[demozast]

My daughter recently got her laptop back from her mothers house and it is SO slow it's nearly impossible to use. We bought her a different one, but would like to give this to the next oldest child to use as a starter laptop.  Takes forever to open Google Chrome and any webpage as well as restarting .   ANY help would be greatly appreciated!

 

She has a Dell Inspiron 1525 32-bit

 

 

 

Attached Files

•  FRST.txt   20.51KB   252 downloads
•  Addition.txt   24.96KB   225 downloads

[Advertisements]

Hi. My name is Brian, and I would be happy to look into your issue.
 

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

OK, let's take a look. Please do the following. Also going forward please post the contents of the logs directly into the post (vs. attaching) as it makes them easier to work with.

 

Step#1 - Warnings

You are running too many antivirus programs. This is not a good idea as this can cause problems such as slowness in computer speed, conflicts and cause more vulnerability to infection. It appears you are running Microsoft Security Essentials and AVG 2014. You need to uninstall one. My suggestion is to uninstall AVG 2014 and keep Microsoft Security Essentials but this is your choice. Instructions for doing so are here.

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   64bytes   215 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#3 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#4 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

Step#5 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. FRST Fix Log

2. Adwcleaner log

3. Junkware log
4. FRST and Addition logs

 

[BrianDrab]

Hi. My name is Brian, and I would be happy to look into your issue.
 

- General Instructions -

• Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
• I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
• Any fixes provided by myself are for this log file only and should not be used on any other systems.
• Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
• It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
• You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
• Please feel free to ask any questions, especially if you are having problems with my instructions.

- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
Internet Explorer - Click the Tools menu in the upper right-corner of the browser. Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

OK, let's take a look. Please do the following. Also going forward please post the contents of the logs directly into the post (vs. attaching) as it makes them easier to work with.

 

Step#1 - Warnings

You are running too many antivirus programs. This is not a good idea as this can cause problems such as slowness in computer speed, conflicts and cause more vulnerability to infection. It appears you are running Microsoft Security Essentials and AVG 2014. You need to uninstall one. My suggestion is to uninstall AVG 2014 and keep Microsoft Security Essentials but this is your choice. Instructions for doing so are here.

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   64bytes   215 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Step#3 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#4 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

Step#5 - Fresh Set of Logs
1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. FRST Fix Log

2. Adwcleaner log

3. Junkware log
4. FRST and Addition logs

 

[demozast]

Hopefully this is everything you need to start and I did it all correctly.  

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015

Ran by User (administrator) on USER-PC on 27-03-2015 18:08:14

Running from C:\Users\User\Desktop

Loaded Profiles: User (Available profiles: User & Guest)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Windows\System32\AEstSrv.exe

(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe

(IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(IDT, Inc.) C:\Windows\System32\stacsv.exe

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [167936 2008-05-04] (Alps Electric Co., Ltd.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [174872 2007-03-21] (Intel Corporation)

HKLM\...\Run: [PCMService] => C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.)

HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)

HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-27] (Adobe Systems Incorporated)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\Run: [Facebook Update] => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-04] (Facebook Inc.)

HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\Run: [BYR_AGENT] => C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe

HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\MountPoints2: F - F:\TL_Bootstrap.exe

HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\MountPoints2: {2a375657-b52f-11e2-b419-0023ae14f2fc} - F:\TLBootstrap_WPP.exe

HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\MountPoints2: {c1afb172-d7ea-11e2-9f94-0023ae14f2fc} - F:\TL_Bootstrap.exe

HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\MountPoints2: {f81c910c-e143-11e2-b882-0023ae14f2fc} - F:\TL_Bootstrap.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk

ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com...eron_ygames_ytb

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com...eron_ygames_ytb

HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=6090117

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)

BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 24.220.0.10 24.220.0.11

 

FireFox:

========

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)

FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)

FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-18] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-18] (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2194354101-4259944992-3842031963-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-2194354101-4259944992-3842031963-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-30]

 

Chrome: 

=======

CHR DefaultSearchKeyword: Default -> trovi.search

CHR DefaultSearchURL: Default -> http://www.trovi.com...rchTerms}&SSPV=

CHR DefaultSuggestURL: Default -> 

CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-26]

CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]

R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [647168 2007-07-25] (Intel Corporation) [File not signed]

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)

S2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [327680 2007-07-25] (Intel Corporation) [File not signed]

R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-03-25] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)

S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2011-02-14] (LG Electronics Inc.)

S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [20864 2011-02-14] (LG Electronics Inc.)

S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [25216 2011-02-14] (LG Electronics Inc.)

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-03-27 18:08 - 2015-03-27 18:08 - 00013454 _____ () C:\Users\User\Desktop\FRST.txt

2015-03-26 21:56 - 2015-03-26 21:56 - 00010476 _____ () C:\Users\User\Desktop\AdwCleaner[S0].txt

2015-03-26 21:54 - 2015-03-26 21:54 - 00000985 _____ () C:\Users\User\Desktop\JRT.txt

2015-03-26 21:47 - 2015-03-26 21:48 - 01388782 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe

2015-03-26 20:30 - 2015-03-26 20:37 - 00000000 ____D () C:\AdwCleaner

2015-03-26 20:28 - 2015-03-26 20:28 - 02168320 _____ () C:\Users\User\Desktop\AdwCleaner.exe

