Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

C:\Users\tfs\AppData\Roaming\1.exe

Started by tfs4msa , Nov 13 2014 07:15 AM

  • This topic is locked This topic is locked
3 replies to this topic

#1 tfs4msa

tfs4msa

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 13 November 2014 - 07:15 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by tfs (administrator) on TSMOHA on 13-11-2014 15:48:44
Running from C:\Users\tfs\Downloads
Loaded Profile: tfs (Available profiles: tfs)
Platform: Windows 8 Single Language (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
() C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(BitTorrent Inc.) C:\Users\tfs\AppData\Roaming\uTorrent\uTorrent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
() C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\tfs\AppData\Roaming\ARHome\Updater.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V5.18.exe
(Microsoft Corporation) C:\d320b8a751572396a230f2cf\mrtstub.exe
(Microsoft Corporation) C:\Windows\System32\MRT.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-31] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-11] ()
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2864528 2012-08-20] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [607584 2014-09-29] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-08] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-3172917033-425797819-4098313257-1001\...\Run: [uTorrent] => C:\Users\tfs\AppData\Roaming\uTorrent\uTorrent.exe [1037648 2014-11-07] (BitTorrent Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
ShortcutTarget: $McRebootA5E6DEAA56$.lnk ->  (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sa.hao123.com..._ex01_hao123_sa
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.arabyonline.com/?src=1000
SearchScopes: HKLM - DefaultScope {74F793F7-F5D2-47CA-8AB0-509698121628} URL = http://www.bing.com/...E10TR&pc=MAARJS
SearchScopes: HKLM - {74F793F7-F5D2-47CA-8AB0-509698121628} URL = http://www.bing.com/...E10TR&pc=MAARJS
SearchScopes: HKLM-x32 - DefaultScope {74F793F7-F5D2-47CA-8AB0-509698121628} URL = http://www.bing.com/...E10TR&pc=MAARJS
SearchScopes: HKLM-x32 - {74F793F7-F5D2-47CA-8AB0-509698121628} URL = http://www.bing.com/...E10TR&pc=MAARJS
SearchScopes: HKCU - DefaultScope {74F793F7-F5D2-47CA-8AB0-509698121628} URL =
SearchScopes: HKCU - {74F793F7-F5D2-47CA-8AB0-509698121628} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\tfs\AppData\Roaming\Mozilla\Firefox\Profiles\3vfjsoq4.default
FF Homepage: https://www.google.com.sa/
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
FF Extension: Simple Site Blocker - C:\Users\tfs\AppData\Roaming\Mozilla\Firefox\Profiles\3vfjsoq4.default\Extensions\simplesiteblocker@example.com.xpi [2014-11-13]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-08]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 0254871415876164mcinstcleanup; C:\Users\tfs\AppData\Local\Temp\025487~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-11] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-08] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-08] (Avast Software)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-24] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-23] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-23] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-26] (Microsoft Corporation)
R2 MaintainerSvc4.00.5030318; C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe [123632 2014-11-13] ()
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-26] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-25] (Dritek System INC.)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [616288 2014-09-29] (Copyright 2013 SAMSUNG)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-26] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-01] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-08] ()
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-11] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-25] (Dritek System Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-08] (Avast Software)
R1 {3b8bbf2f-2888-4db1-9de7-5eeb1a213421}Gw64; C:\Windows\System32\drivers\{3b8bbf2f-2888-4db1-9de7-5eeb1a213421}Gw64.sys [48776 2014-11-06] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 15:48 - 2014-11-13 15:49 - 00015993 _____ () C:\Users\tfs\Downloads\FRST.txt
2014-11-13 15:48 - 2014-11-13 15:48 - 00000000 ____D () C:\FRST
2014-11-13 15:47 - 2014-11-13 15:47 - 02116096 _____ (Farbar) C:\Users\tfs\Downloads\FRST64.exe
2014-11-13 15:44 - 2014-11-13 15:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 15:44 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 15:32 - 2014-06-11 01:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-11-13 15:32 - 2014-06-11 01:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-13 15:12 - 2014-11-13 15:12 - 00000000 ____D () C:\Users\tfs\AppData\Local\CrashDumps
2014-11-13 14:56 - 2014-11-13 14:56 - 00244088 _____ () C:\Users\tfs\Downloads\Firefox Setup Stub 33.1.exe
2014-11-13 14:39 - 2014-11-13 15:09 - 00000000 ____D () C:\Users\tfs\AppData\Local\Mozilla
2014-11-13 14:39 - 2014-11-13 14:59 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-13 14:39 - 2014-11-13 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-13 14:39 - 2014-11-13 14:39 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\Mozilla
2014-11-13 14:39 - 2014-11-13 14:39 - 00000000 ____D () C:\ProgramData\Mozilla
2014-11-13 14:38 - 2014-11-13 15:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-13 14:14 - 2014-11-13 14:14 - 00000247 _____ () C:\Windows\system32\2014-11-13-11-14-42.008-aswFe.exe-6984.log
2014-11-13 14:03 - 2014-11-13 14:14 - 00000247 _____ () C:\Windows\system32\2014-11-13-11-03-45.081-aswFe.exe-4976.log
2014-11-13 14:03 - 2014-11-13 14:03 - 00000197 _____ () C:\Windows\system32\2014-11-13-11-03-38.060-AvastVBoxSVC.exe-6688.log
2014-11-13 13:57 - 2014-11-13 15:12 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\vlc
2014-11-13 13:56 - 2014-11-13 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-11-13 13:56 - 2014-11-13 13:56 - 00000000 ____D () C:\Program Files\VideoLAN
2014-11-13 13:55 - 2014-11-13 13:55 - 25611537 _____ () C:\Users\tfs\Downloads\vlc-2.1.5-win64.exe
2014-11-13 13:55 - 2014-11-13 13:55 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\0F1L1I1P0H1L1E1E1F
2014-11-13 13:55 - 2014-11-13 13:55 - 00000000 ____D () C:\Program Files\McAfee
2014-11-13 13:54 - 2014-11-13 13:54 - 00004018 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-11-13 13:47 - 2014-11-13 13:48 - 00798912 _____ ( ) C:\Users\tfs\Downloads\vlc-2.1.5-win64_inst.exe
2014-11-08 22:24 - 2014-11-08 22:24 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\LINE.lnk
2014-11-08 22:24 - 2014-11-08 22:24 - 00000000 ____D () C:\Users\tfs\AppData\Local\Line
2014-11-08 22:24 - 2014-11-08 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LINE
2014-11-08 22:23 - 2014-11-08 22:23 - 00000000 ____D () C:\Program Files (x86)\Naver
2014-11-08 22:20 - 2014-11-08 22:22 - 17871208 _____ (LINE Corporation) C:\Users\tfs\Downloads\LineInst.exe
2014-11-08 21:47 - 2014-11-08 21:47 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-08 21:47 - 2014-11-08 21:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-08 21:47 - 2014-11-08 21:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-08 21:38 - 2012-12-13 07:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-11-08 21:38 - 2012-12-13 06:59 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-11-08 21:36 - 2014-11-08 21:36 - 00000020 _____ () C:\ProgramData\bc.ini
