Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Popups on Windows 8 [Closed]


  • This topic is locked This topic is locked
6 replies to this topic

#1 p1052445

p1052445

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 29 October 2014 - 06:19 PM

There are popups coming up all over the place when I access the internet on a Windows 8 computer. I downloaded and ran Malwarebytes Antimalware and it found and fixed over 1500 issues. I also downloaded and ran scans using aswMBR and FRST. Logs below. Thanks for your help!

 

aswMBR version 1.0.1.2161 Copyright© 2014 AVAST Software Run date: 2014-10-29 19:52:24 ----------------------------- 19:52:24.373 OS Version: Windows x64 6.2.9200 19:52:24.373 Number of processors: 2 586 0x3708 19:52:24.374 ComputerName: LAPBUSCUS UserName: Nathaniel 19:52:25.628 Initialize success 19:52:25.628 VM: initialized successfully 19:52:25.647 VM: Intel CPU supported 19:52:28.583 VM: supported disk I/O storport.sys 19:57:39.119 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000021 19:57:39.125 Disk 0 Vendor: WDC_WD5000LPVX-80V0TT0 01.01A01 Size: 476940MB BusType: 11 19:57:39.268 VM: Disk 0 MBR read successfully 19:57:39.273 Disk 0 MBR scan 19:57:39.278 Disk 0 unknown MBR code 19:57:39.282 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1 19:57:39.320 Disk 0 scanning C:\Windows\system32\drivers 19:57:46.302 Service scanning 19:58:09.129 Modules scanning 19:58:09.140 Disk 0 trace - called modules: 19:58:09.149 19:58:09.158 Disk 0 statistics 131230/0/5 @ 12.53 MB/s 19:58:09.166 Scan finished successfully 19:58:21.119 Disk 0 MBR has been saved successfully to "C:\Users\Nathaniel\Desktop\MBR.dat" 19:58:21.131 The log file has been saved successfully to "C:\Users\Nathaniel\Desktop\aswMBR.txt"