2015-03-26 17:07 - 2015-03-26 17:08 - 01135104 _____ (Farbar) C:\Users\User\Desktop\FRST.exe

2015-03-26 17:00 - 2015-03-27 18:08 - 00000000 ____D () C:\FRST

2015-03-26 16:59 - 2015-03-26 17:00 - 01135104 _____ (Farbar) C:\Users\User\Downloads\FRST.exe

2015-03-25 21:56 - 2015-03-25 21:56 - 00143800 _____ () C:\Windows\Minidump\Mini032515-01.dmp

2015-03-25 21:51 - 2015-03-25 21:51 - 00000000 __SHD () C:\found.008

2015-03-25 20:55 - 2015-03-25 22:56 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-25 20:54 - 2015-03-25 20:54 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-25 20:54 - 2015-03-25 20:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-25 20:54 - 2015-03-25 20:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2015-03-25 20:54 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-25 20:54 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-25 20:54 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-25 20:53 - 2015-03-25 20:53 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.1.4.1018.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-03-27 18:07 - 2006-11-02 07:52 - 00156726 _____ () C:\Windows\setupact.log

2015-03-27 18:05 - 2013-01-04 23:53 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2194354101-4259944992-3842031963-1000UA.job

2015-03-27 18:05 - 2012-10-31 14:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-27 18:05 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-27 18:05 - 2006-11-02 07:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-26 22:58 - 2013-01-04 23:53 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2194354101-4259944992-3842031963-1000Core.job

2015-03-26 20:52 - 2012-12-25 10:41 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-26 20:52 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-26 20:51 - 2006-11-02 08:01 - 00032520 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-03-26 20:49 - 2009-01-17 04:52 - 01633252 _____ () C:\Windows\WindowsUpdate.log

2015-03-26 20:39 - 2012-12-28 01:16 - 00005972 _____ () C:\Users\User\AppData\Local\d3d9caps.dat

2015-03-26 19:44 - 2014-06-03 18:37 - 00000000 ____D () C:\ProgramData\MFAData

2015-03-26 19:44 - 2008-01-20 21:47 - 00123258 _____ () C:\Windows\PFRO.log

2015-03-25 22:16 - 2006-11-02 05:33 - 00758286 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-25 21:56 - 2012-10-26 15:50 - 00000000 ____D () C:\Windows\Minidump

2015-03-25 21:55 - 2012-10-26 15:49 - 196209936 _____ () C:\Windows\MEMORY.DMP

2015-03-25 20:42 - 2012-10-31 14:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-03-25 20:42 - 2012-10-31 14:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-03-18 18:35 - 2012-12-25 10:41 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

 

==================== Files in the root of some directories =======

 

2014-06-30 00:34 - 2014-06-30 00:34 - 6010880 _____ () C:\Program Files\GUTA0A3.tmp

2013-07-13 04:28 - 2013-07-13 04:28 - 4188160 _____ () C:\Program Files\GUTFDAB.tmp

2013-01-14 01:49 - 2012-02-01 15:03 - 3278888 _____ (Yahoo! Inc.) C:\Users\User\AppData\Roaming\ytb_8.4.3.34_2.4.6_mail_bts_pub_uber_Rev_setup_2012.01.19.01.exe

2012-12-28 01:16 - 2015-03-26 20:39 - 0005972 _____ () C:\Users\User\AppData\Local\d3d9caps.dat

2012-12-25 10:28 - 2013-02-01 00:35 - 0003584 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

Some content of TEMP:

====================

C:\Users\User\AppData\Local\Temp\Quarantine.exe

C:\Users\User\AppData\Local\Temp\sqlite3.dll

 

 

Some zero byte size files/folders:

==========================

C:\Windows\System32\msieftp.dll

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-03-26 20:53

 

==================== End Of Log ============================

 

# AdwCleaner v4.113 - Logfile created 26/03/2015 at 20:36:56

# Updated 22/03/2015 by Xplode

# Database : 2015-03-26.1 [Server]

# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)

# Username : User - USER-PC

# Running from : C:\Users\User\Desktop\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

Service Deleted : YahooAUService

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\SweetIM

Folder Deleted : C:\ProgramData\Systweak

Folder Deleted : C:\ProgramData\Trymedia

Folder Deleted : C:\Program Files\Advanced System Protector

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\MyPC Backup

Folder Deleted : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

Folder Deleted : C:\Windows\system32\ARFC

Folder Deleted : C:\Windows\system32\WNLT

Folder Deleted : C:\Users\User\AppData\Local\Conduit

Folder Deleted : C:\Users\User\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\User\AppData\Roaming\PerformerSoft

Folder Deleted : C:\Users\User\AppData\Roaming\Systweak

File Deleted : C:\END

File Deleted : C:\Windows\system32\dmwu.exe

File Deleted : C:\Windows\system32\ImhxxpComm.dll

File Deleted : C:\Users\User\AppData\LocalLow\SkwConfig.bin

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com

Key Deleted : HKLM\SOFTWARE\Classes\sim-packages

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\performersoft llc

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\WNLT

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\systweak

Key Deleted : HKLM\SOFTWARE\Trymedia Systems

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B

Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16520

 

 

-\\ Google Chrome v41.0.2272.101

 

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={BA722F13-53B0-408D-878E-3F7B5CBAD904}&crg=3.61010009&st=23&ptr=100