2014-11-08 21:34 - 2013-11-01 08:38 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-11-08 21:34 - 2013-11-01 06:49 - 00273408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-11-08 21:29 - 2014-11-08 21:29 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\AVAST Software
2014-11-08 21:28 - 2014-11-13 13:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-08 21:28 - 2014-11-08 21:47 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-08 21:28 - 2014-11-08 21:47 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-08 21:28 - 2014-11-08 21:47 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-08 21:28 - 2014-11-08 21:47 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-08 21:28 - 2014-11-08 21:47 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-08 21:28 - 2014-11-08 21:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-08 21:28 - 2014-11-08 21:46 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-08 21:26 - 2014-11-08 21:26 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-08 21:17 - 2014-11-08 21:17 - 00000187 _____ () C:\Windows\system32\netcfg-350187.txt
2014-11-08 21:15 - 2014-11-08 21:15 - 00000197 _____ () C:\Windows\system32\2014-11-08-18-15-14.067-AvastVBoxSVC.exe-4616.log
2014-11-08 18:50 - 2014-11-08 18:50 - 00000197 _____ () C:\Windows\system32\2014-11-08-15-50-53.001-AvastVBoxSVC.exe-4280.log
2014-11-08 18:48 - 2014-11-08 18:48 - 00000117 _____ () C:\Windows\system32\netcfg-113828.txt
2014-11-08 18:48 - 2014-11-08 18:48 - 00000117 _____ () C:\Windows\system32\netcfg-113312.txt
2014-11-08 18:48 - 2014-11-08 18:48 - 00000117 _____ () C:\Windows\system32\netcfg-112015.txt
2014-11-07 18:10 - 2014-11-07 18:10 - 00000117 _____ () C:\Windows\system32\netcfg-20157500.txt
2014-11-07 18:08 - 2014-11-07 18:08 - 00000117 _____ () C:\Windows\system32\netcfg-20094375.txt
2014-11-07 17:55 - 2014-11-07 17:55 - 00000117 _____ () C:\Windows\system32\netcfg-19303968.txt
2014-11-07 17:54 - 2014-11-07 17:54 - 00000117 _____ () C:\Windows\system32\netcfg-19224640.txt
2014-11-07 17:08 - 2014-11-07 17:08 - 00000117 _____ () C:\Windows\system32\netcfg-16493812.txt
2014-11-07 16:58 - 2014-11-07 16:58 - 00000117 _____ () C:\Windows\system32\netcfg-15850125.txt
2014-11-07 14:54 - 2014-11-07 14:54 - 00000000 ____D () C:\sources
2014-11-07 14:40 - 2014-11-13 13:30 - 00000000 ____D () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009
2014-11-07 14:35 - 2014-11-07 14:36 - 00000000 ____D () C:\Users\tfs\Downloads\Percy Jackson and the Olympians The Lightning Thief (2010)
2014-11-07 14:33 - 2014-11-07 14:33 - 00016200 _____ () C:\Users\tfs\Downloads\[kickass.to]percy.jackson.and.the.olympians.the.lightning.thief.2010.720p.brrip.x264.750mb.yify (3).torrent
2014-11-07 14:32 - 2014-11-07 14:32 - 00016200 _____ () C:\Users\tfs\Downloads\[kickass.to]percy.jackson.and.the.olympians.the.lightning.thief.2010.720p.brrip.x264.750mb.yify.torrent
2014-11-07 14:32 - 2014-11-07 14:32 - 00016200 _____ () C:\Users\tfs\Downloads\[kickass.to]percy.jackson.and.the.olympians.the.lightning.thief.2010.720p.brrip.x264.750mb.yify (2).torrent
2014-11-07 14:32 - 2014-11-07 14:32 - 00016200 _____ () C:\Users\tfs\Downloads\[kickass.to]percy.jackson.and.the.olympians.the.lightning.thief.2010.720p.brrip.x264.750mb.yify (1).torrent
2014-11-07 14:16 - 2014-11-07 14:16 - 00000000 ____D () C:\Users\tfs\Downloads\Percy Jackson And The Lightning Thief 2010 H264 XviD By Cazzabear
2014-11-07 14:10 - 2014-11-06 23:34 - 00048776 _____ (StdLib) C:\Windows\system32\Drivers\{3b8bbf2f-2888-4db1-9de7-5eeb1a213421}Gw64.sys
2014-11-07 14:04 - 2014-11-07 14:04 - 00008192 ____H () C:\Users\tfs\Desktop\photothumb.db
2014-11-07 13:56 - 2014-11-07 14:14 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\PhotoScape
2014-11-07 13:55 - 2014-11-07 13:56 - 00000000 ____D () C:\Program Files (x86)\PhotoScape
2014-11-07 13:55 - 2014-11-07 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2014-11-07 13:32 - 2014-11-08 21:43 - 00172544 ___SH () C:\Users\tfs\Desktop\Thumbs.db
2014-11-07 13:19 - 2014-11-07 13:19 - 00020964 _____ () C:\Users\tfs\Downloads\[kickass.to]percy.jackson.and.the.lightening.thief.2010.h264.xvid.by.cazzabear.nwrg.torrent
2014-11-07 13:09 - 2014-11-13 13:57 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\Baidu
2014-11-07 13:09 - 2014-11-08 21:39 - 00000000 ____D () C:\ProgramData\baidu
2014-11-07 13:09 - 2014-11-08 21:38 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2014-11-07 13:09 - 2014-11-07 14:19 - 00000000 ____D () C:\Users\tfs\Downloads\Avast Internet Security v.2015.10.0.0.2206 Incl License-=TEAM OS=-{HKRG}
2014-11-07 13:09 - 2014-11-07 13:09 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-11-07 13:09 - 2014-11-07 13:09 - 00000000 ____D () C:\Program Files (x86)\Baidu-Security-2014-4.4.4.82804
2014-11-07 13:08 - 2014-11-07 13:08 - 00014929 _____ () C:\Users\tfs\Downloads\[kickass.to]avast.internet.security.v.2015.10.0.0.2206.incl.license.till.2016.team.os.hkrg (1).torrent
2014-11-07 13:07 - 2014-11-07 13:07 - 00006604 _____ () C:\Users\tfs\Downloads\[kickass.to]utorrent.pro.torrent.app.v2.0.3.torrent
2014-11-07 13:06 - 2014-11-07 13:06 - 00000889 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-11-07 13:04 - 2014-11-07 13:04 - 01037648 _____ (BitTorrent Inc.) C:\Users\tfs\Downloads\utorrent-64-bit [1].exe
2014-11-07 13:04 - 2014-11-07 13:04 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2014-11-07 13:03 - 2014-11-07 13:03 - 00778696 _____ ( ) C:\Users\tfs\Downloads\utorrent-64-bit.exe
2014-11-07 13:01 - 2014-11-07 13:01 - 00000000 ____D () C:\Users\tfs\Downloads\Skeletons
2014-11-07 12:59 - 2014-11-07 12:59 - 01689168 _____ (BitTorrent Inc.) C:\Users\tfs\Downloads\uTorrent.exe
2014-11-07 12:57 - 2014-11-07 12:57 - 00770360 _____ ( ) C:\Users\tfs\Downloads\uTorrent_inst.exe
2014-11-07 12:54 - 2014-11-13 15:47 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\uTorrent
2014-11-07 12:54 - 2014-11-07 12:54 - 00000000 ____D () C:\ProgramData\APN
2014-11-07 12:53 - 2014-11-07 12:53 - 00014929 _____ () C:\Users\tfs\Downloads\[kickass.to]avast.internet.security.v.2015.10.0.0.2206.incl.license.till.2016.team.os.hkrg.torrent
2014-11-07 12:50 - 2014-11-07 12:51 - 00000247 _____ () C:\Windows\system32\2014-11-07-09-50-58.076-aswFe.exe-5404.log
2014-11-07 12:43 - 2014-11-07 12:50 - 00000247 _____ () C:\Windows\system32\2014-11-07-09-43-51.020-aswFe.exe-7668.log
2014-11-07 12:43 - 2014-11-07 12:43 - 00000197 _____ () C:\Windows\system32\2014-11-07-09-43-47.094-AvastVBoxSVC.exe-1604.log
2014-11-07 12:40 - 2014-11-07 12:40 - 00003732 _____ () C:\Windows\System32\Tasks\keepup
2014-11-07 12:40 - 2014-11-07 12:40 - 00001856 _____ () C:\Users\tfs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2014-11-07 12:40 - 2014-11-07 12:40 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-11-07 12:40 - 2014-11-07 12:40 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\VolIE
2014-11-07 12:40 - 2014-11-07 12:40 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\miaul
2014-11-07 12:38 - 2014-11-07 12:38 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-11-07 12:38 - 2014-11-07 12:38 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-07 12:35 - 2014-11-07 12:35 - 00000117 _____ () C:\Windows\system32\netcfg-80531.txt
2014-11-07 12:35 - 2014-11-07 12:35 - 00000117 _____ () C:\Windows\system32\netcfg-103250.txt