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 Ran by Nathaniel (administrator) on LAPBUSCUS on 29-10-2014 20:00:06 Running from C:\Users\NATHANIEL\Desktop Loaded Profile: Nathaniel (Available profiles: Nathaniel) Platform: Windows 8.1 Connected (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe (Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Crawler.com) C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (Ascentive) C:\Program Files (x86)\Ascentive\Performance Center\ApcMain.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Ascentive LLC) C:\Program Files (x86)\Ascentive\Finally Fast\FinallyFast.Exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Crawler.com) C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe (Crawler.com) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe (YTDownloader) C:\Program Files (x86)\YTDownloader\YTDownloader.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (YTDownloader) C:\Program Files (x86)\YTDownloader\DownloadHelper.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSPanel.exe (Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SpywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [3733896 2014-09-19] (Crawler.com) HKLM\...\Run: [SpywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5411208 2014-09-19] (Crawler.com) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [1080992 2014-04-18] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] () HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.) HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3189702464-2475451321-452398053-1005\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-16] (Electronic Arts) HKU\S-1-5-21-3189702464-2475451321-452398053-1005\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988968 2014-08-25] (YTDownloader) HKU\S-1-5-21-3189702464-2475451321-452398053-1005\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [675696 2014-08-01] (SUPER PC TOOLS LIMITED) HKU\S-1-5-21-3189702464-2475451321-452398053-1005\...\MountPoints2: {d45e4cce-e243-11e3-8253-806e6f6e6963} - "D:\aoesetup.exe" /autorun ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.2.301\ASUSWSShellExt64.dll (ASUS Cloud Corporation.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?pc=ASJB StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...r=727372032&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://astromenda.co...r=727372032&ir= SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://astromenda.co...r=713763248&ir= SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=IE10TR&pc=ASJB SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...=IE10TR&pc=ASJB SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...q={searchTerms} SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://www.bing.com/...q={searchTerms} SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-s...p={searchTerms} BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{17E0E230-9309-4B98-BF97-C9721BDE1320}: [NameServer] 81.218.119.15,199.203.35.75 Tcpip\..\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}: [NameServer] 208.69.150.250,208.69.150.252 FireFox: ======== FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin HKCU: @nsroblox.roblox.com/launcher -> C:\Users\Nathaniel\AppData\Local\Roblox\Versions\version-e66ffbb509ce4483\\NPRobloxProxy.dll ( ROBLOX Corporation) FF Plugin HKCU: @nsroblox.roblox.com/launcher64 -> C:\Users\Nathaniel\AppData\Local\Roblox\Versions\version-e66ffbb509ce4483\\NPRobloxProxy64.dll ( ROBLOX Corporation) Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HomePage: Default -> hxxp://www-search.net/?s=E9Pztugdu0341,0b955ef0-bd49-4dd7-9093-b5eb75c02723, CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchKeyword: Default -> www-search.net CHR DefaultSuggestURL: Default -> http://api.searchpre...d={searchTerms} CHR Profile: C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-18] CHR Extension: (BlockAndSurf) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehabfcaefcglpikbdfkngdibbddbcnba [2014-10-15] CHR Extension: (Framed Display) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gagcbogmgkaogoadfcoicjdojbmkegao [2014-10-18] CHR Extension: (Citable) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfiabcklnnhkmkcdjjpmgghiimjkaeio [2014-10-14] CHR Extension: (Object Browser) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfjefnfnmmnkcckbjjcganphignempo [2014-10-13] CHR Extension: (Google Wallet) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-18] CHR Extension: (WebTop Quick login tool) - C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\phbooabomhiefkllgocicphjpcaijdgi [2014-10-13] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-29] () [File not signed] R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed] R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation) R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation) S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation) R2 SC_Svc; C:\Program Files (x86)\Spyware Clear\SC_svc64.exe [3035016 2014-09-19] (Crawler.com) S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation) S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( ) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-29] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-27] (Intel Corporation) R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2014-08-25] (YTDownloader) R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows ® Win 7 DDK provider) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation) R2 webinstrNew; C:\Windows\system32\Drivers\webinstrNew.sys [56504 2014-10-15] (Corsica) S1 MpKsl497c9f58; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2EDB4F41-7FFF-40BB-A51A-2556900B9EE8}\MpKsl497c9f58.sys [X] U0 msahci; system32\drivers\msahci.sys U3 aswMBR; \??\C:\Users\NATHAN~1\AppData\Local\Temp\aswMBR.sys [X] U3 aswVmm; \??\C:\Users\NATHAN~1\AppData\Local\Temp\aswVmm.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-29 20:00 - 2014-10-29 20:01 - 00016509 _____ () C:\Users\Nathaniel\Desktop\FRST.txt 2014-10-29 19:59 - 2014-10-29 20:00 - 00000000 ____D () C:\FRST 2014-10-29 19:58 - 2014-10-29 19:58 - 00001339 _____ () C:\Users\Nathaniel\Desktop\aswMBR.txt 2014-10-29 19:58 - 2014-10-29 19:58 - 00000512 _____ () C:\Users\Nathaniel\Desktop\MBR.dat 2014-10-29 19:44 - 2014-10-29 19:46 - 02113536 _____ (Farbar) C:\Users\Nathaniel\Desktop\FRST64.exe 2014-10-26 19:42 - 2014-10-26 19:48 - 00000000 ____D () C:\ProgramData\374311380 2014-10-26 18:33 - 2014-10-29 19:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-26 18:33 - 2014-10-26 18:33 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-26 18:33 - 2014-10-26 18:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-26 18:33 - 2014-10-26 18:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-26 18:33 - 2014-10-26 18:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-26 18:33 - 2014-10-01 11:20 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-26 18:33 - 2014-10-01 11:20 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-26 18:33 - 2014-10-01 11:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-26 18:18 - 2014-10-26 18:29 - 19828904 _____ (Malwarebytes Corporation ) C:\Users\Nathaniel\Desktop\mbam-setup.exe 2014-10-26 18:09 - 2014-10-26 18:12 - 05192704 _____ (AVAST Software) C:\Users\Nathaniel\Desktop\aswMBR.exe 2014-10-26 17:15 - 2014-10-26 17:17 - 01748123 _____ () C:\Users\Nathaniel\Downloads\fml-1.8-7.10.98.1004-1.8-installer.jar 2014-10-26 16:47 - 2014-10-26 16:47 - 00638888 _____ (Oracle Corporation) C:\Users\Nathaniel\Downloads\chromeinstall-8u25.exe 2014-10-26 16:47 - 2014-10-26 16:47 - 00638888 _____ (Oracle Corporation) C:\Users\Nathaniel\Downloads\chromeinstall-8u25 (1).exe 2014-10-17 21:53 - 2014-10-17 21:53 - 00000000 ____D () C:\Users\Nathaniel\Documents\Wizard101 2014-10-15 21:44 - 2014-10-15 21:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNew_01009.Wdf 2014-10-15 21:44 - 2014-10-15 21:43 - 00056504 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNew.sys 2014-10-15 21:41 - 2014-10-15 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer 2014-10-15 21:40 - 2014-10-15 21:41 - 00000000 ____D () C:\Program Files (x86)\Super Optimizer 2014-10-15 21:38 - 2014-10-15 21:38 - 00000000 ____D () C:\Program Files\TermTutor 2014-10-15 20:23 - 2014-10-16 19:21 - 00000000 ____D () C:\Users\Nathaniel\Documents\DayZ 2014-10-15 20:23 - 2014-10-15 21:21 - 00000000 ____D () C:\Users\Nathaniel\AppData\Local\DayZ 2014-10-15 20:22 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2014-10-15 20:22 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-10-15 20:22 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2014-10-15 20:22 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2014-10-15 20:22 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-10-15 20:22 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2014-10-15 20:22 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-10-15 20:22 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2014-10-15 20:22 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2014-10-15 20:22 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2014-10-15 20:22 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll 2014-10-15 20:22 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll 2014-10-15 20:22 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll 2014-10-15 20:22 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll 2014-10-15 20:22 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll 2014-10-15 20:22 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll 2014-10-15 20:22 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll 2014-10-15 20:22 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll 2014-10-15 20:22 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll 2014-10-15 20:22 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll 2014-10-15 20:22 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll 2014-10-15 20:22 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll 2014-10-15 20:22 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll 2014-10-15 20:22 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll 2014-10-15 20:22 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll 2014-10-15 20:22 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll 2014-10-15 20:22 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll 2014-10-15 20:22 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll 2014-10-15 20:22 