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3318152&octid=EB_ORIGINAL_CTID&ISID=M55B6AC67-0861-4104-9466-6324808B7491&SearchSource=58&CUI=&UM=2&UP=SP00CDE773-2A09-442E-AFF4-7064F6C67435&q={searchTerms}&SSPV=

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3318152&octid=EB_ORIGINAL_CTID&ISID=M55B6AC67-0861-4104-9466-6324808B7491&SearchSource=58&CUI=&UM=2&UP=SP00CDE773-2A09-442E-AFF4-7064F6C67435&q={searchTerms}&SSPV=

 

*************************

 

AdwCleaner[R0].txt - [10647 bytes] - [26/03/2015 20:30:41]

AdwCleaner[S0].txt - [10335 bytes] - [26/03/2015 20:36:56]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10395  bytes] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.6 (03.22.2015:1)

OS: Windows Vista ™ Home Premium x86

Ran by User on Thu 03/26/2015 at 21:48:46.60

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{503EF254-3618-47B7-AC13-FAB1D2AA0BFE}

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Windows\wininit.ini"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\pcdr"

Successfully deleted: [Folder] "C:\Users\User\Local Settings\Application Data\cre"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 03/26/2015 at 21:54:50.31

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015

Ran by User at 2015-03-27 18:09:19

Running from C:\Users\User\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)

Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)

Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)

Cake Queen (HKLM\...\Cake Queen_is1) (Version: 1.0 - Media Contact LLC)

CleanUp! (HKLM\...\CleanUp!) (Version:  - )

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.74.00 - Conexant)

Dell Best of Web (HKLM\...\{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}) (Version: 1.00.0000 - Dell)

Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)

Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08267 - Dell)

Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1.103.4 - Alps Electric)

Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)

Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)

Google Earth Plug-in (HKLM\...\{79361740-EAE3-11E2-9911-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )

Intel® PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.01.0000 - Intel Corporation)

Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)

Java™ 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)

LG United Mobile Drivers (HKLM\...\{B03954CC-E130-4E57-BC83-869978685902}) (Version: 3.3.0.0 - LG Electronics)

Magic Jigsaw (HKLM\...\MagicJigsaw_is1) (Version: 1.0 - Media Contact LLC)

Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

mCore (Version: 9.24.0000 - Intel Corporation) Hidden

MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 3.5 - Dell)

mHelp (Version: 9.24.0000 - Intel) Hidden

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

mMHouse (Version: 9.24.0000 - Intel Corporation) Hidden

Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.24.0 - Dell)

mPfMgr (Version: 9.24.0000 - Intel Corporation) Hidden

MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

mWMI (Version: 9.24.0000 - Intel Corporation) Hidden

OutlookAddinSetup (HKLM\...\{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}) (Version: 1.0.0 - CyberLink)

Plants vs. Zombies (HKLM\...\Plants vs. Zombies) (Version:  - PopCap Games)

QualXServ Service Agreement (HKLM\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.)

QuickSet (HKLM\...\{4B6AD248-D3BF-426A-8D64-847288154F13}) (Version: 8.2.20 - Dell Inc.)

Red Light Center 3D Client (HKLM\...\Red Light Center 3D Client) (Version: 1.9.4421 - Utherverse Digital Inc)

Slingo Supreme (HKLM\...\am-slingosupreme) (Version:  - gamehouse)

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

THE GAME OF LIFE (HKLM\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005734}) (Version:  - Oberon Media)

Unity Web Player (HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version:  - )

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2194354101-4259944992-3842031963-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-2194354101-4259944992-3842031963-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

CustomCLSID: HKU\S-1-5-21-2194354101-4259944992-3842031963-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\User\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-2194354101-4259944992-3842031963-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\User\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)

CustomCLSID: HKU\S-1-5-21-2194354101-4259944992-3842031963-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

==================== Restore Points  =========================

 

26-03-2015 19:30:27 Removed AVG 2014

26-03-2015 19:34:52 Removed AVG 2014

26-03-2015 20:19:12 Restore Point Created by FRST

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {04744CBC-0A96-4219-8639-E4240B02621B} - System32\Tasks\Norton Security Scan for User => C:\PROGRA~1\NORTON~2\Engine\401~1.16\Nss.exe

Task: {1A5B2D1D-CD0B-4F55-93D7-4022758B62CC} - System32\Tasks\{288F86D8-25FB-40BC-B881-F089F1049D84} => pcalua.exe -a C:\LGMobileUpgrade\LGMOBILEAX\BYRLauncher.exe -d C:\LGMobileUpgrade\LGMOBILEAX\

Task: {303987C1-3B80-4F2F-867A-6202D1EF7ADA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2194354101-4259944992-3842031963-1000Core => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04] (Facebook Inc.)

Task: {30C33844-0890-478C-B53D-5C931729608A} - \Advanced System Protector_startup No Task File <==== ATTENTION

Task: {432E53D9-BEDD-43B3-8C18-417C6AB2E394} - \PC Performer_DEFAULT No Task File <==== ATTENTION

Task: {6DBA4281-7CF3-4A7F-A999-655DCAB254A7} - \PC Performer_UPDATES No Task File <==== ATTENTION

Task: {7FCEE231-2EE7-45A2-8E80-1360841F04C3} - \PC Performer No Task File <==== ATTENTION

Task: {A232FB45-58C3-45FB-8C94-14E75E56818F} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan No Task File <==== ATTENTION

Task: {A6395106-69A9-4E31-8F2C-72A228E58990} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-25] (Google Inc.)