2014-11-07 07:02 - 2014-11-07 07:02 - 00000117 _____ () C:\Windows\system32\netcfg-431546.txt
2014-11-07 07:02 - 2014-11-07 07:02 - 00000117 _____ () C:\Windows\system32\netcfg-429906.txt
2014-11-07 07:01 - 2014-11-07 07:01 - 00000117 _____ () C:\Windows\system32\netcfg-408421.txt
2014-11-06 22:47 - 2014-11-13 15:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-06 22:47 - 2014-11-13 15:12 - 00000000 ____D () C:\Users\tfs\AppData\Local\Google
2014-11-06 22:46 - 2014-11-06 22:46 - 00000250 _____ () C:\Windows\system32\netcfg-1394953.txt
2014-11-06 22:46 - 2014-11-06 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-11-06 22:40 - 2014-11-06 22:40 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\SAMSUNG
2014-11-06 22:40 - 2014-11-06 22:40 - 00000000 ____D () C:\Users\tfs\.swt
2014-11-06 22:40 - 2014-11-06 22:40 - 00000000 ____D () C:\Upload
2014-11-06 22:40 - 2014-11-06 22:40 - 00000000 ____D () C:\ProgramData\SAMSUNG
2014-11-06 22:39 - 2014-11-06 22:40 - 00000000 ____D () C:\Program Files\Samsung
2014-11-06 22:37 - 2014-11-06 22:37 - 00000000 ____D () C:\Users\tfs\AppData\Local\Adobe
2014-11-06 22:34 - 2014-11-08 20:52 - 00000000 ____D () C:\Users\tfs\AppData\Local\Deployment
2014-11-06 22:34 - 2014-11-06 22:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-06 22:34 - 2014-11-06 22:34 - 00000000 ____D () C:\Users\tfs\AppData\Local\Apps\2.0
2014-11-06 22:33 - 2014-11-06 22:33 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-06 22:33 - 2014-11-06 22:33 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-06 22:31 - 2014-11-06 22:31 - 00000117 _____ () C:\Windows\system32\netcfg-522421.txt
2014-11-06 22:30 - 2014-11-06 22:30 - 00000117 _____ () C:\Windows\system32\netcfg-465093.txt
2014-11-06 22:30 - 2014-11-06 22:30 - 00000117 _____ () C:\Windows\system32\netcfg-461953.txt
2014-11-06 22:30 - 2014-11-06 22:30 - 00000117 _____ () C:\Windows\system32\netcfg-458812.txt
2014-11-06 22:30 - 2014-11-06 22:30 - 00000117 _____ () C:\Windows\system32\netcfg-456687.txt
2014-11-06 22:30 - 2014-11-06 22:30 - 00000117 _____ () C:\Windows\system32\netcfg-451671.txt
2014-11-06 22:29 - 2014-11-06 22:29 - 00000117 _____ () C:\Windows\system32\netcfg-424437.txt
2014-11-06 22:16 - 2014-11-06 22:16 - 00000117 _____ () C:\Windows\system32\netcfg-4889203.txt
2014-11-06 22:16 - 2014-11-06 22:16 - 00000117 _____ () C:\Windows\system32\netcfg-4880484.txt
2014-11-06 22:14 - 2014-11-08 21:25 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-06 22:14 - 2014-11-06 22:14 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\zpwlzssq.sys
2014-11-06 22:03 - 2014-11-06 22:03 - 00003236 _____ () C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-11-06 22:01 - 2014-11-06 22:01 - 00000000 ____D () C:\Users\tfs\AppData\Local\CrashRpt
2014-11-06 22:00 - 2014-11-07 16:05 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-11-06 22:00 - 2014-11-06 22:00 - 00000000 ____D () C:\Users\tfs\AppData\Local\globalUpdate
2014-11-06 21:59 - 2014-11-06 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-11-06 21:59 - 2014-11-06 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-11-06 21:58 - 2014-11-06 21:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2014-11-06 21:57 - 2014-11-07 13:07 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\TeraCopy
2014-11-06 21:57 - 2014-11-06 21:57 - 00000000 ____D () C:\Windows\PCHEALTH
2014-11-06 21:57 - 2014-11-06 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
2014-11-06 21:57 - 2014-11-06 21:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2014-11-06 21:57 - 2014-11-06 21:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-11-06 21:56 - 2014-11-07 12:40 - 00003248 _____ () C:\Windows\System32\Tasks\Java Update
2014-11-06 21:56 - 2014-11-06 21:57 - 00000000 ____D () C:\Program Files\TeraCopy
2014-11-06 21:56 - 2014-11-06 21:56 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\WinRAR
2014-11-06 21:55 - 2014-11-08 21:59 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\Fixs
2014-11-06 21:55 - 2014-11-07 12:40 - 00003728 _____ () C:\Windows\System32\Tasks\Office
2014-11-06 21:55 - 2014-11-07 12:40 - 00003210 _____ () C:\Windows\System32\Tasks\9A5A8340-6B15
2014-11-06 21:55 - 2014-11-07 12:40 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\ARHome
2014-11-06 21:55 - 2014-11-07 12:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-06 21:55 - 2014-11-06 21:55 - 00000049 _____ () C:\Windows\SysWOW64\ScrRecX.log
2014-11-06 21:55 - 2014-11-06 21:55 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\SPK
2014-11-06 21:55 - 2014-11-06 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
2014-11-06 21:55 - 2014-11-06 21:55 - 00000000 ____D () C:\Program Files (x86)\Office
2014-11-06 21:55 - 2008-08-18 19:18 - 00077824 _____ (Fox Magic Software) C:\Windows\SysWOW64\fmcodec.DLL
2014-11-06 21:54 - 2014-11-06 21:54 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-11-06 21:53 - 2014-11-06 21:54 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-06 21:53 - 2014-11-06 21:53 - 00000985 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2014-11-06 21:53 - 2014-11-06 21:53 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-06 21:53 - 2014-11-06 21:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-06 21:53 - 2014-05-20 02:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-06 21:53 - 2014-05-20 02:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-11-06 21:53 - 2014-05-20 02:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-06 21:53 - 2013-08-16 01:43 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-06 21:52 - 2014-11-06 21:52 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-11-06 21:52 - 2014-11-06 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO Opener
2014-11-06 21:52 - 2014-05-20 05:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-06 21:52 - 2014-05-20 02:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-06 21:52 - 2014-05-20 02:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-06 21:52 - 2014-05-20 02:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-06 21:52 - 2014-05-20 02:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-06 21:52 - 2014-05-20 02:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-06 21:52 - 2014-05-15 01:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-06 21:52 - 2014-05-15 01:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-06 21:52 - 2014-05-15 01:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-06 21:52 - 2014-05-15 01:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-06 21:52 - 2013-08-16 08:21 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-06 21:52 - 2013-08-16 08:21 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-06 21:52 - 2012-11-06 07:20 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-06 21:52 - 2012-11-06 07:00 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\wushareduxresources.dll
2014-11-06 21:51 - 2014-11-06 22:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-06 21:51 - 2014-11-06 21:52 - 00000000 ____D () C:\Program Files (x86)\ISO Opener
2014-11-06 21:51 - 2014-11-06 21:51 - 00000000 ____D () C:\Users\tfs\AppData\Local\Microsoft Help
2014-11-06 21:51 - 2014-11-06 21:51 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-11-06 21:51 - 2014-11-06 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2014-11-06 21:51 - 2014-11-06 21:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-11-06 21:50 - 2014-11-06 21:50 - 00000000 __RHD () C:\MSOCache
2014-11-06 21:36 - 2014-11-13 15:11 - 00000000 ___RD () C:\Users\tfs\Desktop\Appications
