Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow computer

adware spyware

  • This topic is locked This topic is locked

#1
cblock

cblock

    Member

  • Member
  • PipPip
  • 41 posts

Gah, I recently tried to download Word processor from a third party, and it just ended up giving me a bunch of programs I didn't ask for - Opera web browser, Norton anti, etc. 

 

I uninstalled everything, as far as I can tell, but I suspect there may be some other stuff that are lurking under the surface. My computer is running slightly slower. Wondering if anybody can help take a peek under the hood and make sure there isn't anything sketchy going on. I would really appreciate it. Thanks. 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
cblock

cblock

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Thanks a lot, I notice my computer takes at least twice as long to start up now. Not sure what's going on. Here is the FRST log, followed by the Addition log.
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Andy (administrator) on MEGATRON on 04-06-2015 08:17:14
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy (Available Profiles: Andy & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WksWP.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\WkDStore.exe
(Microsoft® Corporation) C:\Program Files (x86)\Microsoft Works\wkgdcach.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [RunDLLEntry_THXCfg] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\runonceex: [ContentMerger] => c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-17] (Google Inc.)
HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\...\Run: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Andy\AppData\Roaming\Microsoft\Crypto\RSA\cert_v79_0.tpl"
HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\...\Run: [AgentUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Andy\AppData\Roaming\Microsoft\Crypto\RSA\cert_v79_0.tpa"
HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3129560 2014-02-24] (Disc Soft Ltd)
HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\...\RunOnce: [Application Restart #2] => C:\Users\Andy\AppData\Local\Pokki\Engine\pokki.exe  --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-resources --disable-client-side-p (the data entry has 484 more characters).
HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\...\RunOnce: [CryptoUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Andy\AppData\Roaming\Microsoft\Crypto\RSA\cert_v79_0.tpl"
HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\...\RunOnce: [AgentUpdate] => C:\Windows\system32\regsvr32.exe /s "C:\Users\Andy\AppData\Roaming\Microsoft\Crypto\RSA\cert_v79_0.tpa"
HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\...\MountPoints2: {e53e8f36-0950-11e5-8abc-b8ac6f9d36f3} - I:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-19] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2015-03-06]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2010-06-16]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-05-24]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-05-24]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2013-09-01]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM -> {F194DCC1-81E2-4376-A2E8-7DEE19AB5E1E} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 -> {8CFB28CC-06BF-4CBF-97AA-6F325E8700B0} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2277838659-3731106266-1447913230-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2277838659-3731106266-1447913230-1000 -> {BE71D4E4-5D2F-488A-93FC-77D774BEA013} URL = 
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-06] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-06] (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-06] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-10-21] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-06] (Google Inc.)
Toolbar: HKU\S-1-5-21-2277838659-3731106266-1447913230-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-06] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2009-11-27] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR Profile: C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-10]
CHR Extension: (Google Drive) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-10]
CHR Extension: (YouTube) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-10]
CHR Extension: (Google Search) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-10]
CHR Extension: (Linksicle) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg [2013-11-17]
CHR Extension: (DefaultTab) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc [2013-11-10]
CHR Extension: (bomlabio) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ljidjdddaoiogpbmniipclcppkoembao [2013-11-10]
CHR Extension: (InternetHelper3.1) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim [2013-11-10]
CHR Extension: (Google Wallet) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-10]
CHR Extension: (Gmail) - C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-10]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-11] (Brother Industries Ltd.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-06-02] (Disc Soft Ltd)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-06] (Malwarebytes Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation                           )
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-04 08:17 - 2015-06-04 08:17 - 00016762 _____ C:\Users\Andy\Desktop\FRST.txt
2015-06-04 08:17 - 2015-06-04 08:17 - 00000000 ____D C:\FRST
2015-06-04 08:15 - 2015-06-04 08:15 - 02108928 _____ (Farbar) C:\Users\Andy\Desktop\FRST64.exe
2015-06-02 21:47 - 2015-06-04 08:09 - 00003754 _____ C:\Windows\System32\Tasks\AutoKMS
2015-06-02 21:47 - 2015-06-02 22:10 - 00000000 ____D C:\Windows\AutoKMS
2015-06-02 21:47 - 2015-06-02 21:47 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-06-02 21:43 - 2015-06-02 22:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-02 21:43 - 2015-06-02 21:43 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-06-02 21:43 - 2015-06-02 21:43 - 00000000 ____D C:\Users\Andy\AppData\Local\Microsoft Help
2015-06-02 21:36 - 2015-06-02 22:28 - 00000000 ____D C:\ProgramData\Norton
2015-06-02 21:32 - 2015-06-02 21:32 - 00000000 ____D C:\Users\Andy\AppData\Roaming\Opera Software
2015-06-02 21:32 - 2015-06-02 21:32 - 00000000 ____D C:\Users\Andy\AppData\Local\Opera Software
2015-06-02 21:31 - 2015-06-02 21:31 - 00001938 _____ C:\Users\Public\Desktop\DAEMON Tools Pro.lnk
2015-06-02 21:31 - 2015-06-02 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro
2015-06-02 21:30 - 2015-06-02 22:20 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-02 21:30 - 2015-06-02 21:41 - 00000000 ____D C:\Users\Andy\AppData\Roaming\DAEMON Tools Pro