Task: {ACFDE225-0A48-47CC-B88E-2E429FFE5774} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2194354101-4259944992-3842031963-1000UA => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-04] (Facebook Inc.)

Task: {D14638DE-33A9-4FB6-85EF-C82BDF3F066C} - \RegClean Pro No Task File <==== ATTENTION

Task: {E0A878AE-6048-43AE-A079-078F9C9508DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-25] (Adobe Systems Incorporated)

Task: {EEE9DDB4-669C-45F9-AF52-428DDCBA6DC5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-12-25] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\0214dUpdateInfo.job => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe

Task: C:\Windows\Tasks\1114avUpdateInfo.job => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2194354101-4259944992-3842031963-1000Core.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2194354101-4259944992-3842031963-1000UA.job => C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2007-04-25 11:55 - 2007-04-25 11:55 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll

2007-07-25 17:25 - 2007-07-25 17:25 - 00118784 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL

2013-08-16 03:46 - 2013-08-16 03:46 - 00284160 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\0e47927f23b2b510e83586cabb6dfa3e\VistaBridgeLibrary.ni.dll

2015-03-26 19:53 - 2015-03-14 05:12 - 09278792 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.101\pdf.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:CCB55ECB

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2194354101-4259944992-3842031963-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Pictures\Sample Pictures\Oryx Antelope.jpg

DNS Servers: 24.220.0.10 - 24.220.0.11

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2194354101-4259944992-3842031963-500 - Administrator - Disabled)

Guest (S-1-5-21-2194354101-4259944992-3842031963-501 - Limited - Disabled) => C:\Users\Guest

User (S-1-5-21-2194354101-4259944992-3842031963-1000 - Administrator - Enabled) => C:\Users\User

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

 

System errors:

=============

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2015-03-27 18:09:00.129

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-27 18:08:59.754

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-27 18:08:59.161

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-27 18:08:58.771

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-27 18:08:58.132

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-27 18:08:57.757

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-27 18:08:57.258

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-27 18:08:56.619

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-27 18:08:27.823

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2015-03-27 18:08:27.449

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Celeron® CPU 560 @ 2.13GHz

Percentage of memory in use: 56%

Total physical RAM: 2037.31 MB

Available physical RAM: 880.11 MB

Total Pagefile: 4313.9 MB

Available Pagefile: 3095.77 MB

Total Virtual: 2047.88 MB

Available Virtual: 1918.49 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:57.34 GB) (Free:24.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.32 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 74.5 GB) (Disk ID: 696D9402)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)

Partition 3: (Active) - (Size=57.3 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=2.5 GB) - (Type=OF Extended)

 

==================== End Of Log ============================

[BrianDrab]

You missed the FixLog.txt but that's OK. We'll get it on this round. How's the machine doing? It looks much better. Please do the following.

 

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop.  fixlist.txt   1.19KB   226 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#2 - Malwarebytes Scan

• I see you have Malwarebytes installed which is great. Please open this program.
• If an update is found you will be prompted to download and install. Go ahead.
• Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
• 
   
• Click the Scan button at the top of the form and then click Start Scan button and let complete.
• If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
• 
• Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
• .

 
Step#3 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.

 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).

 

Step#4 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

 

 

 

Items for your next post

1. FRST Fix Log

2. Malwarebytes Log

3. Security Check Log

[demozast]

It's a lot better, but still slow when opening the internet.  There is a box that pops up but of course I didn't get a shot of it

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015

Ran by User at 2015-03-27 19:27:48 Run:2

Running from C:\Users\User\Desktop

Loaded Profiles: User (Available profiles: User & Guest)

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

CreateRestorePoint:

CHR DefaultSearchKeyword: Default -> trovi.search

CHR DefaultSearchURL: Default -> http://www.trovi.com...rchTerms}&SSPV=

Task: {04744CBC-0A96-4219-8639-E4240B02621B} - System32\Tasks\Norton Security Scan for User => C:\PROGRA~1\NORTON~2\Engine\401~1.16\Nss.exe

Task: {30C33844-0890-478C-B53D-5C931729608A} - \Advanced System Protector_startup No Task File <==== ATTENTION

Task: {432E53D9-BEDD-43B3-8C18-417C6AB2E394} - \PC Performer_DEFAULT No Task File <==== ATTENTION

Task: {6DBA4281-7CF3-4A7F-A999-655DCAB254A7} - \PC Performer_UPDATES No Task File <==== ATTENTION

Task: {7FCEE231-2EE7-45A2-8E80-1360841F04C3} - \PC Performer No Task File <==== ATTENTION

Task: {A232FB45-58C3-45FB-8C94-14E75E56818F} - \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan No Task File <==== ATTENTION

Task: {D14638DE-33A9-4FB6-85EF-C82BDF3F066C} - \RegClean Pro No Task File <==== ATTENTION

Task: C:\Windows\Tasks\0214dUpdateInfo.job => C:\ProgramData\Avg_Update_0214d\0214d_AVG-Secure-Search-Update.exe

Task: C:\Windows\Tasks\1114avUpdateInfo.job => C:\ProgramData\Avg_Update_1114av\1114av_AVG-Secure-Search-Update.exe

AlternateDataStreams: C:\ProgramData\TEMP:CCB55ECB

EmptyTemp:

*****************

 

Restore point was successfully created.