2014-11-06 21:26 - 2014-11-06 21:26 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-11-06 21:22 - 2014-11-06 21:22 - 00000000 ____D () C:\Users\tfs\AppData\Local\EgisTec IPS
2014-11-06 21:20 - 2014-11-13 15:26 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3172917033-425797819-4098313257-1001
2014-11-06 21:16 - 2014-11-06 21:16 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\Atheros
2014-11-06 21:15 - 2014-11-06 21:15 - 00000117 _____ () C:\Windows\system32\netcfg-1191406.txt
2014-11-06 21:14 - 2014-11-06 21:15 - 00000117 _____ () C:\Windows\system32\netcfg-1188468.txt
2014-11-06 21:14 - 2014-11-06 21:14 - 00001434 _____ () C:\Users\tfs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-06 21:14 - 2014-11-06 21:14 - 00000117 _____ () C:\Windows\system32\netcfg-1182312.txt
2014-11-06 21:14 - 2014-11-06 21:14 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-06 21:13 - 2014-11-06 22:37 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\Adobe
2014-11-06 21:13 - 2014-11-06 21:13 - 00000284 _____ () C:\Windows\WLangUpt.log
2014-11-06 21:13 - 2014-11-06 21:13 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\Macromedia
2014-11-06 21:13 - 2014-11-06 21:13 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\lm
2014-11-06 21:12 - 2014-11-13 15:48 - 01134740 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 21:12 - 2014-11-06 22:40 - 00000000 ____D () C:\Users\tfs
2014-11-06 21:12 - 2014-11-06 21:55 - 00000000 ____D () C:\Users\tfs\AppData\Local\VirtualStore
2014-11-06 21:12 - 2014-11-06 21:14 - 00000000 ____D () C:\Users\tfs\AppData\Local\Packages
2014-11-06 21:12 - 2014-11-06 21:12 - 00000020 ___SH () C:\Users\tfs\ntuser.ini
2014-11-06 21:12 - 2012-07-26 11:13 - 00000000 ___RD () C:\Users\tfs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-06 21:12 - 2012-07-26 11:13 - 00000000 ___RD () C:\Users\tfs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-06 21:12 - 2012-07-26 11:13 - 00000000 ___RD () C:\Users\tfs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-06 21:12 - 2012-07-26 11:13 - 00000000 ____D () C:\Users\tfs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-13 15:49 - 2012-07-26 10:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-13 15:48 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-11-13 15:44 - 2012-07-26 08:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-11-13 15:36 - 2012-07-26 08:38 - 00000000 ____D () C:\Windows\system32\oobe
2014-11-13 15:00 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\system32\sru
2014-11-13 13:36 - 2012-07-26 10:28 - 00848230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-13 13:29 - 2012-07-26 10:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-13 13:28 - 2012-08-04 00:19 - 00486220 _____ () C:\Windows\PFRO.log
2014-11-13 13:22 - 2012-09-05 04:07 - 00053284 _____ () C:\Windows\system32\wpbbin.exe
2014-11-08 21:23 - 2012-07-26 08:26 - 00000301 _____ () C:\Windows\win.ini
2014-11-08 18:47 - 2012-09-05 04:19 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-07 15:17 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\rescache
2014-11-07 15:09 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\WinStore
2014-11-07 15:09 - 2012-07-26 11:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-11-07 15:09 - 2012-07-26 11:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-07 15:09 - 2012-07-26 11:12 - 00000000 ____D () C:\Program Files\Common Files\System
2014-11-07 15:09 - 2012-07-26 11:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-11-07 15:09 - 2012-07-26 11:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-07 15:09 - 2012-07-26 10:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-11-07 15:09 - 2012-07-26 08:37 - 00000000 ____D () C:\Windows\servicing
2014-11-07 15:07 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-11-07 15:07 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\SysWOW64\migwiz
2014-11-07 15:07 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2014-11-07 15:07 - 2012-07-26 10:51 - 00000000 ____D () C:\Windows\SysWOW64\winrm
2014-11-07 15:07 - 2012-07-26 10:51 - 00000000 ____D () C:\Windows\SysWOW64\WCN
2014-11-07 15:07 - 2012-07-26 10:51 - 00000000 ____D () C:\Windows\SysWOW64\sysprep
2014-11-07 15:07 - 2012-07-26 10:51 - 00000000 ____D () C:\Windows\SysWOW64\slmgr
2014-11-07 15:07 - 2012-07-26 08:38 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-11-07 15:07 - 2012-07-26 08:38 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-11-07 15:06 - 2012-07-26 11:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-07 15:06 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\SysWOW64\Com
2014-11-07 15:06 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\system32\migwiz
2014-11-07 15:06 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-07 15:06 - 2012-07-26 10:51 - 00000000 ____D () C:\Windows\SysWOW64\Printing_Admin_Scripts
2014-11-07 15:06 - 2012-07-26 10:51 - 00000000 ____D () C:\Windows\system32\winrm
2014-11-07 15:01 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\system32\MUI
2014-11-07 15:01 - 2012-07-26 10:51 - 00000000 ____D () C:\Windows\system32\WCN
2014-11-07 15:01 - 2012-07-26 10:51 - 00000000 ____D () C:\Windows\system32\slmgr
2014-11-07 15:01 - 2012-07-26 08:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-11-07 15:01 - 2012-07-26 08:38 - 00000000 ____D () C:\Windows\system32\Dism
2014-11-07 14:59 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-11-07 14:56 - 2012-07-26 10:51 - 00000000 ____D () C:\Windows\system32\Printing_Admin_Scripts
2014-11-07 14:55 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2014-11-07 14:55 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\system32\Com
2014-11-07 12:40 - 2012-07-26 11:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-07 12:40 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-11-07 12:36 - 2012-09-05 04:19 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-07 07:53 - 2012-07-26 11:13 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2014-11-06 23:31 - 2012-07-26 08:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-06 22:23 - 2012-07-26 10:19 - 00422160 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-06 22:20 - 2012-07-26 11:12 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-11-06 21:58 - 2012-09-05 04:24 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-11-06 21:58 - 2012-07-26 10:52 - 00000000 ____D () C:\Windows\ShellNew
2014-11-06 21:57 - 2012-10-26 00:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-11-06 21:52 - 2012-07-26 11:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-06 21:50 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\system32\restore
2014-11-06 21:26 - 2012-07-26 10:21 - 00027700 _____ () C:\Windows\setupact.log
2014-11-06 21:22 - 2012-10-26 00:18 - 00000000 ____D () C:\ProgramData\EgisTec IPS
2014-11-06 21:14 - 2012-09-05 05:06 - 00000225 _____ () C:\Windows\User.xml
2014-11-06 21:14 - 2012-09-05 04:11 - 02235917 _____ () C:\Windows\launApp.log
2014-11-06 21:14 - 2012-08-04 00:40 - 00000000 ___HD () C:\Elements
2014-11-06 21:13 - 2012-10-26 00:00 - 00000000 ____D () C:\ProgramData\OEM
2014-11-06 21:13 - 2012-10-25 23:55 - 00000419 _____ () C:\Windows\WisLangCode.ini
2014-11-06 21:13 - 2012-09-05 04:51 - 00377768 _____ () C:\Windows\PLaunch.log
2014-11-06 21:13 - 2012-09-05 04:12 - 00000157 ___SH () C:\Windows\Preload.rev
2014-11-06 21:13 - 2012-09-05 04:11 - 00005410 _____ () C:\Windows\PatchFul.log