2015-06-02 21:30 - 2015-06-02 21:41 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2015-06-02 21:30 - 2015-06-02 21:30 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2015-06-02 21:30 - 2015-06-02 21:30 - 00000000 ____D C:\Users\Andy\AppData\Roaming\OpenCandy
2015-06-02 21:30 - 2015-06-02 21:30 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2015-06-02 21:27 - 2015-06-02 21:28 - 00000000 ____D C:\Users\Andy\Desktop\Microsoft Office
2015-06-02 21:25 - 2015-06-02 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-06-02 21:25 - 2015-06-02 21:25 - 00000000 ____D C:\Program Files\7-Zip
2015-06-02 21:23 - 2015-06-02 21:24 - 01513472 _____ C:\Users\Andy\Downloads\7z938-x64.msi
2015-06-01 09:25 - 2015-06-01 09:25 - 00000000 ____D C:\Users\Andy\AppData\Local\GWX
2015-05-13 03:01 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:01 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 23:55 - 2015-05-04 18:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 23:55 - 2015-05-04 18:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 23:55 - 2015-04-21 19:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-12 23:55 - 2015-04-21 18:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-12 23:55 - 2015-04-21 10:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 23:55 - 2015-04-21 10:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 23:55 - 2015-04-21 10:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-12 23:55 - 2015-04-21 09:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-12 23:55 - 2015-04-21 09:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 23:55 - 2015-04-21 09:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 23:55 - 2015-04-21 09:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-12 23:55 - 2015-04-21 09:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 23:55 - 2015-04-21 09:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-12 23:55 - 2015-04-21 09:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 23:55 - 2015-04-21 09:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-12 23:55 - 2015-04-21 09:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 23:55 - 2015-04-21 09:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 23:55 - 2015-04-21 09:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 23:55 - 2015-04-21 09:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-12 23:55 - 2015-04-21 09:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-12 23:55 - 2015-04-21 09:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 23:55 - 2015-04-21 09:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-12 23:55 - 2015-04-21 09:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-12 23:55 - 2015-04-21 09:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-12 23:55 - 2015-04-21 09:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 23:55 - 2015-04-21 09:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-12 23:55 - 2015-04-21 09:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-12 23:55 - 2015-04-21 09:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-12 23:55 - 2015-04-21 09:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-12 23:55 - 2015-04-21 09:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-12 23:55 - 2015-04-21 09:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-12 23:55 - 2015-04-21 09:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 23:55 - 2015-04-21 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-12 23:55 - 2015-04-21 09:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 23:55 - 2015-04-21 09:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-12 23:55 - 2015-04-21 09:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-12 23:55 - 2015-04-21 09:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-12 23:55 - 2015-04-21 09:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-12 23:55 - 2015-04-21 08:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-12 23:55 - 2015-04-21 08:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-12 23:55 - 2015-04-21 08:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-12 23:55 - 2015-04-21 08:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 23:55 - 2015-04-21 08:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-12 23:55 - 2015-04-21 08:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-12 23:55 - 2015-04-21 08:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-12 23:55 - 2015-04-21 08:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 23:55 - 2015-04-21 08:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-12 23:55 - 2015-04-21 08:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 23:55 - 2015-04-21 08:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-12 23:55 - 2015-04-21 08:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-12 23:55 - 2015-04-21 08:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-12 23:55 - 2015-04-21 08:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-12 23:55 - 2015-04-21 08:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 23:55 - 2015-04-21 08:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-12 23:55 - 2015-04-21 08:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-12 23:55 - 2015-04-21 08:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-12 23:55 - 2015-04-21 08:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-12 23:55 - 2015-04-21 08:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 23:55 - 2015-04-21 08:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-12 23:55 - 2015-04-21 08:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-12 23:55 - 2015-04-21 07:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-12 23:55 - 2015-04-21 07:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-12 23:55 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 23:55 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 23:54 - 2015-04-27 12:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 23:54 - 2015-04-27 12:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 23:54 - 2015-04-27 12:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 23:54 - 2015-04-27 12:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 23:54 - 2015-04-27 12:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 23:54 - 2015-04-27 12:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 23:54 - 2015-04-27 12:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 23:54 - 2015-04-27 12:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 23:54 - 2015-04-27 12:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 23:54 - 2015-04-27 12:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 23:54 - 2015-04-27 12:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 23:54 - 2015-04-27 12:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 23:54 - 2015-04-27 12:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 23:54 - 2015-04-27 12:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 23:54 - 2015-04-27 12:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 23:54 - 2015-04-27 12:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 23:54 - 2015-04-27 12:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 12:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 23:54 - 2015-04-27 12:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 23:54 - 2015-04-27 12:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 23:54 - 2015-04-27 12:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 23:54 - 2015-04-27 12:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 23:54 - 2015-04-27 12:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 23:54 - 2015-04-27 12:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 23:54 - 2015-04-27 12:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 23:54 - 2015-04-27 12:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 23:54 - 2015-04-27 12:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 23:54 - 2015-04-27 12:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 23:54 - 2015-04-27 12:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 23:54 - 2015-04-27 12:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 23:54 - 2015-04-27 12:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 23:54 - 2015-04-27 12:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 23:54 - 2015-04-27 12:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 23:54 - 2015-04-27 12:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 23:54 - 2015-04-27 12:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 23:54 - 2015-04-27 12:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 23:54 - 2015-04-27 12:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 23:54 - 2015-04-27 12:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 23:54 - 2015-04-27 12:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 23:54 - 2015-04-27 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 23:54 - 2015-04-27 12:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 23:54 - 2015-04-27 12:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 23:54 - 2015-04-27 12:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 23:54 - 2015-04-27 12:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 23:54 - 2015-04-27 12:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 11:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 23:54 - 2015-04-27 10:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 23:54 - 2015-04-27 10:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 23:54 - 2015-04-27 10:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 23:54 - 2015-04-27 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 23:54 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 23:54 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 23:54 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 23:54 - 2015-04-19 19:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 23:54 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 23:53 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 23:53 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 23:53 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 23:53 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 23:53 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 23:53 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 23:53 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 23:53 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 23:53 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 23:53 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 23:53 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 23:53 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 23:53 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 23:53 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-08 00:46 - 2015-05-12 03:25 - 00041472 _____ C:\Users\Andy\Documents\c1questions2.wps
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-04 08:17 - 2013-07-17 21:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-04 08:16 - 2009-07-13 21:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-04 08:16 - 2009-07-13 21:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-04 08:13 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-04 08:12 - 2009-07-13 22:10 - 01209960 _____ C:\Windows\WindowsUpdate.log
2015-06-04 08:11 - 2013-01-28 12:21 - 00028132 _____ C:\Users\Andy\AppData\Roaming\wklnhst.dat
2015-06-04 08:11 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-06-04 08:10 - 2013-07-17 21:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-04 08:09 - 2010-06-16 17:18 - 00000000 ____D C:\Users\Andy\AppData\Local\SoftThinks
2015-06-04 08:09 - 2010-05-24 20:26 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-06-04 08:09 - 2010-05-24 20:26 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-06-04 08:09 - 2010-05-24 20:05 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-06-04 08:08 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-04 08:08 - 2009-07-13 21:51 - 00085745 _____ C:\Windows\setupact.log
2015-06-03 13:28 - 2013-01-22 00:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-03 05:56 - 2010-06-16 17:18 - 00127752 _____ C:\Users\Andy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-02 23:46 - 2009-07-13 21:45 - 00486200 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-02 22:51 - 2010-05-24 20:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-06-02 22:50 - 2009-07-14 00:45 - 00000000 ____D C:\Windows\ShellNew
2015-06-02 22:50 - 2009-07-13 19:34 - 00000387 _____ C:\Windows\win.ini
2015-06-02 22:49 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-06-02 22:28 - 2010-05-24 21:53 - 00687550 _____ C:\Windows\PFRO.log
2015-05-31 06:06 - 2014-09-24 02:37 - 00322048 _____ C:\Users\Andy\Desktop\tribulations3.wps
2015-05-29 19:06 - 2014-07-12 05:48 - 00221184 _____ C:\Users\Andy\Desktop\writersblock.wps
2015-05-25 18:18 - 2013-07-17 21:11 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-19 17:20 - 2009-07-13 22:08 - 00032540 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-19 13:26 - 2015-04-05 01:30 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-19 13:26 - 2015-04-05 01:30 - 00000000 ___SD C:\Windows\system32\GWX
2015-05-15 22:12 - 2013-07-17 21:11 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 22:12 - 2013-07-17 21:11 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-13 16:56 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-05-13 03:21 - 2014-02-18 14:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-13 03:21 - 2014-02-18 14:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 03:20 - 2009-07-14 00:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 03:20 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 03:01 - 2014-02-18 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-06 22:32 - 2015-04-20 18:28 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-06 12:06 - 2014-09-11 10:02 - 00140800 _____ C:\Users\Andy\Desktop\c6b.wps
 