Chrome DefaultSearchKeyword deleted successfully.

Chrome DefaultSearchURL deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04744CBC-0A96-4219-8639-E4240B02621B}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04744CBC-0A96-4219-8639-E4240B02621B}" => Key deleted successfully.

C:\Windows\System32\Tasks\Norton Security Scan for User => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Scan for User" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30C33844-0890-478C-B53D-5C931729608A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30C33844-0890-478C-B53D-5C931729608A}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{432E53D9-BEDD-43B3-8C18-417C6AB2E394}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{432E53D9-BEDD-43B3-8C18-417C6AB2E394}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_DEFAULT" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DBA4281-7CF3-4A7F-A999-655DCAB254A7}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DBA4281-7CF3-4A7F-A999-655DCAB254A7}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer_UPDATES" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7FCEE231-2EE7-45A2-8E80-1360841F04C3}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FCEE231-2EE7-45A2-8E80-1360841F04C3}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Performer" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A232FB45-58C3-45FB-8C94-14E75E56818F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A232FB45-58C3-45FB-8C94-14E75E56818F}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D14638DE-33A9-4FB6-85EF-C82BDF3F066C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D14638DE-33A9-4FB6-85EF-C82BDF3F066C}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key deleted successfully.

C:\Windows\Tasks\0214dUpdateInfo.job => Moved successfully.

C:\Windows\Tasks\1114avUpdateInfo.job => Moved successfully.

C:\ProgramData\TEMP => ":CCB55ECB" ADS removed successfully.

EmptyTemp: => Removed 40.8 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 19:28:34 ====

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 3/27/2015

Scan Time: 7:40:35 PM

Logfile: 

Administrator: Yes

 

Version: 2.01.4.1018

Malware Database: v2015.03.27.10

Rootkit Database: v2015.03.26.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: User

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 349054

Time Elapsed: 32 min, 14 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

 Results of screen317's Security Check version 0.99.99  

 Windows Vista Service Pack 2 x86 (UAC is enabled)  

 Internet Explorer 9  

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 45  

 Java™ 6 Update 7  

 Java version 32-bit out of Date! 

 Adobe Reader 10.1.4 Adobe Reader out of Date!  

 Google Chrome 38.0.2125.122 Google Chrome out of date!  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbam.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 31 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log`````````````````````` 

 

[BrianDrab]

OK, now that the malware is off of your machine let's get your machine buttoned up from exploits and vulnerabilities.

 

1. Keeping Java Updated
If you don't use Java or don't know if you need Java, please simply uninstall Java 7 Update 45 and Java™ 6 Update 7 from your machine and skip this step. If you do use it please read on.

WARNING: Java is one of the most exploited programs at this time. The Department of Homeland Security recommends that computer users disable Java. You can read more about this here.
I would recommend that you completely uninstall Java unless you need it to run an important software. If you need it or are unsure or uncomfortable with removing it then I would recommend that you disable Java in your browsers until you need it and then enable it at that time. (See How to disable Java in your web browser and How to unplug Java from the browser). If you don't uninstall it, it's also important that you follow the directions below to update to the latest version of Java.
 
1. Go to this page to download the latest version of Java SE Runtime Environment JRE 8 Update 40.
2. When you click this link you will need to click the "Accept License Agreement" radio button and then click on the "Windows x86 Offline" installer link. You will notice that there is also a Windows x64 link option, however even if you are using a 64-bit operating system, it's very likely you aren't running a 64-bit browser and should only download the "Windows x86 Offline" installer. To determine if you are using a 64-bit browser you can follow these instructions. If you find that you ARE using a 64-bit browser then you can download the "Windows x64" one.

 
3. Once you click on the appropriate link, please download this to your Desktop like we have with all of our tools.
4. Close any programs you may have running - especially your web browser.
5. Now we need to uninstall all versions of Java that are currently on your machine before we install the newest version. Go to Add/Remove programs (instructions are here) and uninstall any item that appears in the list that has the following as part of the name: Java 7 Update 45 and Java™ 6 Update 7
6. Reboot your computer once all Java components are removed.
7. Then from your desktop, right click on the file that was downloaded (jre-8u40-windows-i586.exe or jre-8u40-windows-x64.exe) and select Run as an Administrator to install the latest version. Accept all the defaults and you're good to go.
Note: Java has been notorious for installing foistware (software downloaded without the users knowledge). If you follow the instructions I provided no foistware will be installed but that doesn't mean it won't in the future. While performing the install of this software or any software for that matter, pay attention to each screen and ensure you uncheck any extra software that you don't want installed (i.e. Ask Toolbar, Chrome Browser, etc.).

 

2. Keep Adobe Reader Updated
1. Uninstall Adobe Reader. Click here for instructions on how to uninstall a program.
2. Install the newest version from this website.
Note: Make sure to uncheck the Optional Offer (i.e. Google Chrome, Google Toolbar) unless you really want it.
NOTE: You should disable JavaScript in the program as this is a highly exploitable method for the bad guys to get in your machine. Follow these instructions to disable it in Adobe Reader.
1. Open Adobe Reader
2. Select Edit from the menu and select Preferences
3. Click on JavaScript in the left column and uncheck Enable Acrobat JavaScript.
4. Click OK and close the program.
NOTE: Many installers, including Adobe Reader, offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

 

3. Update Google Chrome.

It's extremely important to keep your internet browser current to avoid vulnerabilities. Please update to the newest version of 41. Instructions for doing so are here.