Some content of TEMP:
====================
C:\Users\tfs\AppData\Local\Temp\0254871415876164mcinst.exe
C:\Users\tfs\AppData\Local\Temp\appshat_generic.exe
C:\Users\tfs\AppData\Local\Temp\CloudBackup691.exe
C:\Users\tfs\AppData\Local\Temp\i4jdel0.exe
C:\Users\tfs\AppData\Local\Temp\ICReinstall_uTorrent_inst.exe
C:\Users\tfs\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\tfs\AppData\Local\Temp\utt643A.tmp.exe
C:\Users\tfs\AppData\Local\Temp\uttC5D0.tmp.exe
C:\Users\tfs\AppData\Local\Temp\ytaiesmt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2012-08-04 00:19

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by tfs at 2014-11-13 15:50:43
Running from C:\Users\tfs\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29333 - BitTorrent Inc.)
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
Adobe Reader XI (11.0.01) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.01 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
ETDWare PS/2-X64 11.6.6.002_WHQL (HKLM\...\Elantech) (Version: 11.6.6.002 - ELAN Microelectronic Corp.)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
ISO Opener (HKLM-x32\...\{CE235F00-F8CD-41AF-83D5-236D90E33BFB}_is1) (Version:  - www.isoopener.com)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
LINE (HKLM-x32\...\LINE) (Version: 3.7.6.116 - LINE Corporation)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.05 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.27023 - Realtek Semiconductor Corp.)
Samsung Link 2.0.0.1409291832 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1409291832 - Copyright 2013 SAMSUNG)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC Media Player 64-bit Packages (HKU\S-1-5-21-3172917033-425797819-4098313257-1001\...\VLC Media Player 64-bit Packages) (Version:  - ) <==== ATTENTION
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