==================== Files in the root of some directories =======
 
2013-01-28 12:21 - 2015-06-04 08:11 - 0028132 _____ () C:\Users\Andy\AppData\Roaming\wklnhst.dat
2013-04-20 00:27 - 2013-04-20 00:28 - 0000084 _____ () C:\Users\Andy\AppData\Local\DVDPATH.TXT
 
Some files in TEMP:
====================
C:\Users\Andy\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-03 11:15
 
==================== End of log ============================
 
 
Here is the Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Andy at 2015-06-04 08:17:52
Running from C:\Users\Andy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2277838659-3731106266-1447913230-500 - Administrator - Disabled)
Andy (S-1-5-21-2277838659-3731106266-1447913230-1000 - Administrator - Enabled) => C:\Users\Andy
Guest (S-1-5-21-2277838659-3731106266-1447913230-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2277838659-3731106266-1447913230-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
BitTorrent (HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\...\BitTorrent) (Version: 7.9.0.30621 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
Free YouTube To MP3 Converter 4.4.1 (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.4.1 - cyan soft ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.38 - mIRC Co. Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5953 - Realtek Semiconductor Corp.)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4036 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Stamps.com (HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 10.1.1.2456 - Stamps.com, Inc.) Hidden
Tenorshare iPhone Data Recovery  (HKLM-x32\...\Tenorshare iPhone Data Recovery) (Version:  - Tenorshare, Inc.)
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
TP-LINK TL-WN725N_TL-WN723N Driver (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Wondershare Dr.Fone for iOS(Build 5.4.0.15) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 5.4.0.15 - Wondershare Software Co.,Ltd.)
XChat 2 (remove only) (HKLM-x32\...\xchat) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
19-05-2015 12:19:27 Windows Update
19-05-2015 13:26:16 Windows Update
26-05-2015 13:50:54 Windows Update
29-05-2015 16:31:00 Windows Update
02-06-2015 13:01:56 Windows Update
02-06-2015 21:25:22 Installed 7-Zip 9.38 (x64 edition)
02-06-2015 21:30:54 Device Driver Package Install: DT Soft Ltd System devices
02-06-2015 21:41:35 Installed Microsoft Office Professional Plus 2013
02-06-2015 21:41:49 PROPLUS
02-06-2015 22:22:11 Configured Microsoft Office Professional Plus 2013
02-06-2015 22:22:28 PROPLUS
02-06-2015 22:45:17 Removed Microsoft Office Professional Plus 2013
02-06-2015 22:45:31 PROPLUS
02-06-2015 22:48:54 Removed Microsoft Office Professional Plus 2013
02-06-2015 22:49:04 PROPLUS
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2015-04-18 21:59 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0471A17E-892B-42C0-8619-A00D3638B306} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {06EC9562-2F26-449E-A2DB-A326463163D9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {2B07C1A3-577F-40EB-8B2B-D09B79BC5E82} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {4A7BB327-426B-4387-ABAD-8BF4E305BFA7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {4E74DABE-3BAF-4516-8AEA-656664DE9277} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-21] (Adobe Systems Incorporated)
Task: {61712E48-2C55-48DD-89E6-AD5999585D5E} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-20] (Microsoft Corporation)
Task: {6CF9FD98-610A-4621-96E6-4B88B2EF81CE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {AA1A141A-DBE8-40F9-99F9-7DC7165AC56C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {AC4B7C85-004B-4ACF-A0AA-2274F7F6412C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {BC5CA8C2-E651-4F62-B82E-BCAF2E984782} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-06-02] ()
Task: {E98AC814-F896-4224-835B-5EC8A4BFD1E6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EB1237D4-6F11-4BD5-9C91-B796C113E5AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-11-27 20:49 - 2015-05-24 18:36 - 00247808 ___SH () C:\Users\Andy\AppData\Roaming\Microsoft\Crypto\RSA\cert_v79_0.tpa
2015-03-06 05:26 - 2013-01-10 20:09 - 00848384 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
