 13:00 - 00000000 _____ C:\autoexec.bat
2015-10-30 12:56 - 2015-10-30 12:56 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Macedizzle\Downloads\SpyHunter-Installer.exe
2015-10-30 10:31 - 2015-10-30 19:36 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-30 10:31 - 2015-10-30 18:17 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-30 10:31 - 2015-10-30 10:31 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-30 10:31 - 2015-10-30 10:31 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-30 10:31 - 2015-10-30 10:31 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-30 10:31 - 2015-10-30 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-30 10:30 - 2015-10-30 10:30 - 00929872 _____ (Google Inc.) C:\Users\Macedizzle\Downloads\ChromeSetup(1).exe
2015-10-30 09:52 - 2015-10-30 18:16 - 00000280 _____ C:\Windows\setupact.log
2015-10-30 09:52 - 2015-10-30 15:53 - 00003532 _____ C:\Windows\PFRO.log
2015-10-30 09:52 - 2015-10-30 09:52 - 00000000 _____ C:\Windows\setuperr.log
2015-10-30 09:40 - 2015-10-30 09:40 - 00001081 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\VS Revo Group
2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-10-30 09:40 - 2015-10-30 09:40 - 00000000 ____D C:\Program Files\VS Revo Group
2015-10-30 09:40 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-10-30 09:39 - 2015-10-30 09:39 - 11069616 _____ (VS Revo Group ) C:\Users\Macedizzle\Downloads\RevoUninProSetup.exe
2015-10-29 13:44 - 2015-10-29 13:44 - 00004096 _____ C:\ProgramData\VVQZZGrPEC94.dll
2015-10-29 13:43 - 2015-10-29 13:43 - 00450560 _____ (Microsoft Corporation) C:\Users\Macedizzle\AppData\Roaming\wpstmd.exe
2015-10-28 10:43 - 2015-10-28 10:43 - 01781760 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\lcpafit.exe
2015-10-28 10:42 - 2015-10-28 10:42 - 01794048 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\kzotuj.exe
2015-10-28 10:42 - 2015-10-28 10:42 - 01765376 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\bwdqpmd.exe
2015-10-28 08:05 - 2015-10-28 08:05 - 00929872 _____ (Google Inc.) C:\Users\Macedizzle\Downloads\ChromeSetup.exe
2015-10-28 06:15 - 2015-10-28 06:16 - 343784991 ____R C:\Users\Macedizzle\Downloads\The.Flash.2014.S02E04.HDTV.x264-KILLERS[eztv].mp4
2015-10-28 05:36 - 2015-10-30 18:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-28 05:35 - 2015-10-28 05:35 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-28 05:35 - 2015-10-28 05:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-28 05:35 - 2015-10-28 05:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-28 05:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-28 05:35 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-28 05:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-28 05:34 - 2015-10-28 05:35 - 22908888 _____ (Malwarebytes ) C:\Users\Macedizzle\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-28 05:22 - 2015-10-28 05:22 - 00003512 _____ C:\Windows\System32\Tasks\ydsGNMAAUWqgBBt
2015-10-26 10:22 - 2015-10-26 10:22 - 00004096 _____ C:\ProgramData\wk4BzK3g0CCA.dll
2015-10-26 02:53 - 2015-10-26 02:54 - 00000000 ____D C:\ProgramData\Vohve
2015-10-26 02:52 - 2015-10-28 06:07 - 00000000 ___HD C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A}
2015-10-26 02:50 - 2015-10-26 02:56 - 00000000 ____D C:\Users\Macedizzle\Downloads\The.Walking.Dead.S06E03.HDTV.x264-KILLERS[ettv]
2015-10-22 07:27 - 2015-10-22 07:27 - 00000000 ____D C:\Users\Macedizzle\Downloads\Arrow.S04E03.HDTV.x264-LOL[ettv]
2015-10-21 07:53 - 2015-10-21 07:53 - 00000000 ____D C:\Users\Macedizzle\Downloads\The.Flash.2014.S02E03.HDTV.x264-LOL[ettv]
2015-10-14 21:23 - 2015-10-14 21:23 - 00000000 ____D C:\Users\Macedizzle\Downloads\Arrow.S04E02.HDTV.x264-LOL[ettv]
2015-10-14 07:54 - 2015-10-14 07:54 - 00000000 ____D C:\Users\Macedizzle\Downloads\The.Flash.2014.S02E02.HDTV.x264-LOL[ettv]
2015-10-07 21:05 - 2015-10-07 21:05 - 00000000 ____D C:\Users\Macedizzle\Downloads\Arrow.S04E01.HDTV.x264-LOL[ettv]
2015-10-06 21:13 - 2015-10-06 21:45 - 269859594 _____ C:\Users\Macedizzle\Downloads\The Flash 2014 S02E01 HDTV x264-LOL.mp4
2015-10-05 08:20 - 2015-10-05 08:22 - 00000000 ____D C:\Users\Macedizzle\Downloads\Fear.The.Walking.Dead.S01E06.HDTV.x264-KILLERS[ettv]
2015-10-04 20:16 - 2015-10-04 20:17 - 00000000 ____D C:\Users\Macedizzle\Downloads\Heroes Reborn S01E03 HDTV XviD-FUM[ettv]