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll 2014-10-15 20:22 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll 2014-10-15 20:22 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll 2014-10-15 20:22 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll 2014-10-15 20:22 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2014-10-15 20:22 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2014-10-15 20:22 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll 2014-10-15 20:22 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll 2014-10-15 20:22 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll 2014-10-15 20:22 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll 2014-10-15 20:22 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll 2014-10-15 20:22 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll 2014-10-15 20:22 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll 2014-10-15 20:22 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll 2014-10-15 20:22 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll 2014-10-15 20:22 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll 2014-10-15 20:22 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll 2014-10-15 20:22 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll 2014-10-15 20:22 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll 2014-10-15 20:22 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll 2014-10-15 20:22 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll 2014-10-15 20:22 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll 2014-10-15 20:22 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll 2014-10-15 20:22 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll 2014-10-15 20:22 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll 2014-10-15 20:22 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll 2014-10-15 20:22 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll 2014-10-15 20:22 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll 2014-10-15 20:22 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll 2014-10-15 20:22 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll 2014-10-15 20:22 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll 2014-10-15 20:22 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll 2014-10-15 20:22 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll 2014-10-15 20:22 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll 2014-10-15 20:22 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll 2014-10-15 20:22 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll 2014-10-15 20:22 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll 2014-10-15 20:22 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll 2014-10-15 20:22 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2014-10-15 20:22 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2014-10-15 20:22 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2014-10-15 20:22 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2014-10-15 20:22 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2014-10-15 20:22 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll 2014-10-15 20:22 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll 2014-10-15 20:22 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll 2014-10-15 20:22 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll 2014-10-15 20:22 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll 2014-10-15 20:22 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll 2014-10-15 20:22 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll 2014-10-15 20:22 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll 2014-10-15 20:22 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll 2014-10-15 20:22 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll 2014-10-15 20:22 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll 2014-10-15 20:22 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll 2014-10-15 20:22 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll 2014-10-15 20:22 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll 2014-10-15 20:22 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll 2014-10-15 20:22 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll 2014-10-15 20:22 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll 2014-10-15 20:22 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll 2014-10-15 20:22 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll 2014-10-15 20:22 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll 2014-10-15 20:22 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll 2014-10-15 20:22 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll 2014-10-15 20:22 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll 2014-10-15 20:22 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll 2014-10-15 20:22 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll 2014-10-15 20:22 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll 2014-10-15 20:22 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll 2014-10-15 20:22 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll 2014-10-15 20:22 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll 2014-10-15 20:22 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll 2014-10-15 20:22 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll 2014-10-15 20:22 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll 2014-10-15 20:22 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll 2014-10-15 20:22 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll 2014-10-15 20:22 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll 2014-10-15 20:22 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll 2014-10-15 20:22 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll 2014-10-15 20:22 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll 2014-10-15 20:22 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll 2014-10-15 20:22 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll 2014-10-15 20:22 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll 2014-10-15 20:22 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll 2014-10-15 20:22 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll 2014-10-15 20:22 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll 2014-10-15 20:22 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll 2014-10-15 20:22 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll 2014-10-15 20:22 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll 2014-10-15 20:22 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll 2014-10-15 20:22 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll 2014-10-15 20:22 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll 2014-10-15 20:22 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll 2014-10-15 20:22 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll 2014-10-15 20:22 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll 2014-10-15 20:22 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll 2014-10-15 20:22 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll 2014-10-15 20:22 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll 2014-10-15 20:22 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll 2014-10-15 20:22 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll 2014-10-15 20:22 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll 2014-10-15 20:22 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll 2014-10-15 20:22 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll 2014-10-15 20:22 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll 2014-10-15 20:21 - 2014-10-15 20:22 - 00010123 _____ () C:\Windows\DirectX.log 2014-10-15 20:21 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll 2014-10-15 20:21 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll 2014-10-15 20:21 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll 2014-10-15 20:21 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll 2014-10-15 20:21 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll 2014-10-15 20:21 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll 2014-10-15 20:21 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll 2014-10-15 20:21 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll 2014-10-15 20:21 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll 2014-10-15 20:21 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll 2014-10-15 20:21 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2014-10-15 20:21 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2014-10-15 20:21 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2014-10-15 20:21 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2014-10-15 20:21 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll 2014-10-15 20:21 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll 2014-10-15 20:21 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll 2014-10-15 20:21 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2014-10-15 20:21 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2014-10-15 20:21 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll 2014-10-15 20:21 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll 2014-10-15 20:21 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll 2014-10-15 20:21 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll 2014-10-15 20:21 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll 2014-10-15 20:05 - 2014-09-03 20:10 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll 2014-10-15 20:05 - 2014-09-03 19:57 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll 2014-10-15 20:05 - 2014-09-03 19:49 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll 2014-10-15 20:04 - 2014-09-13 02:02 - 02779648 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-15 20:04 - 2014-09-13 01:30 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-15 20:04 - 2014-08-28 21:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-10-15 20:04 - 2014-08-28 19:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-10-15 20:04 - 2014-08-28 19:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-10-15 18:38 - 2014-10-15 18:38 - 00000222 _____ () C:\Users\Nathaniel\Desktop\DayZ.url 2014-10-15 18:26 - 2014-08-16 00:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-10-15 18:26 - 2014-08-16 00:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll 2014-10-15 18:26 - 2014-08-16 00:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2014-10-15 18:26 - 2014-08-15 23:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-10-15 