06-11-2014 18:50:07 Installed Microsoft Office Professional Plus 2010
08-11-2014 18:16:12 avast! antivirus system restore point
13-11-2014 12:29:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 08:26 - 2012-07-26 08:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {13F30D96-A16B-42A5-AF3A-85BD292D705A} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {2843EC37-8BF8-4052-AFD8-42C2FD28E6AF} - System32\Tasks\Java Update => C:\Program Files (x86)\Java\Java.exe [2014-10-22] ()
Task: {34D321FF-62D6-4892-A910-FDDA6411C03D} - System32\Tasks\9A5A8340-6B15 => C:\Users\tfs\AppData\Roaming\ARHome\Updater.exe [2014-10-22] ()
Task: {47D1D1D0-78AC-4538-902F-620C1C1683DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-08] (AVAST Software)
Task: {62BE19C7-6518-4AEC-AB87-8E0E4310B6AD} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-30] ()
Task: {6BF59CDF-507C-49E9-838E-AA5FFD0F14C6} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\tfs\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {7257624D-6767-42B1-AB1B-733C51061AC2} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {78DEBB74-D9BC-4ECF-B133-BE1ABCB1B771} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-23] ()
Task: {8C774D55-1506-4F67-AE5D-2C8C006FB0CE} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {9747B699-9AE4-4815-8821-A324F9C83953} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-10-31] (Microsoft Corporation)
Task: {9E33E655-49D6-4F88-888E-1E7EA19CF9FB} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-23] ()
Task: {A2029C4D-FD6C-4AE0-B798-695096594D8E} - System32\Tasks\Office => C:\Program Files (x86)\Office\Office.exe [2014-10-22] ()
Task: {C54830FE-9B26-4A02-801E-4AD4ACDE0A48} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
Task: {C7CCA4F8-111A-4C90-B06E-0754CE272A4A} - System32\Tasks\keepup => C:\Users\tfs\AppData\Roaming\miaul\RJFC.exe [2014-10-20] ()
Task: {D71894E0-0D45-4B04-A58E-BB9A2F9153D2} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-22] ()
Task: {EFBE297E-3BCD-4561-8AAF-44107B506B4C} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {F6D4BC1D-5BA5-4C13-810E-00349D6674F3} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-23] (Acer Incorporated)