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-30 19:34 - 2013-07-15 03:56 - 01712303 _____ C:\Windows\WindowsUpdate.log
2015-10-30 18:44 - 2013-11-15 08:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-30 18:25 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-30 18:25 - 2009-07-14 00:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-30 18:16 - 2013-07-17 02:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-30 18:16 - 2013-07-17 02:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-30 18:16 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-30 18:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-10-30 17:52 - 2013-07-15 14:47 - 00000000 ____D C:\Users\Macedizzle\AppData\Roaming\vlc
2015-10-30 17:50 - 2013-07-17 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-30 16:36 - 2015-05-21 22:21 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\CrashDumps
2015-10-30 16:25 - 2009-07-14 01:08 - 00026436 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-10-30 12:07 - 2013-07-15 02:17 - 00000000 ____D C:\Users\Macedizzle
2015-10-30 12:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Vss
2015-10-30 10:32 - 2013-07-15 02:25 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\Google
2015-10-30 10:31 - 2013-07-15 02:25 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-30 10:21 - 2013-07-15 14:08 - 00000000 ____D C:\Users\Macedizzle\AppData\Roaming\uTorrent
2015-10-30 10:20 - 2015-08-03 09:43 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-30 10:14 - 2015-07-22 10:46 - 00000000 ____D C:\Program Files\Highresolution Enterprises
2015-10-30 10:04 - 2013-11-15 08:34 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-30 10:04 - 2013-11-15 08:34 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-30 10:04 - 2013-11-15 08:24 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\Adobe
2015-10-30 10:04 - 2011-11-04 01:29 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-28 09:10 - 2015-08-13 03:11 - 00000000 ____D C:\Program Files\CCleaner
2015-10-28 06:07 - 2014-01-30 00:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-28 06:07 - 2013-11-15 08:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-28 06:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-10-28 06:03 - 2013-11-30 17:45 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\NativeMessaging
2015-10-26 07:22 - 2013-08-01 15:35 - 00000000 ___HD C:\Users\Macedizzle\Downloads\~Hidden
2015-10-26 07:18 - 2015-06-23 12:48 - 00000000 ____D C:\Users\Macedizzle\AppData\Roaming\TS3Client
2015-10-25 14:24 - 2013-11-29 23:17 - 00000000 ____D C:\Users\Macedizzle\AppData\Local\Battle.net
2015-10-25 13:19 - 2013-11-29 23:32 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-10-25 12:58 - 2013-11-29 23:17 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-10-15 07:44 - 2009-07-14 01:13 - 00833076 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-15 07:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF

==================== Files in the root of some directories =======

2015-10-28 10:42 - 2015-10-28 10:42 - 1765376 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\bwdqpmd.exe
2015-10-28 10:42 - 2015-10-28 10:42 - 1794048 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\kzotuj.exe
2015-10-28 10:43 - 2015-10-28 10:43 - 1781760 _____ (DVDVideoSoft Ltd.) C:\Users\Macedizzle\AppData\Roaming\lcpafit.exe
2014-02-19 03:07 - 2014-02-19 03:07 - 0000047 _____ () C:\Users\Macedizzle\AppData\Roaming\WB.CFG
2015-10-29 13:43 - 2015-10-29 13:43 - 0450560 _____ (Microsoft Corporation) C:\Users\Macedizzle\AppData\Roaming\wpstmd.exe
2015-10-30 16:40 - 2015-10-30 16:45 - 1068672 _____ () C:\Users\Macedizzle\AppData\Local\ec4950f3c9f7662c86fe489dcc1d2a17
2015-05-02 17:55 - 2015-05-02 17:55 - 0000036 _____ () C:\Users\Macedizzle\AppData\Local\housecall.guid.cache
2014-02-10 16:02 - 2014-02-10 16:02 - 0007606 _____ () C:\Users\Macedizzle\AppData\Local\Resmon.ResmonCfg
2015-10-30 16:39 - 2015-10-30 18:10 - 0570915 _____ () C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe
2013-07-15 04:22 - 2013-07-15 04:29 - 0015221 _____ () C:\ProgramData\ArcadeDeluxe5.log
2015-08-26 14:56 - 2015-08-26 14:58 - 0000032 _____ () C:\ProgramData\PS.log
2015-10-29 13:44 - 2015-10-29 13:44 - 0004096 _____ () C:\ProgramData\VVQZZGrPEC94.dll
2015-10-26 10:22 - 2015-10-26 10:22 - 0004096 _____ () C:\ProgramData\wk4BzK3g0CCA.dll