 

Let me know when this is done. Thanks.

[demozast]

got all this done.  I attached a picture of the box that continues to pop up.  So far this is way better and I appreciate all you've done so far

Attached Thumbnails

• 

[BrianDrab]

Thanks for the info. Please do the following so we can track down the issue.

 

Step#1 - Retrieve Event Log Messages
1. Download Event Viewer Tool  by Vino Rosso to your Desktop
2. Right-click on the file (VEW.exe) and select Run as administrator.
3. Check the options as shown below and put 20 in for the number of events.
4. Click Run. After a few moments, notepad will open with the contents of the Event Logs. Please copy and paste these in your next post. Thank you.
 

 
 

[demozast]

Vino's Event Viewer v01c run on Windows Vista in English

Report run at 28/03/2015 10:53:09 AM

 

Note: All dates below are in the format dd/mm/yyyy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Information Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 28/03/2015 3:52:44 PM

Type: Information Category: 0

Event: 1531 Source: Microsoft-Windows-User Profiles Service

The User Profile Service has started successfully.    

 

Log: 'Application' Date/Time: 28/03/2015 3:52:26 PM

Type: Information Category: 1

Event: 1003 Source: Microsoft-Windows-Search

The Windows Search Service started.

 

 

Log: 'Application' Date/Time: 28/03/2015 3:52:22 PM

Type: Information Category: 1

Event: 102 Source: ESENT

Windows (3336) Windows: The database engine (6.00.6002.0000) started a new instance (0).

 

Log: 'Application' Date/Time: 28/03/2015 3:50:37 PM

Type: Information Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <Sens> was unavailable to handle a notification event.

 

Log: 'Application' Date/Time: 28/03/2015 2:24:58 PM

Type: Information Category: 0

Event: 6000 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <Sens> was unavailable to handle a notification event.

 

Log: 'Application' Date/Time: 28/03/2015 2:24:05 PM

Type: Information Category: 0

Event: 5617 Source: Microsoft-Windows-WMI

Windows Management Instrumentation Service subsystems initialized successfully

 

Log: 'Application' Date/Time: 28/03/2015 2:23:05 PM

Type: Information Category: 0

Event: 5615 Source: Microsoft-Windows-WMI

Windows Management Instrumentation Service started sucessfully

 

Log: 'Application' Date/Time: 28/03/2015 2:21:15 PM

Type: Information Category: 0

Event: 1001 Source: Windows Error Reporting

Fault bucket 3302396490, type 1 Event Name: APPCRASH Response: None Cab Id: 0  Problem signature: P1: svchost.exe_wuauserv P2: 6.0.6001.18000 P3: 47918b89 P4: kernel32.dll P5: 6.0.6002.18704 P6: 5065ccb6 P7: c0000005 P8: 00071cf6 P9:  P10:   Attached files: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WER4EF4.tmp.version.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WER4EF5.tmp.appcompat.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WER4F92.tmp.hdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WERCEC1.tmp.mdmp  These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report09f70892

 

Log: 'Application' Date/Time: 28/03/2015 2:17:28 PM

Type: Information Category: 0

Event: 0 Source: gupdate

The event description cannot be found.

 

Log: 'Application' Date/Time: 28/03/2015 2:17:28 PM

Type: Information Category: 0

Event: 0 Source: gupdatem

The event description cannot be found.

 

Log: 'Application' Date/Time: 28/03/2015 2:13:55 PM

Type: Information Category: 0

Event: 1042 Source: MsiInstaller

Ending a Windows Installer transaction: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\AcroRead.msi. Client Process Id: 1624.

 

Log: 'Application' Date/Time: 28/03/2015 2:13:55 PM

Type: Information Category: 0

Event: 1033 Source: MsiInstaller

Windows Installer installed the product. Product Name: Adobe Reader X (10.1.4). Product Version: 10.1.4. Product Language: 1033. Installation success or error status: 0.

 

Log: 'Application' Date/Time: 28/03/2015 2:13:55 PM

Type: Information Category: 0

Event: 11707 Source: MsiInstaller

Product: Adobe Reader X (10.1.4) -- Installation operation completed successfully.

 

Log: 'Application' Date/Time: 28/03/2015 2:13:55 PM

Type: Information Category: 0

Event: 1036 Source: MsiInstaller

Windows Installer installed an update. Product Name: Adobe Reader X (10.1.4). Product Version: 10.1.4. Product Language: 1033. Update Name: Adobe Reader X (10.1.4). Installation success or error status: 0.

 

Log: 'Application' Date/Time: 28/03/2015 2:13:55 PM

Type: Information Category: 0

Event: 1022 Source: MsiInstaller

Product: Adobe Reader X (10.1.4) - Update 'Adobe Reader X (10.1.4)' installed successfully.

 

Log: 'Application' Date/Time: 28/03/2015 2:12:33 PM

Type: Information Category: 1

Event: 103 Source: ESENT

Windows (2960) Windows: The database engine stopped the instance (0).

 

Log: 'Application' Date/Time: 28/03/2015 2:12:31 PM

Type: Information Category: 1

Event: 1013 Source: Microsoft-Windows-Search

Windows Search Service stopped normally.