2015-05-13 04:00 - 2015-05-13 04:00 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\7288415f45f0876d713347143fcafb96\VistaBridgeLibrary.ni.dll
2010-05-24 20:05 - 2011-08-18 09:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2009-11-13 14:15 - 2009-11-13 14:15 - 01807600 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-05-24 20:01 - 2009-10-02 11:18 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-03-06 05:27 - 2013-01-10 19:32 - 01411072 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll
2015-03-06 05:26 - 2013-01-10 20:16 - 00193024 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll
2015-03-06 05:26 - 2013-01-07 17:03 - 00297472 _____ () C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\WJRtl.dll
2009-11-13 14:15 - 2009-11-13 14:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-11-13 14:15 - 2009-11-13 14:15 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 14:15 - 2009-11-13 14:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 14:15 - 2009-11-13 14:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 14:15 - 2009-11-13 14:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2015-05-25 18:18 - 2015-05-22 13:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 18:18 - 2015-05-22 13:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{9925F97A-4284-4816-9210-78F91DBBC017}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{D0B54DA4-648E-41BF-B4C7-80D864A58397}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{CD0160DA-5462-441D-A3E8-5DECB5ADDCD3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{8D342BD0-1CE3-42E0-A1DB-E9AA7C09D842}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{2E8B3841-622E-4B07-81A5-33C8E7F906CE}] => (Allow) svchost.exe
FirewallRules: [{E7027D27-FE2F-4086-A5D9-279A0FF68422}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E7D7CBD6-3876-4C25-A829-1447FB22EB78}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{90DBDB65-0E1F-40F4-B198-09D69FE0843A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{820B588A-D5B4-4A6B-B7AB-CC37722E8D09}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{F148A21F-6154-4260-98C8-D39700CC5542}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{956ACC85-13EE-4F1E-8300-4EF15CCD4379}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CA5373CB-7126-4F5D-9E0F-CD11444204ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F26D6955-8BD8-4A98-A900-8DAF21CB1F49}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{09D97844-E908-45E4-A9FD-EAA07D2B4BF2}] => (Allow) C:\Users\Andy\Downloads\BitTorrent.exe
FirewallRules: [{E7514FDF-E2A3-49AA-A619-88E107077A27}] => (Allow) C:\Users\Andy\Downloads\BitTorrent.exe
FirewallRules: [{6F86920D-05BF-4214-9048-1BBB5C095775}] => (Allow) C:\Users\Andy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6B5BA20C-A89A-4E57-9979-4BCA31A290FC}] => (Allow) C:\Users\Andy\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2048083B-6E87-4479-996C-9291DCA18D63}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{F5FDED35-8C91-43CD-AD96-8EEA9A9E4EBD}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{5B6DFFD8-0788-4033-A83E-374EB8DD9969}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{D6B06A34-A345-4AEF-8BB8-A7A86D582A50}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe
FirewallRules: [UDP Query User{159AF51A-4E36-4EAA-AB8B-E9450BA56FCB}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe
FirewallRules: [{E8E061E1-6B9F-4113-ADCC-616F9E47B4C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\xchat\xchat.exe] => Enabled:XChat IRC Client
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/03/2015 11:16:15 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/02/2015 10:43:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4420.1017, time stamp: 0x5067349a
Faulting module name: nvwgf2um.dll, version: 8.15.11.8634, time stamp: 0x4a54f2a4
Exception code: 0xc0000005
Fault offset: 0x00060b98
Faulting process id: 0x410
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3
 
Error: (06/02/2015 10:22:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (06/02/2015 10:22:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (06/02/2015 10:22:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (06/02/2015 10:22:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.
 