18:26 - 2014-08-15 23:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-10-15 18:26 - 2014-08-15 23:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-10-15 18:26 - 2014-08-15 23:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-10-15 18:26 - 2014-08-15 23:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll 2014-10-15 18:26 - 2014-08-15 23:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2014-10-15 18:26 - 2014-08-15 21:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-10-15 18:26 - 2014-08-15 21:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll 2014-10-15 18:26 - 2014-08-15 20:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll 2014-10-15 18:26 - 2014-08-15 20:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll 2014-10-15 18:26 - 2014-08-15 20:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll 2014-10-15 18:26 - 2014-08-15 20:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll 2014-10-15 18:26 - 2014-08-15 20:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll 2014-10-15 18:26 - 2014-08-15 20:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll 2014-10-15 18:26 - 2014-08-15 20:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll 2014-10-15 18:26 - 2014-08-15 20:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll 2014-10-15 18:26 - 2014-08-15 20:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll 2014-10-15 18:26 - 2014-08-15 20:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll 2014-10-15 18:26 - 2014-08-15 20:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll 2014-10-15 18:26 - 2014-08-15 20:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-15 18:26 - 2014-08-15 20:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll 2014-10-15 18:26 - 2014-08-15 20:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll 2014-10-15 18:26 - 2014-08-15 20:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-10-15 18:26 - 2014-08-15 20:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe 2014-10-15 18:26 - 2014-08-15 20:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-15 18:26 - 2014-08-15 20:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-10-15 18:25 - 2014-08-15 20:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll 2014-10-15 18:25 - 2014-08-15 20:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll 2014-10-15 18:25 - 2014-08-15 20:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-15 18:25 - 2014-08-15 20:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-10-15 18:25 - 2014-08-15 20:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll 2014-10-15 18:25 - 2014-07-31 19:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml 2014-10-15 18:17 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-15 18:17 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-15 18:16 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-15 18:16 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-15 18:16 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-15 18:16 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-15 18:16 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-15 18:16 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-15 18:16 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-15 18:16 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-15 18:16 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-15 18:15 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-15 18:15 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-15 18:15 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-15 18:15 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-15 18:15 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-15 18:15 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-15 18:15 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-15 18:15 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-15 18:15 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-15 18:15 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-15 18:15 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-15 18:15 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-15 18:15 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-15 18:15 - 2014-09-18 20:42 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-15 18:15 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-15 18:15 - 2014-09-18 20:20 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-15 18:15 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-15 18:15 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-15 18:15 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-15 18:09 - 2014-09-27 18:25 - 04183040 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-15 06:50 - 2014-09-07 23:15 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-10-15 06:50 - 2014-09-07 21:46 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-10-15 06:50 - 2014-09-07 21:46 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-10-15 06:50 - 2014-09-07 20:08 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-10-15 06:50 - 2014-09-07 20:07 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-10-15 06:50 - 2014-09-07 20:05 - 03448320 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-10-15 06:50 - 2014-09-07 20:04 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2014-10-15 06:50 - 2014-09-07 20:04 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-10-15 06:50 - 2014-09-07 20:03 - 01702400 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-10-15 06:50 - 2014-09-07 20:03 - 00839680 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-10-15 06:50 - 2014-09-07 19:59 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-10-15 06:50 - 2014-09-07 19:59 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-10-15 06:50 - 2014-09-07 19:56 - 00672256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-10-15 06:50 - 2014-09-07 19:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-10-15 06:34 - 2014-09-13 02:29 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-15 06:34 - 2014-09-13 01:49 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-15 06:34 - 2014-09-03 20:12 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-15 06:34 - 2014-09-03 20:01 - 00514048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-14 05:45 - 2014-10-26 19:11 - 00000000 ____D () C:\ProgramData\eaisytoshOp 2014-10-14 01:24 - 2014-10-14 01:24 - 00000000 ____D () C:\ProgramData\OnlineLowDeals 2014-10-13 21:25 - 2014-10-14 06:09 - 00000000 ____D () C:\ProgramData\2d46b739667e6f26 2014-10-11 12:28 - 2014-10-11 12:28 - 00002196 _____ () C:\Users\Public\Desktop\Age of Empires II.lnk 2014-10-11 12:28 - 2014-10-11 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games 2014-10-11 12:16 - 2014-10-11 12:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games 2014-10-07 20:13 - 2014-10-09 20:02 - 00000502 _____ () C:\Users\Nathaniel\.swfinfo 2014-10-07 19:13 - 2014-10-07 19:13 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2014-09-29 19:21 - 2014-09-29 19:21 - 00002252 _____ () C:\Users\Public\Desktop\The Sims™ 3 Supernatural.lnk 2014-09-29 19:15 - 2014-09-29 19:15 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts 2014-09-29 18:32 - 2014-09-29 18:32 - 00003384 _____ () C:\Windows\System32\Tasks\Performance Center@Logon 2014-09-29 18:32 - 2014-09-29 18:32 - 00003356 _____ () C:\Windows\System32\Tasks\Finally Fast@Logon 2014-09-29 18:32 - 2014-09-29 18:32 - 00003162 _____ () C:\Windows\System32\Tasks\Performance Center_lapbuscus@Nathaniel 2014-09-29 18:32 - 2014-09-29 18:32 - 00003134 _____ () C:\Windows\System32\Tasks\Finally Fast_lapbuscus@Nathaniel 2014-09-29 18:32 - 2014-09-29 18:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ascentive 2014-09-29 18:32 - 2014-09-29 18:32 - 00000000 ____D () C:\ProgramData\Ascentive 2014-09-29 18:31 - 2014-09-29 18:32 - 00000000 ____D () C:\Program Files (x86)\Ascentive 2014-09-29 18:29 - 2014-09-29 18:30 - 01665536 _____ () C:\Users\Nathaniel\Downloads\FinallyFast.setup.exe 2014-09-29 18:29 - 2014-09-29 18:29 - 02863200 _____ (US Tech Support LLC) C:\Users\Nathaniel\Downloads\MyCleanPC.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-29 20:01 - 2014-09-25 11:05 - 00000390 _____ () C:\Windows\Tasks\CIMT_S-1-5-21-3189702464-2475451321-452398053-1005.job 2014-10-29 20:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru 2014-10-29 19:57 - 2014-08-18 11:48 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3189702464-2475451321-452398053-1005 2014-10-29 19:57 - 2014-05-23 02:38 - 01964247 _____ () C:\Windows\WindowsUpdate.log 2014-10-29 19:36 - 2014-08-18 11:43 - 00000074 _____ () C:\Users\Nathaniel\AppData\Roaming\sp_data.sys 2014-10-29 19:35 - 2014-08-30 18:19 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-29 19:35 - 2014-08-30 18:19 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-29 19:35 - 2014-08-18 12:00 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-10-29 19:34 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-10-29 10:56 - 2014-09-24 13:01 - 00000000 ____D () C:\ProgramData\Spyware Clear 2014-10-28 21:38 - 2014-08-30 18:31 - 00002369 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-28 20:41 - 2014-08-18 11:45 - 00003946 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4C76E7D6-04A8-4C4E-AA99-8578E4B011E0} 2014-10-28 17:53 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness 2014-10-28 14:26 - 2014-08-18 11:43 - 00000000 ____D () C:\Users\Nathaniel 2014-10-28 14:25 - 2014-03-18 05:39 - 00458938 _____ () C:\Windows\PFRO.log 2014-10-26 20:44 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp 2014-10-26 19:50 - 2014-09-24 12:59 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 2014-10-26 19:35 - 2014-09-25 10:45 - 00000000 ____D () C:\Users\Nathaniel\AppData\Local\StormWatch 2014-10-26 19:35 - 2014-09-24 12:25 - 00000000 ____D () C:\Program Files (x86)\Settings Manager 2014-10-26 19:35 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\schemas 2014-10-26 19:34 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI 2014-10-26 19:12 - 2014-09-25 11:07 - 00000000 ____D () C:\Program Files (x86)\globalUpdate 2014-10-26 17:42 - 2014-09-24 13:51 - 00000102 _____ () C:\Users\Nathaniel\AppData\Roaming\WB.CFG 2014-10-26 16:58 - 2014-09-24 14:32 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-10-26 16:58 - 2014-08-30 18:48 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-26 16:57 - 2014-09-24 14:32 - 00000000 ____D () C:\Program Files (x86)\Java 2014-10-26 16:39 - 2014-08-18 12:00 - 00000000 ____D () C:\ProgramData\Origin 2014-10-26 16:37 - 2013-08-22 09:25 - 00000194 _____ () C:\Windows\win.ini 2014-10-26 14:54 - 2014-09-25 11:05 - 00003290 _____ () C:\Windows\System32\Tasks\CIMT_S-1-5-21-3189702464-2475451321-452398053-1005 2014-10-26 14:30 - 2014-08-30 18:19 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-26 14:29 - 2014-08-30 18:19 - 00003662 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-26 14:24 - 2014-09-15 19:59 - 00000000 ____D () C:\Users\Nathaniel\AppData\Roaming\.minecraft 2014-10-26 14:21 - 2014-08-21 16:52 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-10-21 15:57 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache 2014-10-19 10:30 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData 2014-10-19 10:30 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore 2014-10-19 10:30 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer 2014-10-19 10:30 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager 2014-10-19 10:30 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera 2014-10-18 12:39 - 2014-08-22 20:53 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-18 12:31 - 2014-08-22 20:53 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-16 16:10 - 2013-08-22 10:44 - 00346584 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-16 10:34 - 2014-09-26 10:04 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-10-15 21:44 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-10-15 21:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-10-15 21:44 - 2013-08-22 10:46 - 00019291 _____ () C:\Windows\setupact.log 2014-10-15 20:20 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-10-15 18:38 - 2014-09-24 18:33 - 00000000 ____D () C:\Users\Nathaniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-10-11 13:00 - 2014-08-18 11:43 - 00000000 ____D () C:\Users\Nathaniel\AppData\Local\VirtualStore 2014-10-09 10:01 - 2014-08-21 17:34 - 00001411 _____ () C:\Users\Nathaniel\Desktop\ROBLOX Player.lnk 2014-10-09 10:01 - 2014-08-21 17:24 - 00001226 _____ () C:\Users\Nathaniel\Desktop\ROBLOX Studio 2013.lnk 2014-10-09 10:01 - 2014-08-21 17:24 - 00000000 ____D () C:\Users\Nathaniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2014-09-29 19:15 - 2014-05-23 02:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-09-29 18:45 - 2013-08-22 11:38 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-29 18:45 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Files to move or delete: ==================== C:\ProgramData\SetStretch.exe C:\ProgramData\SetStretch.VBS Some content of TEMP: ==================== C:\Users\Nathaniel\AppData\Local\Temp\APNSetup.exe C:\Users\Nathaniel\AppData\Local\Temp\CmdLineExt02.dll C:\Users\Nathaniel\AppData\Local\Temp\COMAP.EXE C:\Users\Nathaniel\AppData\Local\Temp\Compete_setup.exe C:\Users\Nathaniel\AppData\Local\Temp\ConsumerInputSetup.exe C:\Users\Nathaniel\AppData\Local\Temp\drm_dialogs.dll C:\Users\Nathaniel\AppData\Local\Temp\ICReinstall_Free_Download_Setup.exe C:\Users\Nathaniel\AppData\Local\Temp\nsk3E83.exe C:\Users\Nathaniel\AppData\Local\Temp\optprosetup.exe C:\Users\Nathaniel\AppData\Local\Temp\setup.exe C:\Users\Nathaniel\AppData\Local\Temp\SIntf16.dll C:\Users\Nathaniel\AppData\Local\Temp\SIntf32.dll C:\Users\Nathaniel\AppData\Local\Temp\SIntfNT.dll C:\Users\Nathaniel\AppData\Local\Temp\zaaU1.dll C:\Users\Nathaniel\AppData\Local\Temp\zaaU1.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 16:56 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2014 Ran by Nathaniel at 2014-10-29 20:02:17 Running from C:\Users\NATHANIEL\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS) ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS) ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5712.52 - CyberLink Corp.) ASUSDVD (x32 Version: 10.0.5712.52 - CyberLink Corp.) Hidden AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS) CloudScout (x32 Version: 1.0.0.1 - www.CloudGuard.me) Hidden Consumer Input (HKLM-x32\...\Setup Support for Consumer Input) (Version: 1.0 - Sono Control Inc.) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Finally Fast (HKLM-x32\...\Finally Fast) (Version: 8.3.3 - Ascentive) Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.) Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation) Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation) Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - ) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) OnlineLowDeals (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - OnlineLowDeals) <==== ATTENTION Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.) PAC-MAN Championship Edition DX+ (HKLM-x32\...\Steam App 236450) (Version: - Mine Loader Software Co., Ltd.) Performance Center (HKLM-x32\...\Performance Center) (Version: 2.42 - Ascentive) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7213 - Realtek Semiconductor Corp.) ROBLOX Player for Nathaniel (HKCU\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) ROBLOX Studio 2013 for Nathaniel (HKCU\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version: - ROBLOX Corporation) Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1002}) (Version: 12.16.2.46 - APN, LLC) <==== ATTENTION SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts) Spyware Clear (HKLM-x32\...\{5FB600FF-BC65-471F-A3F8-C2666863BA75}_is1) (Version: 1.3.0.21 - Crawler Group) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Super Optimizer (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2 - Super PC Tools ltd) The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts) The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent) Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.) YTDownloader (HKLM-x32\...\YTDownloader) (Version: - YTDownloader) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3189702464-2475451321-452398053-1005_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Nathaniel\AppData\Local\Roblox\Versions\version-e66ffbb509ce4483\RobloxProxy64.dll (ROBLOX Corporation) ==================== Restore Points ========================= 07-10-2014 01:21:26 Scheduled Checkpoint 16-10-2014 00:20:17 Installed DirectX 21-10-2014 18:37:44 Windows Update 27-10-2014 00:39:55 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {035B8260-A0FC-4EF0-A432-BC777AE93AD7} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-20] (Realtek Semiconductor) <==== ATTENTION Task: {04D45793-EC12-47DE-8BD8-C30AE08B2545} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2014-08-25] (YTDownloader) <==== ATTENTION Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {08EF9F02-080F-4AFC-9C7F-22B5134CA9ED} - \SPDriver No Task File <==== ATTENTION Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {0C3633B8-5800-45BF-98E4-B1C56C057226} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.) Task: {1DFB4E93-A50C-4368-B841-E397A1CD8A34} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation) Task: {1EC99B1A-054D-4C86-A46F-783181C0AF70} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION Task: {2065DCCE-BD91-4FE2-B3F1-2C582265F29F} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-07] (ASUS) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {22422A69-7AB3-4F29-9869-5E00D7635118} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2014-10-26] () Task: {2860F7A3-7312-4E33-A49A-C4A482F86B53} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {2C66D27D-C627-4192-84BB-E20B613FE615} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {302CC9D7-E9A0-44B2-B6C9-E581565CDE65} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {31BF59A8-E9AD-4264-99D9-5B3C3DF08F9A} - System32\Tasks\CIMT_S-1-5-21-3189702464-2475451321-452398053-1005 => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {375B94AE-8D38-4C45-93C7-06DE7464FCEE} - System32\Tasks\Performance Center_lapbuscus@Nathaniel => C:\Program Files (x86)\Ascentive\Performance Center\APCMain.exe [2014-07-23] (Ascentive) Task: {39F4181C-E09F-4642-A13D-1271FE0BB88B} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {41E81FFC-3732-4C73-9A46-C018A70BA454} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {529FC33C-E2B3-408C-9DCF-5A43823362E3} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION Task: {6361B2CB-2DBB-45C3-B2B4-327C0E579D53} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {67149C30-59C0-4FF8-B17E-30B26793BEA6} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-04] () Task: {67900D46-78DA-4118-B2FB-AA62571F9598} - \BlockAndSurf Update No Task File <==== ATTENTION Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6D404400-A1B2-4424-B193-603AEF4CFCD2} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {714979DA-C6C7-4774-8AC5-141CCA07C142} - \ShopperProJSUpd No Task File <==== ATTENTION Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {8706C8E9-7FA3-4C41-AC34-7EBAC84DACEB} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2014-10-26] () Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {89DCA033-D324-4FEB-9397-4BDA9FED126F} - System32\Tasks\Finally Fast@Logon => C:\Program Files (x86)\Ascentive\Finally Fast\FinallyFast.exe [2014-09-05] (Ascentive LLC) Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {957BC611-1402-4921-B043-B94764421E42} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {9FB50673-2DD3-47D4-9152-11DD6BCA2E1C} - \SPBIW_UpdateTask_Time_3134323130333334322d232d783232575b5a34452d2a No Task File <==== ATTENTION Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A9E6F1BB-9831-4376-B203-3638B1642FF1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-30] (Google Inc.) Task: {B9A9D466-A47A-4D3D-9F45-91B28B898420} - \ShopperPro No Task File <==== ATTENTION Task: {C6E2C6B1-A82C-4742-86CB-ABB87DDE0ADB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\SYSTEM32\MRT.EXE [2014-10-18] (Microsoft Corporation) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D56BDA65-B668-46DB-83E2-5A021CBD6BFA} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] () Task: {D75DD263-8B3C-4661-B321-F5F6968FEE5F} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2014-08-25] (Goobzo) <==== ATTENTION Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {FEA1B48E-F061-486E-8753-EEE5E9CE82EF} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-03-31] (Realtek Semiconductor) <==== ATTENTION Task: {FEA881A1-5D50-470E-87D6-B4BA0E9C174F} - System32\Tasks\Finally Fast_lapbuscus@Nathaniel => C:\Program Files (x86)\Ascentive\Finally Fast\FinallyFast.exe [2014-09-05] (Ascentive LLC) Task: {FEDED888-A91F-49FE-9143-FFD0CA1B44B3} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-07] (ASUSTeK