==================== Loaded Modules (whitelisted) =============

2014-11-06 22:40 - 2014-09-29 18:32 - 00025088 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2014-11-06 22:40 - 2014-09-29 18:32 - 02633728 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2014-11-06 22:40 - 2014-09-29 18:32 - 02540544 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-12-21 11:25 - 2013-12-21 11:25 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll
2013-12-21 11:26 - 2013-12-21 11:26 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll
2013-12-21 11:27 - 2013-12-21 11:27 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll
2013-10-22 09:52 - 2013-10-22 09:52 - 00030720 _____ () C:\Windows\SYSTEM32\MediaDB64.dll
2013-10-22 09:52 - 2013-10-22 09:52 - 00908800 _____ () C:\Windows\SYSTEM32\ContentDirectoryPresenter64.dll
2013-12-21 11:27 - 2013-12-21 11:27 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00049152 _____ () C:\Windows\SYSTEM32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00016896 _____ () C:\Windows\SYSTEM32\boost_system-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00058880 _____ () C:\Windows\SYSTEM32\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00299520 _____ () C:\Windows\SYSTEM32\boost_serialization-vc90-mt-1_47.dll
2014-11-07 11:42 - 2014-11-13 13:30 - 00123632 _____ () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.exe
2012-10-25 23:56 - 2012-08-08 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-06 22:40 - 2014-09-29 18:32 - 00049664 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2012-08-23 01:04 - 2012-08-23 01:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
2012-08-23 01:04 - 2012-08-23 01:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
2012-08-11 04:28 - 2012-08-11 04:28 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-11-08 21:46 - 2014-11-08 21:46 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-08 21:46 - 2014-11-08 21:46 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-06 21:57 - 2012-01-29 16:55 - 00657920 _____ () C:\Program Files\TeraCopy\TeraCopy64.dll
2014-10-22 14:19 - 2014-10-22 14:19 - 00187464 ____R () C:\Users\tfs\AppData\Roaming\ARHome\Updater.exe
2014-11-08 21:48 - 2014-11-08 21:48 - 02900992 _____ () C:\Program Files\AVAST Software\Avast\defs\14110809\algo.dll
2014-11-08 21:46 - 2014-11-08 21:46 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-11-13 15:30 - 2014-11-13 15:30 - 02902016 _____ () C:\Program Files\AVAST Software\Avast\defs\14111300\algo.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2012-08-23 09:26 - 2012-08-23 09:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-08-23 09:25 - 2012-08-23 09:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-08-23 09:26 - 2012-08-23 09:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-08-23 09:25 - 2012-08-23 09:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-08-23 09:25 - 2012-08-23 09:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-08-23 09:25 - 2012-08-23 09:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-08-23 09:26 - 2012-08-23 09:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2014-11-08 21:47 - 2014-11-08 21:47 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-10-25 23:35 - 2012-06-25 20:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-11-13 14:59 - 2014-11-07 03:09 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3172917033-425797819-4098313257-500 - Administrator - Disabled)
Guest (S-1-5-21-3172917033-425797819-4098313257-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3172917033-425797819-4098313257-1003 - Limited - Enabled)
tfs (S-1-5-21-3172917033-425797819-4098313257-1001 - Administrator - Enabled) => C:\Users\tfs

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Module
Description: Bluetooth USB Module
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/13/2014 03:48:53 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook

Error: (11/13/2014 03:48:53 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: Outlook8

Error: (11/13/2014 03:12:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 2.1.5.0, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.2.9200.16384, time stamp: 0x5010acd2
Exception code: 0xc0000005
Fault offset: 0x0000000000019c61
Faulting process id: 0x21bc
Faulting application start time: 0xvlc.exe0
Faulting application path: vlc.exe1
Faulting module path: vlc.exe2
Report Id: vlc.exe3
Faulting package full name: vlc.exe4
Faulting package-relative application ID: vlc.exe5

Error: (11/13/2014 02:38:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.