System Error:
The system cannot find the file specified.
.
 
Error: (06/02/2015 10:19:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4420.1017, time stamp: 0x5067349a
Faulting module name: nvwgf2um.dll, version: 8.15.11.8634, time stamp: 0x4a54f2a4
Exception code: 0xc0000005
Fault offset: 0x00045db4
Faulting process id: 0x16b0
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3
 
Error: (06/02/2015 10:18:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4420.1017, time stamp: 0x5067349a
Faulting module name: nvwgf2um.dll, version: 8.15.11.8634, time stamp: 0x4a54f2a4
Exception code: 0xc0000005
Fault offset: 0x00045db4
Faulting process id: 0x4b0
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3
 
Error: (06/02/2015 10:16:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4420.1017, time stamp: 0x5067349a
Faulting module name: nvwgf2um.dll, version: 8.15.11.8634, time stamp: 0x4a54f2a4
Exception code: 0xc0000005
Fault offset: 0x00045db4
Faulting process id: 0x19c8
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3
 
Error: (06/02/2015 10:11:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WINWORD.EXE, version: 15.0.4420.1017, time stamp: 0x5067349a
Faulting module name: nvwgf2um.dll, version: 8.15.11.8634, time stamp: 0x4a54f2a4
Exception code: 0xc0000005
Fault offset: 0x00060b98
Faulting process id: 0x15d0
Faulting application start time: 0xWINWORD.EXE0
Faulting application path: WINWORD.EXE1
Faulting module path: WINWORD.EXE2
Report Id: WINWORD.EXE3
 
 
System errors:
=============
Error: (06/04/2015 08:10:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (06/04/2015 08:08:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RxFilter
 
Error: (06/04/2015 08:08:20 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (06/03/2015 09:38:33 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (06/03/2015 09:37:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RxFilter
 
Error: (06/03/2015 09:37:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (06/03/2015 01:09:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (06/03/2015 01:03:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
RxFilter
 
Error: (06/03/2015 01:03:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (06/03/2015 05:56:51 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
 
Microsoft Office:
=========================
Error: (06/03/2015 11:16:15 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.ExeC:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL8
 
Error: (06/02/2015 10:43:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE15.0.4420.10175067349anvwgf2um.dll8.15.11.86344a54f2a4c000000500060b9841001d09dc01c86f4d6C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXEC:\Windows\system32\nvwgf2um.dll7cc7fbd4-09b3-11e5-9642-b8ac6f9d36f3
 
Error: (06/02/2015 10:22:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.
 
System Error:
The system cannot find the file specified.
 
Error: (06/02/2015 10:22:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.
 
System Error:
The system cannot find the file specified.
 
Error: (06/02/2015 10:22:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Network Security WFP Driver.
 
System Error:
The system cannot find the file specified.
 
Error: (06/02/2015 10:22:17 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Symantec Iron Driver.
 
System Error:
The system cannot find the file specified.
 
Error: (06/02/2015 10:19:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE15.0.4420.10175067349anvwgf2um.dll8.15.11.86344a54f2a4c000000500045db416b001d09dbcd69ae5fdC:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXEC:\Windows\system32\nvwgf2um.dll27ab7c7f-09b0-11e5-8df1-b8ac6f9d36f3
 
Error: (06/02/2015 10:18:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE15.0.4420.10175067349anvwgf2um.dll8.15.11.86344a54f2a4c000000500045db44b001d09dbc8a512d29C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXEC:\Windows\system32\nvwgf2um.dll07f86d2d-09b0-11e5-8df1-b8ac6f9d36f3
 