 

 

Log: 'Application' Date/Time: 28/03/2015 2:12:20 PM

Type: Information Category: 0

Event: 1040 Source: MsiInstaller

Beginning a Windows Installer transaction: C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA1000000001}\AcroRead.msi. Client Process Id: 1624.

 

Log: 'Application' Date/Time: 28/03/2015 2:11:31 PM

Type: Information Category: 0

Event: 8224 Source: VSS

The VSS service is shutting down due to idle timeout. 

 

Log: 'Application' Date/Time: 28/03/2015 2:10:18 PM

Type: Information Category: 1

Event: 1003 Source: Microsoft-Windows-Search

The Windows Search Service started.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 28/03/2015 2:24:58 PM

Type: Warning Category: 0

Event: 6001 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <Sens> failed a notification event.

 

Log: 'Application' Date/Time: 28/03/2015 2:58:59 AM

Type: Warning Category: 0

Event: 6001 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <Sens> failed a notification event.

 

Log: 'Application' Date/Time: 27/03/2015 11:55:55 PM

Type: Warning Category: 0

Event: 6001 Source: Microsoft-Windows-Winlogon

The winlogon notification subscriber <Sens> failed a notification event.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Information Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 28/03/2015 3:52:44 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Application Information service entered the running state.

 

Log: 'System' Date/Time: 28/03/2015 3:52:44 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The User Profile Service service entered the running state.

 

Log: 'System' Date/Time: 28/03/2015 3:52:30 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Remote Access Connection Manager service entered the running state.

 

Log: 'System' Date/Time: 28/03/2015 3:52:27 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Telephony service entered the running state.

 

Log: 'System' Date/Time: 28/03/2015 3:52:26 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Windows Search service entered the running state.

 

Log: 'System' Date/Time: 28/03/2015 3:52:22 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Windows Search service entered the running state.

 

Log: 'System' Date/Time: 28/03/2015 3:50:38 PM

Type: Information Category: 0

Event: 1 Source: Microsoft-Windows-Power-Troubleshooter

The system has resumed from sleep.  Sleep Time: 2015-03-28T14:24:55.641Z Wake Time: 2015-03-28T15:50:34.916Z  Wake Source: Unknown

 

Log: 'System' Date/Time: 28/03/2015 3:50:37 PM

Type: Information Category: 0

Event: 83 Source: yukonwlh

Port A is down 

 

Log: 'System' Date/Time: 28/03/2015 3:50:37 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Windows Image Acquisition (WIA) service entered the running state.

 

Log: 'System' Date/Time: 28/03/2015 3:50:37 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Windows Modules Installer service entered the stopped state.

 

Log: 'System' Date/Time: 28/03/2015 2:24:59 PM

Type: Information Category: 0

Event: 42 Source: Microsoft-Windows-Kernel-Power

The system is entering sleep.

 

Log: 'System' Date/Time: 28/03/2015 2:24:58 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Windows Image Acquisition (WIA) service entered the paused state.

 

Log: 'System' Date/Time: 28/03/2015 2:20:38 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Background Intelligent Transfer Service service entered the running state.

 

Log: 'System' Date/Time: 28/03/2015 2:20:36 PM

Type: Information Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

DCOM  started the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

 

Log: 'System' Date/Time: 28/03/2015 2:18:41 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Windows Modules Installer service entered the running state.

 

Log: 'System' Date/Time: 28/03/2015 2:17:28 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Google Update Service (gupdate) service entered the stopped state.

 

Log: 'System' Date/Time: 28/03/2015 2:17:28 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Google Update Service (gupdatem) service entered the stopped state.

 

Log: 'System' Date/Time: 28/03/2015 2:17:27 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Google Update Service (gupdate) service entered the running state.

 

Log: 'System' Date/Time: 28/03/2015 2:17:27 PM

Type: Information Category: 0

Event: 7036 Source: Service Control Manager

The Google Update Service (gupdatem) service entered the running state.

 

Log: 'System' Date/Time: 28/03/2015 2:17:27 PM

Type: Information Category: 0

Event: 10029 Source: Microsoft-Windows-DistributedCOM

DCOM  started the service gupdatem with arguments "/comsvc" in order to run the server: {9465B4B4-5216-4042-9A2C-754D3BCDC410}

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 28/03/2015 12:29:58 AM

Type: Warning Category: 0

Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN AutoConfig service has successfully stopped. 

 

Log: 'System' Date/Time: 28/03/2015 12:29:54 AM

Type: Warning Category: 0

Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig

WLAN Extensibility Module has stopped.  Module Path: C:\Windows\System32\IWMSSvc.dll 

[BrianDrab]

Thank you. Let's check your services.
 
Step#1 - Services Check
1. Please download Farbar Service Scanner to your desktop.
2. Make sure that ALL the options are checked:
3. Press "Scan".
4. It will create a log (FSS.txt) in the same directory the tool is run.
5. Please copy and paste the log to your reply.

[demozast]

Farbar Service Scanner Version: 17-01-2015

Ran by User (administrator) on 28-03-2015 at 11:32:49

Running from "C:\Users\User\Desktop"

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => File is digitally signed

C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed

C:\Windows\system32\dhcpcsvc.dll => File is digitally signed

C:\Windows\system32\Drivers\afd.sys => File is digitally signed

C:\Windows\system32\Drivers\tdx.sys => File is digitally signed

C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\system32\dnsrslvr.dll => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

[BrianDrab]

It doesn't appear that you checked all of the checkboxes before hitting Scan. Can you re-run?