Error: (11/13/2014 02:38:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.

Error: (11/13/2014 01:34:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.

Error: (11/13/2014 01:34:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifest.

Error: (11/08/2014 09:56:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WWAHost.exe version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ec8

Start Time: 01cffb85adf134e7

Termination Time: 4294967295

Application Path: C:\Windows\System32\WWAHost.exe

Report Id: f7136c18-6778-11e4-be7e-206a8ae5c5ee

Faulting package full name: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: Windows.Store

Error: (11/08/2014 09:56:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Tsmoha)
Description: App winstore_cw5n1h2txyewy!Windows.Store did not launch within its allotted time.

Error: (11/06/2014 11:30:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Tsmoha)
Description: App Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo did not launch within its allotted time.


System errors:
=============
Error: (11/13/2014 03:19:03 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900.

Error: (11/13/2014 01:22:07 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/08/2014 10:30:45 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (11/08/2014 09:58:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Update AppEnable service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/08/2014 09:57:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Util AppEnable service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (11/08/2014 09:27:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Software Protection service hung on starting.

Error: (11/08/2014 09:20:11 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (11/08/2014 09:11:37 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/08/2014 06:46:56 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (11/07/2014 01:09:12 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Baidu Hips Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.


Microsoft Office Sessions:
=========================
Error: (11/13/2014 03:48:53 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook

Error: (11/13/2014 03:48:53 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: Outlook8

Error: (11/13/2014 03:12:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.2.9200.163845010acd2c00000050000000000019c6121bc01cfff30e3aecc61C:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dll4933a6a2-6b2e-11e4-be7f-206a8ae5c5ee

Error: (11/13/2014 02:38:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestG:\Downloads\Softwares\SoftonicDownloader_for_line(1).exe

Error: (11/13/2014 02:38:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestG:\Downloads\Softwares\SoftonicDownloader_for_line.exe

Error: (11/13/2014 01:34:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestG:\Downloads\Softwares\SoftonicDownloader_for_line(1).exe

Error: (11/13/2014 01:34:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_418c2a697189c07f.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985.manifestG:\Downloads\Softwares\SoftonicDownloader_for_line.exe

Error: (11/08/2014 09:56:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WWAHost.exe6.2.9200.163841ec801cffb85adf134e74294967295C:\Windows\System32\WWAHost.exef7136c18-6778-11e4-be7e-206a8ae5c5eewinstore_1.0.0.0_neutral_neutral_cw5n1h2txyewyWindows.Store

Error: (11/08/2014 09:56:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Tsmoha)
Description: winstore_cw5n1h2txyewy!Windows.Store

Error: (11/06/2014 11:30:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Tsmoha)
Description: Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo


==================== Memory info ===========================

Processor: Intel® Core™ i3-2365M CPU @ 1.40GHz
Percentage of memory in use: 62%
Total physical RAM: 3889.6 MB
Available physical RAM: 1459.32 MB
Total Pagefile: 7473.6 MB
Available Pagefile: 4702.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:144.89 GB) (Free:98.32 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:40.76 GB) (Free:21.82 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:97.66 GB) (Free:97.35 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:100.22 GB) (Free:85.4 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:48.83 GB) (Free:16.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: FFF14F34)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 000BF40B)
Partition 1: (Not Active) - (Size=100.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Attached Files


Edited by tfs4msa, 13 November 2014 - 07:25 AM.

    Advertisements

Register to Remove

#2 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 16 November 2014 - 06:20 PM

Hi and welcome


goGMWSt.gifP2P Warning

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programme(s), right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.

**************
Avast Internet Security
Baidu Antivirus
The above security programs are on your computer. Running two Antivirus at the same time will cause problems with the computer and with running corrective scripts.
One needs to be removed.

~~~~~~~~~~~~~~~

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
 

start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml
R1 {3b8bbf2f-2888-4db1-9de7-5eeb1a213421}Gw64; C:\Windows\System32\drivers\{3b8bbf2f-2888-4db1-9de7-5eeb1a213421}Gw64.sys [48776 2014-11-06] (StdLib)
C:\Users\tfs\AppData\Local\Temp\0254871415876164mcinst.exe
C:\Users\tfs\AppData\Local\Temp\appshat_generic.exe
C:\Users\tfs\AppData\Local\Temp\CloudBackup691.exe
C:\Users\tfs\AppData\Local\Temp\i4jdel0.exe
C:\Users\tfs\AppData\Local\Temp\ICReinstall_uTorrent_inst.exe
C:\Users\tfs\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\tfs\AppData\Local\Temp\utt643A.tmp.exe
C:\Users\tfs\AppData\Local\Temp\uttC5D0.tmp.exe
C:\Users\tfs\AppData\Local\Temp\ytaiesmt.exe
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


adwcleaner_download.png
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


thisisujrt.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
~~~~~~~~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 19 November 2014 - 05:48 AM

still need help?
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#4 Juliet

Juliet

    SuperHelper

  • Retired Classroom Teacher
  • 7,686 posts
  • Interests:Boo!....
  • MVP

Posted 22 November 2014 - 09:32 AM

Due to the lack of feedback this Topic is closed.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...


MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·