Computer Inc.) Task: {FFFD0DEB-6698-45E8-9821-A1772E541839} - System32\Tasks\Performance Center@Logon => C:\Program Files (x86)\Ascentive\Performance Center\APCMain.exe [2014-07-23] (Ascentive) Task: C:\Windows\Tasks\CIMT_S-1-5-21-3189702464-2475451321-452398053-1005.job => C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-24 06:59 - 2014-02-24 06:59 - 00109056 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ASUSWSHomeCloudAPI.dll 2012-03-07 22:27 - 2012-03-07 22:27 - 00016384 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\ACVsWin.dll 2013-10-08 23:41 - 2013-10-08 23:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2013-09-09 21:23 - 2013-09-09 21:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-08-18 12:22 - 2014-09-16 16:39 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll 2014-08-18 12:22 - 2014-09-16 16:26 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll 2014-08-18 12:22 - 2014-09-16 16:26 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll 2014-08-18 12:22 - 2014-09-16 16:26 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll 2014-08-18 12:22 - 2014-09-16 16:26 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll 2014-08-18 12:22 - 2014-09-16 16:26 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll 2014-08-18 12:22 - 2014-09-16 16:26 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll 2014-08-18 12:22 - 2014-09-16 16:26 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3189702464-2475451321-452398053-500 - Administrator - Disabled) Guest (S-1-5-21-3189702464-2475451321-452398053-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3189702464-2475451321-452398053-1003 - Limited - Enabled) Nathaniel (S-1-5-21-3189702464-2475451321-452398053-1005 - Administrator - Enabled) => C:\Users\Nathaniel ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/29/2014 08:02:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BACKGROUNDTASKHOST.EXE version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: c3c Start Time: 01cff3d31326398a Termination Time: 4294967295 Application Path: C:\WINDOWS\SYSTEM32\BACKGROUNDTASKHOST.EXE Report Id: 1324178a-5fc8-11e4-828e-10c37bb6658a Faulting package full name: Microsoft.BingNews_3.0.4.213_x64__8wekyb3d8bbwe Faulting package-relative application ID: AppexNews Error: (10/29/2014 05:51:44 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BACKGROUNDTASKHOST.EXE version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 820 Start Time: 01cff35ce24256bb Termination Time: 4294967295 Application Path: C:\WINDOWS\SYSTEM32\BACKGROUNDTASKHOST.EXE Report Id: 2f87c7e0-5f51-11e4-828d-10c37bb6658a Faulting package full name: Microsoft.BingNews_3.0.4.213_x64__8wekyb3d8bbwe Faulting package-relative application ID: AppexNews Error: (10/28/2014 11:15:14 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BACKGROUNDTASKHOST.EXE version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 20c Start Time: 01cff3257e15da3e Termination Time: 4294967295 Application Path: C:\WINDOWS\SYSTEM32\BACKGROUNDTASKHOST.EXE Report Id: cb4797a7-5f19-11e4-828d-10c37bb6658a Faulting package full name: Microsoft.BingNews_3.0.4.213_x64__8wekyb3d8bbwe Faulting package-relative application ID: AppexNews Error: (10/28/2014 08:53:17 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BACKGROUNDTASKHOST.EXE version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 170c Start Time: 01cff311a9a8513d Termination Time: 4294967295 Application Path: C:\WINDOWS\SYSTEM32\BACKGROUNDTASKHOST.EXE Report Id: f6f56ce2-5f05-11e4-828d-10c37bb6658a Faulting package full name: Microsoft.BingNews_3.0.4.213_x64__8wekyb3d8bbwe Faulting package-relative application ID: AppexNews Error: (10/28/2014 06:03:05 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BACKGROUNDTASKHOST.EXE version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 11f0 Start Time: 01cff2f989cd9438 Termination Time: 4294967295 Application Path: C:\WINDOWS\SYSTEM32\BACKGROUNDTASKHOST.EXE Report Id: 302d7e4e-5eee-11e4-828d-10c37bb6658a Faulting package full name: Microsoft.BingNews_3.0.4.213_x64__8wekyb3d8bbwe Faulting package-relative application ID: AppexNews Error: (10/28/2014 02:52:43 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BACKGROUNDTASKHOST.EXE version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 137c Start Time: 01cff2dee8495996 Termination Time: 4294967295 Application Path: C:\WINDOWS\SYSTEM32\BACKGROUNDTASKHOST.EXE Report Id: 8eb135c4-5ed3-11e4-828d-10c37bb6658a Faulting package full name: Microsoft.BingNews_3.0.4.213_x64__8wekyb3d8bbwe Faulting package-relative application ID: AppexNews Error: (10/26/2014 07:32:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program BackgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1484 Start Time: 01cff17409435d67 Termination Time: 4294967295 Application Path: C:\Windows\System32\BackgroundTaskHost.exe Report Id: 56e21086-5d68-11e4-828b-10c37bb6658a Faulting package full name: Microsoft.BingNews_3.0.4.213_x64__8wekyb3d8bbwe Faulting package-relative application ID: AppexNews Error: (10/26/2014 06:01:03 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Error: (10/26/2014 06:01:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (10/26/2014 05:05:28 PM) (Source: MsiInstaller) (EventID: 11321) (User: lapbuscus) Description: Product: Shopping App by Ask -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe. System errors: ============= Error: (10/29/2014 07:57:40 PM) (Source: DCOM) (EventID: 10010) (User: lapbuscus) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (10/29/2014 07:33:58 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:11:07 PM on ‎10/‎29/‎2014 was unexpected. Error: (10/28/2014 07:01:09 PM) (Source: DCOM) (EventID: 10010) (User: lapbuscus) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (10/28/2014 07:00:38 PM) (Source: DCOM) (EventID: 10010) (User: lapbuscus) Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (10/28/2014 02:26:09 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:37:03 PM on ‎10/‎27/‎2014 was unexpected. Error: (10/27/2014 11:07:21 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY) Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv Error: (10/27/2014 11:03:21 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY) Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv Error: (10/27/2014 03:31:21 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY) Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv Error: (10/27/2014 03:27:21 PM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY) Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}wuauserv Error: (10/26/2014 07:34:05 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40. Microsoft Office Sessions: ========================= Error: (10/29/2014 08:02:51 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: BACKGROUNDTASKHOST.EXE6.3.9600.16384c3c01cff3d31326398a4294967295C:\WINDOWS\SYSTEM32\BACKGROUNDTASKHOST.EXE1324178a-5fc8-11e4-828e-10c37bb6658aMicrosoft.BingNews_3.0.4.213_x64__8wekyb3d8bbweAppexNews Error: (10/29/2014 05:51:44 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: BACKGROUNDTASKHOST.EXE6.3.9600.1638482001cff35ce24256bb4294967295C:\WINDOWS\SYSTEM32\BACKGROUNDTASKHOST.EXE2f87c7e0-5f51-11e4-828d-10c37bb6658aMicrosoft.BingNews_3.0.4.213_x64__8wekyb3d8bbweAppexNews Error: (10/28/2014 11:15:14 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: BACKGROUNDTASKHOST.EXE6.3.9600.1638420c01cff3257e15da3e4294967295C:\WINDOWS\SYSTEM32\BACKGROUNDTASKHOST.EXEcb4797a7-5f19-11e4-828d-10c37bb6658aMicrosoft.BingNews_3.0.4.213_x64__8wekyb3d8bbweAppexNews Error: (10/28/2014 08:53:17 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: BACKGROUNDTASKHOST.EXE6.3.9600.16384170c01cff311a9a8513d4294967295C:\WINDOWS\SYSTEM32\BACKGROUNDTASKHOST.EXEf6f56ce2-5f05-11e4-828d-10c37bb6658aMicrosoft.BingNews_3.0.4.213_x64__8wekyb3d8bbweAppexNews Error: (10/28/2014 06:03:05 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: BACKGROUNDTASKHOST.EXE6.3.9600.1638411f001cff2f989cd94384294967295C:\WINDOWS\SYSTEM32\BACKGROUNDTASKHOST.EXE302d7e4e-5eee-11e4-828d-10c37bb6658aMicrosoft.BingNews_3.0.4.213_x64__8wekyb3d8bbweAppexNews Error: (10/28/2014 02:52:43 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: BACKGROUNDTASKHOST.EXE6.3.9600.16384137c01cff2dee84959964294967295C:\WINDOWS\SYSTEM32\BACKGROUNDTASKHOST.EXE8eb135c4-5ed3-11e4-828d-10c37bb6658aMicrosoft.BingNews_3.0.4.213_x64__8wekyb3d8bbweAppexNews Error: (10/26/2014 07:32:30 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: BackgroundTaskHost.exe6.3.9600.16384148401cff17409435d674294967295C:\Windows\System32\BackgroundTaskHost.exe56e21086-5d68-11e4-828b-10c37bb6658aMicrosoft.BingNews_3.0.4.213_x64__8wekyb3d8bbweAppexNews Error: (10/26/2014 06:01:03 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Users\Nathaniel\Downloads\MyCleanPC.exe Error: (10/26/2014 06:01:00 PM) (Source: SideBySide) (EventID: 78) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Nathaniel\Downloads\SoftonicDownloader_for_too-many-items.exe Error: (10/26/2014 05:05:28 PM) (Source: MsiInstaller) (EventID: 11321) (User: lapbuscus) Description: Product: Shopping App by Ask -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.(NULL)(NULL)(NULL)(NULL)(NULL) CodeIntegrity Errors: =================================== Date: 2014-10-26 16:41:20.827 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-26 16:41:20.380 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-26 16:36:58.829 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-10-26 16:36:58.532 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-10-19 19:16:30.335 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-19 19:16:29.731 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-19 19:08:58.103 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-10-19 19:08:57.806 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-10-19 10:48:18.802 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-19 10:48:18.513 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Celeron® CPU N2830 @ 2.16GHz Percentage of memory in use: 39% Total physical RAM: 3982.68 MB Available physical RAM: 2396.48 MB Total Pagefile: 4686.68 MB Available Pagefile: 2973.05 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:372.73 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Sims3EP07) (CDROM) (Total:4.93 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 3F7852A4) Partition: GPT Partition Type. ==================== End Of Log ============================


    Advertisements

Register to Remove


#2 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 29 October 2014 - 08:03 PM

Hello, p1052445.

 

My name is fbfbfb.  I will gladly assist you with your concerns.

 

While working to resolve the issues with your machine, please follow these guidelines:

  • Please be patient.  Logs are lengthy and can take time to analyze.
  • Read and follow my directions carefully, in the sequence they are posted.
  • If you are unsure about anything, please ask for clarification before continuing.
  • Use only those tools that you have been directed to use.
  • Do not install or uninstall any applications or run any other scans without being directed to do so.
  • Copy and Paste the log files inside your post. Do not send them as attachments unless otherwise instructed.
  • Stay with me until your machine has been deemed all clear.
  • Please reply within 3 days of each posting to avoid closing this topic.  If you need more time to complete tasks, or if you will be away, please let me know in advance.

 

Please run the following scans

 

1.  AdwCleaner

 

We will be running this cleaner in 2 parts.  The first time you run it, please scan only and send me the log.  We will rerun it again later to clean.

 

Please download AdwCleaner from HERE.

  • Double click on adwcleaner.exe.  Note:  Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

2.  Junkware Removal Tool

 

Please download Junkware Removal Tool from HERE and save it to your desktop.

  • Shutdown your antivirus to avoid any potential conflicts.
  • Right-mouse click JRT.exe and select Run as Administrator.
  • JRTwill begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply.

 

3.  Malwarebytes Anti-Malware (MBAM)

 

Download MBAM from HERE > Save it to your Desktop.

 

Note:

  • Windows XP > Double click on the icon to run it.
  • Windows Vista, Windows 7 and 8 > Right-click and select Run As Administrator.

MBAMDashboard_zpsddef9b5f.gif

 

  • On the Dashboard, click Update Now.
  • Click the Settings tab > Click Detection and Protection.
  • Under Non-Malware Protection, make sure that both PUP and PUM are set to show Treat Detections as Malware .
  • Click Advanced Settings > Check mark Automatically Quarantine Detected Items.
  • On the Dashboard, click Scan.
  • Select Threat Scan > Click Scan Now.
  • When the scan is finished and the log pops up, select Copy to Clipboard .
  • Please paste the log into your next reply.
  • Exit Malwarebytes.

 

4.  Security Check

  • Download Security Check from HERE.
  • Save it to your desktop.
  • Double-click SecurityCheck.exe > Follow the onscreen instructions inside the black box.
  • In the event you get the message Unsupported operating system. Aborting now., reboot and try again.
  • A Notepad document should open automatically called checkup.txt.  This may take a few minutes.  Please copy and paste the contents of that document into your next reply.

 

CHECKLIST : In your next reply, please post the following:

  • AdwCleaner[R0].txt
  • JRT.txt
  • MBAM log
  • checkup.txt

 



#3 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 31 October 2014 - 03:43 PM

Hello, p1052445.

 

I have not heard back from you.  Do you still need help?  If so, please reply within the next 24 hours to avoid closing this thread.

 

Thank you.



#4 p1052445

p1052445

    New Member

  • New Member
  • Pip
  • 2 posts

Posted 31 October 2014 - 09:06 PM

Ran Adware Cleaner and JRT - logs below. Malwarebytes hangs up on initialization stage and couldn't run a scan. Should I go ahead and run SecurityCheck w/o Malware bytes?

# AdwCleaner v3.311 - Report created 31/10/2014 at 21:00:34
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 Connected  (64 bits)
# Username : Nathaniel - LAPBUSCUS
# Running from : C:\Users\Nathaniel\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : APNMCP
Service Found : sbmntr
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage
File Found : C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trovi.com_0.localstorage-journal
File Found : C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Found : C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\AskPartnerNetwork
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\Optimizer Pro
Folder Found : C:\Program Files (x86)\Settings Manager
Folder Found : C:\Program Files (x86)\YTDownloader
Folder Found : C:\ProgramData\374311380 
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\ProgramData\eaisytoshOp
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tech Hotline
Folder Found : C:\Users\NATHAN~1\AppData\Local\Temp\apn
Folder Found : C:\Users\Nathaniel\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Nathaniel\AppData\Local\Astromenda
Folder Found : C:\Users\Nathaniel\AppData\Local\globalUpdate
Folder Found : C:\Users\Nathaniel\AppData\LocalLow\Object Browser
Folder Found : C:\Users\Nathaniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader
Folder Found : C:\Users\Nathaniel\AppData\Roaming\PC Tech Hotline
Folder Found : C:\Users\Nathaniel\Documents\Optimizer Pro
Folder Found : C:\Users\Public\Documents\ShopperPro
 
***** [ Scheduled Tasks ] *****
 
Task Found : BlockAndSurf Update
Task Found : ShopperPro
Task Found : ShopperProJSUpd
Task Found : SMupdate1
Task Found : SPDriver
Task Found : YTDownloader
 
***** [ Shortcuts ] *****
 
Shortcut Found : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www-search.net/?s=E9Pztugdu0341,0b955ef0-bd49-4dd7-9093-b5eb75c02723,&pi=2 )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www-search.net/?s=E9Pztugdu0341,0b955ef0-bd49-4dd7-9093-b5eb75c02723,&pi=2 )
Shortcut Found : C:\Users\Nathaniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www-search.net/?s=E9Pztugdu0341,0b955ef0-bd49-4dd7-9093-b5eb75c02723,&pi=2 )
Shortcut Found : C:\Users\Nathaniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www-search.net/?s=E9Pztugdu0341,0b955ef0-bd49-4dd7-9093-b5eb75c02723,&pi=2 )
Shortcut Found : C:\Users\Nathaniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www-search.net/?s=E9Pztugdu0341,0b955ef0-bd49-4dd7-9093-b5eb75c02723,&pi=2 )
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Compete
Key Found : HKCU\Software\AppDataLow\Software\Object Browser
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\BRS
Key Found : HKCU\Software\Compete
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\ShopperPro
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Tutorials
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\BRS
Key Found : [x64] HKCU\Software\Compete
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\ShopperPro
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\Tutorials
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\AppID\{58FDA6AF-67D8-4198-B7CD-94B17532C8D5}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ShopperPro.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\CompeteInc
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstallCore
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\iWebar-nv
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : HKLM\SOFTWARE\ShopperPro
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\iWebar-nv
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Found : [x64] HKLM\SOFTWARE\ShopperPro
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Google Chrome v38.0.2125.111
 
[ File : C:\Users\Nathaniel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [10364 octets] - [31/10/2014 21:00:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10425 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 8.1 Connected x64
Ran by Nathaniel on Fri 10/31/2014 at 21:08:45.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] APNMCP
Successfully deleted: [Service] APNMCP
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ytdownloader
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Nathaniel\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Nathaniel\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Nathaniel\appdata\local\google\chrome\user data\default\local storage\http_www.trovi.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Nathaniel\appdata\local\google\chrome\user data\default\local storage\http_www.trovi.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Nathaniel\appdata\local\google\chrome\user data\default\local storage\https_static.livelyrics00.live-lyrics.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Nathaniel\appdata\local\google\chrome\user data\default\local storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\ProgramData\eaisytoshOp
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Nathaniel\AppData\Roaming\pc tech hotline"
Successfully deleted: [Folder] "C:\Users\Nathaniel\appdata\local\globalupdate"
Successfully deleted: [Folder] "C:\Program Files (x86)\globalupdate"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc tech hotline"
Successfully deleted: [Folder] "C:\Users\Nathaniel\documents\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"
Successfully deleted: [Folder] "C:\Program Files (x86)\askpartnernetwork"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/31/2014 at 21:17:51.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#5 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 01 November 2014 - 10:02 AM

Hello p1052445.

 

Thank you for your reply.  Yes, you can go ahead and run Security Check.

 

Your FRST log indicates that your system is heavily infected with malware.  Most likely, this is preventing MBAM from running on your machine. 

 

Please run the following tools

 

1.  AdwCleaner

 

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleanerto restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.  RKill

 

Please download RKill from the list below. (Courtesy of bleepingcomputer.com).

There are 5 different versions of this tool.  If one of them won't run,  please try the next one in the list. You only need to get one of the tools to run, not all of them.

 

Note: Vista and Windows 7 Users must right click and select Run as Administrator to run the tool.

 

1. rkill.exe
2. rkill.com
3. rkill.scr
4. WiNlOgOn.exe
5. uSeRiNiT.exe

 

Note:

  • You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message open -- do not close the message.
  • Run RKill repeatedly until it's able to do it's job. This may take a few tries.
  • You will know RKill has completed its job when your desktop (explorer.exe) cycles off and then on again.
  • Do not reboot your computer after running rkill as the malware programs will start again.

Once RKill has finished, try running Malwarebytes Anti-Malware again.

 

CHECKLIST : In your next reply, please post the following:

  • checkup.txt
  • AdwCleaner[S0].txt
  • MBAM log

 

 



#6 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 03 November 2014 - 09:18 PM

Hello p1052445.

 

Do you still need help?  I would like to remind you that I close my threads after 3 days of no response.  Please advise.

 

 

Please reply within 3 days of each posting to avoid closing this topic.  If you need more time to complete tasks, or if you will be away, please let me know in advance.

 



#7 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 05 November 2014 - 01:07 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users