 

[demozast]

Oops.  Lets see if this is better

 

 

 

Farbar Service Scanner Version: 17-01-2015

Ran by User (administrator) on 28-03-2015 at 11:52:05

Running from "C:\Users\User\Desktop"

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Policy: 

========================

 

 

Security Center:

============

 

 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

 

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => File is digitally signed

C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed

C:\Windows\system32\dhcpcsvc.dll => File is digitally signed

C:\Windows\system32\Drivers\afd.sys => File is digitally signed

C:\Windows\system32\Drivers\tdx.sys => File is digitally signed

C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\system32\dnsrslvr.dll => File is digitally signed

C:\Windows\system32\mpssvc.dll => File is digitally signed

C:\Windows\system32\bfe.dll => File is digitally signed

C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed

C:\Windows\system32\SDRSVC.dll => File is digitally signed

C:\Windows\system32\vssvc.exe => File is digitally signed

C:\Windows\system32\wscsvc.dll => File is digitally signed

C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\system32\wuaueng.dll => File is digitally signed

C:\Windows\system32\qmgr.dll => File is digitally signed

C:\Windows\system32\es.dll => File is digitally signed

C:\Windows\system32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\system32\ipnathlp.dll => File is digitally signed

C:\Windows\system32\iphlpsvc.dll => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

 

 

**** End of log ****

[BrianDrab]

Much better! Thanks. That's what I expected to see based on the error I saw previously.
 
wuauserv Service is not running.
 

Log: 'Application' Date/Time: 28/03/2015 2:21:15 PM
Type: Information Category: 0
Event: 1001 Source: Windows Error Reporting
Fault bucket 3302396490, type 1 Event Name: APPCRASH Response: None Cab Id: 0  Problem signature: P1: svchost.exe_wuauserv P2: 6.0.6001.18000 P3: 47918b89 P4: kernel32.dll P5: 6.0.6002.18704 P6: 5065ccb6 P7: c0000005 P8: 00071cf6 P9:  P10:   Attached files: C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WER4EF4.tmp.version.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WER4EF5.tmp.appcompat.txt C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WER4F92.tmp.hdmp C:\ProgramData\Microsoft\Windows\WER\ReportQueue\Report0991cfd7\WERCEC1.tmp.mdmp  These files may be available here: C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Report09f70892

 

Please perform the steps below.

Step#1 - Repair Services

• Please download the ESET services repair tool to your desktop.
• Right-click on the ServicesRepair.exe file and choose Run as administrator.
• If security notifications appear, click Allow and then click Yes when asked if you want to proceed.
• Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.
• A log named SvcRepair.log will be saved in the CCSupport\Logs folder the tool created on your desktop, please post the content in your next reply

Step#2 - Verify
1. Open up FarBar Service Scanner (FSS.exe) from your desktop.
2. Ensure all options are checked and click Scan.

 
3. It will create a log (FSS.txt) in the same directory the tool is run.
4. Please copy and paste the log to your reply.
 
Things For Your Next Post:
1. Contents of SvcRepair.log
2. Contents of FSS.txt

 

[demozast]

Log Opened: 2015-03-28 @ 12:20:19

12:20:19 - -----------------

12:20:19 - | Begin Logging |

12:20:19 - -----------------

12:20:19 - Fix started on a WIN_VISTA X86 computer

12:20:19 - Prep in progress.  Please Wait.

12:20:23 - Prep complete

12:20:23 - Repairing Services Now.  Please wait...

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Vista\BFE.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\SubLayer>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Provider>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\Persistent>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime\Filter>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy\BootTime>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters\Policy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BFE>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Vista\BITS.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Vista\iphlpsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Vista\MpsSvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Vista\SharedAccess.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Vista\WinDefend.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Vista\wscsvc.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

 

SetACL finished successfully.

INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.

INFORMATION: Input file for restore operation opened: '.\Vista\wuauserv.sddl'

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>

INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

 

SetACL finished successfully.

12:20:25 - Services Repair Complete.

12:20:30 - Reboot Initiated

 

 

 

Farbar Service Scanner Version: 17-01-2015

Ran by User (administrator) on 28-03-2015 at 12:24:16

Running from "C:\Users\User\Desktop"

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Policy: 

========================

 

 

Security Center:

============

 

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.

 

 

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

 

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy: 

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => File is digitally signed

C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed

C:\Windows\system32\dhcpcsvc.dll => File is digitally signed

C:\Windows\system32\Drivers\afd.sys => File is digitally signed

C:\Windows\system32\Drivers\tdx.sys => File is digitally signed

C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\system32\dnsrslvr.dll => File is digitally signed

C:\Windows\system32\mpssvc.dll => File is digitally signed

C:\Windows\system32\bfe.dll => File is digitally signed

C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed

C:\Windows\system32\SDRSVC.dll => File is digitally signed

C:\Windows\system32\vssvc.exe => File is digitally signed

C:\Windows\system32\wscsvc.dll => File is digitally signed

C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\system32\wuaueng.dll => File is digitally signed

C:\Windows\system32\qmgr.dll => File is digitally signed

C:\Windows\system32\es.dll => File is digitally signed

C:\Windows\system32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\system32\ipnathlp.dll => File is digitally signed

C:\Windows\system32\iphlpsvc.dll => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

 

 

**** End of log ****