Files to move or delete:
====================
C:\ProgramData\VVQZZGrPEC94.dll
C:\ProgramData\wk4BzK3g0CCA.dll


Some files in TEMP:
====================
C:\Users\Macedizzle\AppData\Local\Temp\vlc-2.2.1-win32.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-30 11:29

==================== End of FRST.txt ============================

 

___________________________________________________________________________

 

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-10-2015
Ran by Macedizzle (2015-10-30 19:41:49)
Running from C:\Users\Macedizzle\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-07-15 06:17:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-579903058-137395532-2418355931-500 - Administrator - Disabled)
Guest (S-1-5-21-579903058-137395532-2418355931-501 - Limited - Disabled)
Macedizzle (S-1-5-21-579903058-137395532-2418355931-1000 - Administrator - Enabled) => C:\Users\Macedizzle

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-579903058-137395532-2418355931-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0530.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.2.43 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{3605D89A-BD66-F5C5-779B-BE9110B41077}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FTL -  Advanced Edition (HKLM-x32\...\GOGPACKFTL_is1) (Version: 2.1.0.11 - GOG.com)
FTL version 1.03.3 (HKLM-x32\...\{20E23A40-38E5-4DD6-B738-BC8097AE66B6}_is1) (Version: 1.03.3 - Subset Games)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.17.5 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Boy Advance Packages (HKU\S-1-5-21-579903058-137395532-2418355931-1000\...\Visual Boy Advance Packages) (Version:  - ) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

28-10-2015 05:30:28 AA11
30-10-2015 09:42:23 Revo Uninstaller Pro's restore point - Adobe Flash Player 19 NPAPI
30-10-2015 09:45:59 Revo Uninstaller Pro's restore point - Acrylic Wi-Fi Free v2.3
30-10-2015 09:48:35 Revo Uninstaller Pro's restore point - Google Chrome
30-10-2015 10:13:58 Revo Uninstaller Pro's restore point - X-Mouse Button Control 2.10.2
30-10-2015 18:12:08 Windows Modules Installer

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E3E602C-A623-42F4-81B8-1564B1988E4A} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {46032276-9B26-4ABD-B05D-FE5583D76AF3} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {46C37929-0ACC-4B53-B25B-5FCA5EF5B2B2} - System32\Tasks\ydsGNMAAUWqgBBt => C:\Users\Macedizzle\AppData\Local\ydsGNMAAUWqgBBt.exe [2015-10-30] ()
Task: {47547F90-BA48-4A60-993E-B78FC98D59D5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)
Task: {890096E1-FC22-4A68-B5EE-6EAA767D1D7B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-30] (Adobe Systems Incorporated)
Task: {C64F497E-BC0F-4B8D-ACCB-A3F60A2B02A5} - System32\Tasks\{A02E7E3D-E73B-4BA8-935B-10B325559EBF} => pcalua.exe -a C:\Users\Macedizzle\Downloads\pecsetup.exe -d C:\Users\Macedizzle\Downloads
Task: {C72F5CD0-DF14-4E80-9415-9A3CC83A3F79} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {C87DE2F2-701B-47CA-8468-E9773B647207} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {CE164FF5-71D4-4146-AA1D-C026D30C8951} - System32\Tasks\{D3BF4046-4EC0-4270-AD30-2E35DAE068CB} => pcalua.exe -a C:\Users\Macedizzle\Downloads\jre-8u65-windows-i586-iftw.exe -d C:\Users\Macedizzle\Downloads
Task: {CFFB314E-8A98-4E03-A973-4A12B4CB7143} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============