Error: (06/02/2015 10:16:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE15.0.4420.10175067349anvwgf2um.dll8.15.11.86344a54f2a4c000000500045db419c801d09dbbf9f3784bC:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXEC:\Windows\system32\nvwgf2um.dllb3f4029b-09af-11e5-8df1-b8ac6f9d36f3
 
Error: (06/02/2015 10:11:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WINWORD.EXE15.0.4420.10175067349anvwgf2um.dll8.15.11.86344a54f2a4c000000500060b9815d001d09dbbbde2bbdfC:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXEC:\Windows\system32\nvwgf2um.dll0802994f-09af-11e5-8df1-b8ac6f9d36f3
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 25%
Total physical RAM: 8151.08 MB
Available physical RAM: 6076.49 MB
Total Pagefile: 16300.36 MB
Available Pagefile: 13931.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:921.57 GB) (Free:790.5 GB) NTFS
Drive i: (Microsoft Office) (CDROM) (Total:0.69 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 8A427EA7)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=921.6 GB) - (Type=07 NTFS)
 
==================== End of log ============================

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

I don't see an anti Virus installed, all I see is windows defender. I suggest you install an anti Virus program such as Microsoft Security Essentials for now from Here. You can change it later if you like, but we need to get one installed NOW!

Not seeing much in log,

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-2277838659-3731106266-1447913230-1000 -> {BE71D4E4-5D2F-488A-93FC-77D774BEA013} URL = 
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
C:\ProgramData\Norton
C:\Program Files (x86)\Opera
C:\Users\Andy\AppData\Roaming\OpenCandy
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
hosts:
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.
    In your next reply post;
    • Fixlog.txt
    • The AdwCleaner [SO].txt Log
    • The JRT.txt Log
    Thanks

  • 0

#5
cblock

cblock

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Thanks. The ADW link did not send me to a downloads page. It took me to a weird log in page. 

 

Here is the Fixlog.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Andy at 2015-06-04 21:49:38 Run:1
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy (Available Profiles: Andy & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKU\S-1-5-21-2277838659-3731106266-1447913230-1000 -> {BE71D4E4-5D2F-488A-93FC-77D774BEA013} URL = 
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
C:\ProgramData\Norton
C:\Program Files (x86)\Opera
C:\Users\Andy\AppData\Roaming\OpenCandy
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
"HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE71D4E4-5D2F-488A-93FC-77D774BEA013}" => key removed successfully
HKCR\CLSID\{BE71D4E4-5D2F-488A-93FC-77D774BEA013} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
C:\ProgramData\Norton => moved successfully.
C:\Program Files (x86)\Opera => moved successfully.
C:\Users\Andy\AppData\Roaming\OpenCandy => moved successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 792.7 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 21:50:16 ====

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

Try the adwCleaner link again, I don't have an issue with it... Here's the actual link --> https://toolslib.net...d/1-adwcleaner/

Run JRT too.
  • 0

#7
cblock

cblock

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Thanks! Here are the ADW and JRT logs respectively. Not sure why the first ADW link doesn't show up for me. 
 
ADW log
 
# AdwCleaner v4.206 - Logfile created 06/06/2015 at 15:25:04
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Andy - MEGATRON
# Running from : C:\Users\Andy\Desktop\adwcleaner_4.206.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
 
-\\ Google Chrome v43.0.2357.81
 
 
-\\ Opera v0.0.0.0
 
 
*************************
 
AdwCleaner[R0].txt - [1107 bytes] - [06/06/2015 15:21:30]
AdwCleaner[S0].txt - [811 bytes] - [06/06/2015 15:25:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [869  bytes] ##########
 
 
JRT log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.9 (06.06.2015:1)
OS: Windows 7 Home Premium x64
Ran by Andy on Sat 06/06/2015 at 15:35:41.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-66EEE4D2.pf
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
 
[C:\Users\Andy\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Andy\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Andy\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Andy\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/06/2015 at 15:37:51.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

You have Malwarebytes installed can you run a scan and post the log for me.
To get the log, open Malwarebytes once more and click;
History > Application logs > select the most recent scan log > Export > Txt file and post the resulting file to your next post.
  • 0