==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:48081133

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-579903058-137395532-2418355931-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Macedizzle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: 0184491392062471mcinstcleanup => 2
MSCONFIG\Services: 70e6ca8c => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: DsiWMIService => 2
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: ePowerSvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: GREGService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HTCMonitorService => 2
MSCONFIG\Services: LavasoftAdAwareService11 => 2
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: NTI IScheduleSvc => 2
MSCONFIG\Services: PassThru Service => 2
MSCONFIG\Services: SbieSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Update FindRight => 2
MSCONFIG\Services: Util FindRight => 2
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.6.306.7947\AdAwareTray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Chrome => C:\PROGRA~3\taskhost.exe
MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: RSA3122687153 => C:\Windows\system32\rundll32.exe "C:\Users\Macedizzle\AppData\Roaming\Microsoft\Crypto\RSA\RSA3122687153.dll",DllInitialize
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Sidebar => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{77A7AFCC-285F-4841-922D-B331F77B3E12}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E8D2277F-8CC4-49EC-B03D-0BF488B8C886}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{1D833432-CB72-4F8F-87E3-6BFCA9CDD8A6}] => (Allow) LPort=2869
FirewallRules: [{07470B16-D9EC-428B-9862-19EBA9785956}] => (Allow) LPort=1900
FirewallRules: [{807E4311-70F0-4F3C-93DA-0B3B445AF9DE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{83755AC7-12BF-4B96-9A08-2BE3559E36C4}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{907EFCD7-4FAF-4EE3-9D59-1E381CCC8ABE}] => (Allow) C:\Users\Macedizzle\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6D21687B-6CED-4971-9FAC-5C0230F93FA0}] => (Allow) C:\Users\Macedizzle\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6DD02DE4-D1C6-4A8B-89DD-9B7B2044B25A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{22595AD7-CFDC-4321-8FEA-F159A88A0760}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9AE41DF3-45C9-46B9-98F5-A33799712766}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{6C9CCB56-7F13-4CEB-ACE1-3DF73433F2A2}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{FA39B24B-CCA8-4838-BE65-7640ADA7E817}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{F0386638-F287-4428-BEF4-D06FD51730DB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{F02C0E6A-912A-480B-B8A9-A6AF60FA268B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{F341DEEF-E55C-4CDF-9ABF-5C3E0E6EE3EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [TCP Query User{CF05B211-94C5-4EC2-AB8C-F105FA427A69}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [uDP Query User{D66A0195-AE25-496A-9438-BA28A28C95D2}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{5594012D-A185-422C-9BB9-C7C176EB0F14}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [uDP Query User{71F82D1B-6C9E-4B9E-9797-C774B0D01B90}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{DE4A492B-EEC1-4BC8-BD5A-DB47E1661CDC}] => (Block) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{EC6C2429-E83F-4E5A-B1A2-B8B45A9D6C9D}] => (Block) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{B8DF9CC2-9DDA-4B36-B5AE-6B9AB186641D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F6EAB6A-FD0A-4C24-BF2A-2965BF94ACBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{6474AF94-D384-4C90-9196-16FC7E89B164}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{261863D2-2FF5-4007-AEE6-03AF6745515E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BC027C95-0F26-402D-BBBA-44099290F89B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3786E820-8DE4-4E7A-AEAE-C7DB32B8E1C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7FE48A35-881B-4251-9FBD-72E81A68BC05}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4F8EBE22-2F25-4AE2-8100-FB5482BF8200}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{29BE87DA-494D-4B62-96AB-15D3A78EDD9F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [uDP Query User{3C1345B3-D857-4DEE-B48A-5C9315DA83B6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{F2317EF6-8A0B-4538-A84C-A1726E0E07C8}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{F47988AC-3091-49D6-83A0-2CF6B32F7156}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{0C819B4F-CDDF-4A2E-91C8-4264FB72AD71}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovie.exe
FirewallRules: [{B5F372F3-46EE-4733-88BC-814CCE286E89}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\TouchMovieService.exe
FirewallRules: [TCP Query User{A389A0F7-9882-456E-A8AC-E70A919EDE03}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [uDP Query User{8A1606BE-D026-4DF0-A868-C53E489EADFF}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{E3B236AE-FDC3-4A85-BC62-A6E070B02ECC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: qknfd
Description: qknfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: qknfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2015 06:18:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f) (0x8004117f)

Error: (10/30/2015 06:17:34 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/30/2015 06:17:33 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
    0x%08x (0x8004117f - The content index server cannot update or access information because of a database error.  Stop and restart the search service.  If the problem persists, reset and recrawl the content index.  In some cases it may be necessary to delete and recreate the content index.  (HRESULT : 0x8004117f))


System errors:
=============
Error: (10/30/2015 06:17:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/30/2015 06:17:34 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (10/30/2015 06:17:01 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
qknfd

Error: (10/30/2015 04:27:11 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (10/30/2015 04:25:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: AMD E-350 Processor
Percentage of memory in use: 44%
Total physical RAM: 2793.9 MB
Available physical RAM: 1543.56 MB
Total Virtual: 5586.01 MB
Available Virtual: 3758.41 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:71.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1F6C7E49)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

Any help would be awesome. Thanks for any effort put to this very annoying problem.

TDSSKiller.3.1.0.5_30.10.2015_20.09.53_log.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.