#9
cblock

cblock

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Thanks! It quarantined a couple files, and I also recommended I delete three Trojans. There was one file that was potentially unwanted. I didn't know what to do with it so I just ignored it. It was a file that was called ConduitTK or something. 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/8/2015
Scan Time: 5:48:09 AM
Logfile: malware.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.08.02
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Andy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 454605
Time Elapsed: 30 min, 12 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\nmhostct3289663, No Action By User, [4ef4a711fa901125351185002dd8fe02], 
 
Registry Values: 2
Trojan.Ransom.CryptoWall, HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|CryptoUpdate, C:\Windows\system32\regsvr32.exe /s "C:\Users\Andy\AppData\Roaming\Microsoft\Crypto\RSA\cert_v79_0.tpl", Quarantined, [b78b4672d5b53501cfd9e69ad2331ee2]
Trojan.Ransom.CryptoWall, HKU\S-1-5-21-2277838659-3731106266-1447913230-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|CryptoUpdate, C:\Windows\system32\regsvr32.exe /s "C:\Users\Andy\AppData\Roaming\Microsoft\Crypto\RSA\cert_v79_0.tpl", Quarantined, [b78b4672d5b53501cfd9e69ad2331ee2]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Ransom.CryptoWall, C:\Users\Andy\AppData\Roaming\Microsoft\Crypto\RSA\cert_v79_0.tpl, Delete-on-Reboot, [b78b4672d5b53501cfd9e69ad2331ee2], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
OK,

The conduit file could have been deleted. Lets run 1 more scan and we can get the file then. This scan could take a while and it may find items we already have addressed.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Next

Download Security Check by screen317 from Here or Here
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Please post the Eset scan results log and the checkup.txt log..

Thanks
Joe :)
  • 0

Advertisements


#11
cblock

cblock

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Thanks! Here's the ESET log. And I'll post the SecurityCheck in a minute.

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ljidjdddaoiogpbmniipclcppkoembao\1.0.0_0\background.js Win32/BrowseFox.B potentially unwanted application
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ljidjdddaoiogpbmniipclcppkoembao\1.0.0_0\content.js Win32/BrowseFox.B potentially unwanted application
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.5_0\plugins\TBVerifier.dll Win32/Toolbar.Conduit.AC potentially unwanted application
C:\Users\Andy\Desktop\cbsidlm-cbsi5_3_0_96-Free_YouTube_to_MP3_Converter-SEO-10965643.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Andy\Desktop\Microsoft Office\office_2013-win8.zip Win32/DownWare.L potentially unwanted application
C:\Users\Andy\Desktop\Microsoft Office\office_2013-win8\Microsoft Office 2013 Professional Plus Windows 8\DAEMONToolsPro550-0388.exe Win32/DownWare.L potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.30_0\plugins\npDefaultTabSearch.dll a variant of Win32/Toolbar.DefaultTab.C potentially unwanted application

  • 0

#12
cblock

cblock

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

And here's the Security Check log

 

 Results of screen317's Security Check version 1.003  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 17.0.0.169  
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 

  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
Hello,

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.

start
CloseProcesses:
CreateRestorePoint:
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.5_0\plugins\TBVerifier.dll Win32/Toolbar.
C:\Users\Andy\AppData\Local\Pokki
Emptytemp:
Click Format and ensure Wordwrap is unchecked.
Save as Fixlist.txt to your Desktop (Must be in this location)
Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


Post the fix log,
That should do it. How is the computer?

Thanks
Joe
  • 0

#14
cblock

cblock

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Thanks! Everything seems to be running much smoother! No lags on startup as well.
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Andy at 2015-06-10 14:30:31 Run:2
Running from C:\Users\Andy\Desktop
Loaded Profiles: Andy (Available Profiles: Andy & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.5_0\plugins\TBVerifier.dll Win32/Toolbar.
C:\Users\Andy\AppData\Local\Pokki
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.5_0\plugins\ConduitChromeApiPlugin.dll => moved successfully.
"C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemfjadlboooiffmcelkafilagddogim\10.19.2.5_0\plugins\TBVerifier.dll Win32/Toolbar." => File/Folder not found.
"C:\Users\Andy\AppData\Local\Pokki" => File/Folder not found.
EmptyTemp: => 646.4 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 14:31:10 ====

  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,792 posts
OK.

Lets remove tools we used by following the following exercise and we will close the topic.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0






Similar Topics


Also tagged with one or more of these keywords: adware, spyware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP