Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

very slow working computer espcially on the internet [Closed]


  • This topic is locked This topic is locked

#1
bibble

bibble

    Member

  • Member
  • PipPip
  • 24 posts

Hi,

can I have some help pleas. I'm finding my laptop is running slow and Is hanging a lot, especially when using the internet. WHen I open task manager I see that the system program is using 99% of disk a lot which I think is slowing the computer.

I pasted the two logs below

thanks for your help

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by bibblebucket1 (administrator) on BIBBLEBUCKET on 16-07-2015 11:49:57
Running from C:\Users\bibblebucket1\Desktop
Loaded Profiles: bibblebucket1 (Available Profiles: bibblebucket1 & fbwuser & fbwuser0B88 & fbwuser5406 & fbwuser82D0 & fbwuserC806 & fbwuser124E & fbwuserF244)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\n360.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
() C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
() C:\Users\bibblebucket1\AppData\Roaming\Settings Manager\SettingsManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Dropbox, Inc.) C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(BitTorrent Inc.) C:\Users\bibblebucket1\AppData\Roaming\BitTorrent\BitTorrent.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
Failed to access process -> iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3940040 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-04-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2013-09-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12118840 2015-03-28] (Microsoft Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKLM-x32\...\RunOnce: [Polono] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\BIBBLE~1\AppData\Local\552A60~1\Senapihu.dat"
HKLM-x32\...\RunOnce: [Rufoco] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\BIBBLE~1\AppData\Local\621BF1~1\Netup.dat"
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [Clip2Net] => C:\Program Files (x86)\Clip2Net\clip2net.exe [1887744 2012-12-12] ()
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe [1043968 2014-10-10] ()
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [Settings Manager] => C:\Users\bibblebucket1\AppData\Roaming\Settings Manager\SettingsManager.EXE [897520 2015-05-22] ()
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [Dropbox Update] => C:\Users\bibblebucket1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\MountPoints2: {df61b3b8-0f2a-11e3-be8d-50b7c357ec82} - "E:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Ribbons.scr [132608 2014-10-29] (Microsoft Corporation)
AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [220992 2014-06-26] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-07-15]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-07-15]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\bibblebucket1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\bibblebucket1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-04-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Vosteran.com/...r=1627451199=
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://astromenda.co...cr=134114094=
SearchScopes: HKLM-x32 -> DefaultScope {3510A9C9-89BD-4CA3-AD0B-170752148322} URL =
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> DefaultScope {B61B11C7-4BFF-43C4-8A1E-B8F2948AA5C3} URL = https://uk.search.ya...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Vosteran.com/...r=1627451199=
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://rocket-find.c...cr=173684390=
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {3510A9C9-89BD-4CA3-AD0B-170752148322} URL = http://astromenda.co...cr=825971628=
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.condui...0502360717&UM=1
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {B61B11C7-4BFF-43C4-8A1E-B8F2948AA5C3} URL = https://uk.search.ya...&p={searchTerms}
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://astromenda.co...cr=134114094=
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {EF878356-A90F-4751-9908-9086B52C0B5C} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-03-03] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-14] (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-12] (Microsoft Corporation)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: No Name -> {074C1DC5-9320-4A9A-947D-C042949C6216} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {c95a4e8e-816d-4655-8c79-d736da1adb6d} ->  No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-12] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{152FD92D-6987-4A1F-8044-509E0CC6AD51}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{58FE4501-52FE-47DF-B17F-2375240D7896}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{5D5A3753-FE3D-4867-94BA-9A7CE4E7645C}: [DhcpNameServer] 8.8.8.8
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2011-01-28] ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-28] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-515815168-1746495529-2309485121-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\bibblebucket1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-10-03] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-28] ()
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-07-15]

Chrome:
=======
CHR Profile: C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-23]
CHR Extension: (Google Drive) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-23]
CHR Extension: (YouTube) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-23]
CHR Extension: (Google Search) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-23]
CHR Extension: (Rocket New Tab) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom [2014-07-03]
CHR Extension: (Norton Identity Safe) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Norton Security Toolbar) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-07-05]
CHR Extension: (Google Wallet) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Vosteran New Tab) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-03-18]
CHR Extension: (Astromenda New Tab) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2015-03-18]
CHR Extension: (Gmail) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-23]
CHR HKLM\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-21]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.goo...ice/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2013-09-28] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [1169704 2015-03-30] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [96688 2015-03-30] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [589608 2015-03-30] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246464 2015-06-12] (Synaptics Incorporated)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-06-06] (Symantec Corporation)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-13] (Symantec Corporation)
S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141212.002\IDSvia64.sys [637656 2014-12-12] (Symantec Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140731.025\ENG64.SYS [126040 2014-07-05] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140731.025\EX64.SYS [2099288 2014-07-05] (Symantec Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\N360x64\1507000.00B\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-03] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 11:49 - 2015-07-16 11:52 - 00036262 _____ C:\Users\bibblebucket1\Desktop\FRST.txt
2015-07-16 11:48 - 2015-07-16 11:48 - 02133504 _____ (Farbar) C:\Users\bibblebucket1\Desktop\FRST64.exe
2015-07-16 11:44 - 2015-07-16 11:50 - 00000000 ____D C:\FRST
2015-07-15 18:09 - 2015-07-15 18:09 - 00002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-07-15 18:09 - 2015-07-15 18:09 - 00002289 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-07-15 18:09 - 2015-07-15 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-07-15 18:08 - 2015-07-15 18:11 - 00000000 ____D C:\Users\bibblebucket1\AppData\Local\WinZip
2015-07-15 18:06 - 2015-07-15 18:08 - 00000000 ____D C:\Program Files\WinZip
2015-07-15 16:36 - 2015-07-15 16:36 - 00000000 ___RD C:\Users\bibblebucket1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-14 14:35 - 2015-07-14 14:35 - 00001015 _____ C:\Users\bibblebucket1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\under the dome s1.lnk
2015-07-13 05:51 - 2015-07-13 05:52 - 00281216 _____ C:\WINDOWS\Minidump\071315-138625-01.dmp
2015-07-12 19:07 - 2015-07-12 19:08 - 00000000 ____D C:\Users\bibblebucket1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-07 22:44 - 2015-07-07 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-07-07 22:44 - 2015-07-07 22:48 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-07-07 22:32 - 2015-07-15 16:28 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-06 05:54 - 2015-07-06 05:56 - 00281160 _____ C:\WINDOWS\Minidump\070615-94906-01.dmp
2015-07-01 10:51 - 2015-07-01 10:52 - 00281160 _____ C:\WINDOWS\Minidump\070115-88718-01.dmp
2015-06-29 19:05 - 2015-06-29 19:05 - 00002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-24 21:34 - 2015-06-24 21:50 - 00014887 ____H C:\Users\bibblebucket1\Desktop\~WRL0301.tmp
2015-06-19 07:18 - 2015-06-19 07:18 - 00000000 ____D C:\Users\bibblebucket1\AppData\Local\GWX
2015-06-18 22:23 - 2015-06-18 22:24 - 00281160 _____ C:\WINDOWS\Minidump\061815-113671-01.dmp
2015-06-18 07:45 - 2015-07-16 11:50 - 00000976 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001UA.job
2015-06-18 07:45 - 2015-07-16 07:51 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001Core.job
2015-06-18 07:45 - 2015-06-18 07:45 - 00003938 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001UA
2015-06-18 07:45 - 2015-06-18 07:45 - 00003558 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001Core
2015-06-18 07:45 - 2015-06-18 07:45 - 00000000 ____D C:\Users\bibblebucket1\AppData\Local\Dropbox
2015-06-18 07:45 - 2015-06-18 07:45 - 00000000 ____D C:\ProgramData\Dropbox
2015-06-17 22:24 - 2015-06-17 22:25 - 00281160 _____ C:\WINDOWS\Minidump\061715-119218-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 11:56 - 2014-12-13 10:01 - 00000000 ____D C:\Users\bibblebucket1\AppData\Roaming\BitTorrent
2015-07-16 11:54 - 2014-12-01 17:54 - 00000340 _____ C:\WINDOWS\Tasks\WSE_Vosteran.job
2015-07-16 11:53 - 2014-08-20 17:30 - 00000340 _____ C:\WINDOWS\Tasks\WSE_Astromenda.job
2015-07-16 11:12 - 2013-08-23 20:36 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-16 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-16 11:00 - 2012-09-19 03:58 - 00000360 _____ C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2015-07-16 06:11 - 2013-08-23 20:36 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-16 06:07 - 2013-08-23 20:36 - 00003904 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 06:06 - 2013-08-23 20:36 - 00003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 18:47 - 2014-08-04 13:39 - 01137263 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-15 18:31 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-15 18:15 - 2012-09-19 03:50 - 00000000 ____D C:\ProgramData\WinClon
2015-07-15 18:14 - 2013-08-23 20:35 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-515815168-1746495529-2309485121-1001
2015-07-15 18:10 - 2014-11-03 17:52 - 00000000 ____D C:\ProgramData\WinZip
2015-07-15 18:09 - 2013-08-23 20:28 - 00000000 ____D C:\Users\bibblebucket1\AppData\Local\CrashDumps
2015-07-15 16:41 - 2013-10-23 20:17 - 00000000 ___RD C:\Users\bibblebucket1\Dropbox
2015-07-15 16:41 - 2013-10-23 20:11 - 00000000 ____D C:\Users\bibblebucket1\AppData\Roaming\Dropbox
2015-07-15 16:37 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-15 16:31 - 2013-08-22 15:46 - 00373423 _____ C:\WINDOWS\setupact.log
2015-07-15 16:31 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-15 16:28 - 2014-03-18 09:16 - 00540802 _____ C:\WINDOWS\PFRO.log
2015-07-14 16:47 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-14 15:46 - 2013-08-23 20:37 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 14:25 - 2014-03-18 16:26 - 00338232 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-14 00:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-13 05:51 - 2014-08-10 17:50 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-13 05:50 - 2014-07-25 11:37 - 876739006 _____ C:\WINDOWS\MEMORY.DMP
2015-07-12 18:22 - 2014-08-04 12:54 - 00000000 ____D C:\Users\bibblebucket1
2015-07-08 10:30 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-08 10:24 - 2015-05-06 21:01 - 00000000 ____D C:\Users\bibblebucket1\AppData\Roaming\Update Manager
2015-07-06 22:24 - 2015-06-14 14:11 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-06 22:24 - 2015-06-14 14:11 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-05 11:08 - 2014-07-03 10:07 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-03 17:50 - 2015-03-02 00:08 - 00000000 ____D C:\Users\bibblebucket1\Desktop\invoices
2015-07-02 10:25 - 2014-09-08 20:07 - 00068096 ___SH C:\Users\bibblebucket1\Desktop\Thumbs.db
2015-07-01 10:01 - 2014-07-05 10:20 - 00000000 ____D C:\Users\bibblebucket1\AppData\Roaming\vlc
2015-06-29 19:04 - 2013-08-23 20:36 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-29 00:53 - 2014-08-25 19:30 - 00000212 _____ C:\Users\bibblebucket1\AppData\Roaming\WB.CFG
2015-06-25 17:42 - 2015-01-04 16:22 - 00001800 _____ C:\WINDOWS\BRRBCOM.INI
2015-06-24 14:46 - 2014-12-29 11:00 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-06-16 16:49 - 2013-11-18 10:16 - 03120128 ___SH C:\Users\bibblebucket1\Downloads\Thumbs.db

==================== Files in the root of some directories =======

2014-06-22 13:58 - 2014-06-22 14:00 - 0028456 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2014-08-25 19:30 - 2015-06-29 00:53 - 0000212 _____ () C:\Users\bibblebucket1\AppData\Roaming\WB.CFG
2014-12-02 19:53 - 2014-12-17 19:53 - 0000010 _____ () C:\Users\bibblebucket1\AppData\Local\DSI.DAT
2014-12-17 19:53 - 2014-12-17 19:53 - 0022528 _____ () C:\Users\bibblebucket1\AppData\Local\dsisetup10758432.exe
2014-12-02 19:53 - 2014-12-02 19:53 - 0022528 _____ () C:\Users\bibblebucket1\AppData\Local\dsisetup791875462.exe
2014-10-02 16:44 - 2014-10-02 16:44 - 0000000 _____ () C:\Users\bibblebucket1\AppData\Local\{8CC977A3-DDC4-4A18-9AD9-7AF6007B92EF}
2014-08-22 21:37 - 2014-08-22 21:37 - 0000000 _____ () C:\Users\bibblebucket1\AppData\Local\{D6242BCA-071C-430A-8C98-E56B7D61DDBF}
2012-09-19 03:58 - 2012-08-08 05:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-09-19 03:58 - 2012-08-07 11:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

Some files in TEMP:
====================
C:\Users\bibblebucket1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbapioa.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-13 17:41

==================== End of log ============================

 

here is the second log:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by bibblebucket1 at 2015-07-16 11:57:40
Running from C:\Users\bibblebucket1\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-515815168-1746495529-2309485121-500 - Administrator - Disabled)
bibblebucket1 (S-1-5-21-515815168-1746495529-2309485121-1001 - Administrator - Enabled) => C:\Users\bibblebucket1
fbwuser (S-1-5-21-515815168-1746495529-2309485121-1004 - Limited - Disabled) => C:\Users\fbwuser
fbwuser0B88 (S-1-5-21-515815168-1746495529-2309485121-1008 - Limited - Disabled) => C:\Users\fbwuser0B88
fbwuser124E (S-1-5-21-515815168-1746495529-2309485121-1012 - Limited - Disabled) => C:\Users\fbwuser124E
fbwuser5406 (S-1-5-21-515815168-1746495529-2309485121-1009 - Limited - Disabled) => C:\Users\fbwuser5406
fbwuser82D0 (S-1-5-21-515815168-1746495529-2309485121-1010 - Limited - Disabled) => C:\Users\fbwuser82D0
fbwuserC806 (S-1-5-21-515815168-1746495529-2309485121-1011 - Limited - Disabled) => C:\Users\fbwuserC806
fbwuserF244 (S-1-5-21-515815168-1746495529-2309485121-1013 - Limited - Disabled) => C:\Users\fbwuserF244
Guest (S-1-5-21-515815168-1746495529-2309485121-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-515815168-1746495529-2309485121-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_7e74552a59eaf9fafd13f90894ac9bd) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}) (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Amazon Kindle (HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{8C6A4815-2E50-7B6E-9159-6608871EB5BF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avery Wizard 5.0 (HKLM\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
AVG PC TuneUp 2014 (en-GB) (x32 Version: 14.0.1001.423 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.423 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.423 - AVG) Hidden
BitTorrent (HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
Brother MFL-Pro Suite DCP-J4120DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
Clip2Net 0.9.4b (HKLM-x32\...\Clip2Net_is1) (Version:  - AU78)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.3.0.1242 - Sanford, L.P.)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
Elite Dangerous Launcher version 0.4.1765.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.1765.0 - Frontier Developments)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
free-4-pc bundle (HKLM-x32\...\free-4-pc bundle) (Version: 2.0.0.5 - free-4-pc)
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Help Desk (HKLM\...\{D93F0B49-12AA-4AE6-8349-0ECB13B9532F}) (Version: 1.0.5 - Samsung Electronics CO., LTD.)
Hotspot Shield 4.15 (HKLM-x32\...\HotspotShield) (Version: 4.15 - AnchorFree Inc.)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4461 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\SOE-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Settings Manager (HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Settings Manager) (Version: 21.4.0.1 - Spigot, Inc.) <==== ATTENTION
Speedial (HKLM-x32\...\Speedial) (Version:  - Speedial) <==== ATTENTION!
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Support Center (HKLM\...\{AC0273F1-68A3-42CF-B487-C594B0A92F8D}) (Version: 2.0.12 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.3 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{391A07F0-748F-474F-986C-F03934F98F6E}) (Version: 2.0.19 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.11.1 - Synaptics Incorporated)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Unity Web Player (HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
WSE Rocket (HKLM-x32\...\WSE Rocket) (Version:  - WSE Rocket) <==== ATTENTION!
WSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version:  - WSE_Astromenda) <==== ATTENTION!
WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version:  - WSE_Vosteran) <==== ATTENTION!
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Avery\Avery Wizard 5.0\AvWizRes.dll (Avery Products Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CD76F1-D4E6-4125-A02E-ED0166393312} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {07736EE8-2192-4E15-A52B-5C7F16BCC854} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-17] (SEC)
Task: {136B747D-E273-44A7-B884-43549BDABE9A} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {1FE52322-05CF-4B86-88C2-230B4C1F5993} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {2AA17891-BAC0-491F-9269-913D94E05CD2} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-09-14] (Samsung Electronics CO., LTD.)
Task: {3937CFCF-EECD-4C0F-97ED-1282DA2C8671} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {46E957D8-F993-416F-A946-500C7E809BD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {55117C80-DC4A-4F97-AD02-EE4ACC359019} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\msoia.exe
Task: {6258514D-6D79-48CB-82F7-84351242B84C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001Core => C:\Users\bibblebucket1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {65CBDADE-3BC5-4BCF-AC52-3D23722D73A3} - System32\Tasks\WSE_Vosteran => C:\Users\bibblebucket1\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe [2014-12-01] () <==== ATTENTION
Task: {84519659-0E6A-4C20-AC3E-902EEA032291} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-12] (Synaptics Incorporated)
Task: {9156DACE-469B-48C9-B8BC-4472E1B779D0} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {9AFDCE98-F2E3-4513-8E36-29D4DEA7AF1E} - System32\Tasks\WSE_Astromenda => C:\Users\bibblebucket1\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-12-31] () <==== ATTENTION
Task: {9B18EC55-2BE6-4215-B2DD-3EF892506C65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {9F528BB4-DB29-42EE-9831-090732FA199A} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B16B4216-110B-450C-81EA-C971DBE65523} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {B8DFA1EA-8260-41F2-8276-C7D4E2C68213} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {BDF08D92-A75C-4D0B-9C0A-B6C8FC47CE3C} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {C1FE76CC-D609-4345-84D8-C3FF0104426B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {C3B521B5-3306-4DFA-9560-6BB756E317BC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-06-16] (Symantec Corporation)
Task: {D38908C0-0CE1-481E-910E-92AD310CF7FF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001UA => C:\Users\bibblebucket1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {D85E0B9D-6E5E-4A6C-93C7-0630A12F5C97} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {DCD799A5-ACB2-472A-9579-007056ED000A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\msoia.exe
Task: {F9469DEE-F7E3-45BD-BB1F-4FDF8BA0A0CC} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001Core.job => C:\Users\bibblebucket1\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001UA.job => C:\Users\bibblebucket1\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\WSE_Astromenda.job => 0x0306010057ADD92D9443F3408746C48A85DACA0C460022010000000044440000200000000014730F000000000013040020208021DF070700040010000B0035000000DB000000410043003A005C00550073006500720073005C0042004900420042004C0045007E0031005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C005700530045005F00410053007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B00000000001B0062006900620062006C0065006200750063006B00650074005C0062006900620062006C0065006200750063006B0065007400310000000000000008000000000000000000010030000000D4070800020000000000000001003500A00500003C0000000000000001000000010000000000000000000000
Task: C:\WINDOWS\Tasks\WSE_Vosteran.job => C:\Users\BIBBLE~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-08-06 13:47 - 2014-03-12 20:09 - 08884904 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2015-03-30 23:18 - 2015-03-30 23:18 - 00589608 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2015-01-04 16:18 - 2005-04-22 05:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2012-09-14 04:42 - 2012-09-14 04:42 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-08-20 17:29 - 2014-10-10 19:16 - 01043968 _____ () C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe
2015-05-22 17:44 - 2015-05-22 17:44 - 00897520 _____ () C:\Users\bibblebucket1\AppData\Roaming\Settings Manager\SettingsManager.exe
2012-09-14 11:18 - 2012-09-14 11:18 - 04238968 _____ () C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
2012-09-05 08:50 - 2012-09-05 08:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2015-03-30 23:17 - 2015-03-30 23:17 - 01749288 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2015-03-30 23:26 - 2015-03-30 23:26 - 00616232 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.4.15.dll
2015-03-03 21:44 - 2015-03-03 21:44 - 00280143 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libidn-11.dll
2009-03-27 21:02 - 2009-03-27 21:02 - 01554920 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libeay32.dll
2009-03-27 21:02 - 2009-03-27 21:02 - 00332254 _____ () C:\Program Files (x86)\Hotspot Shield\bin\libssl32.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2011-01-28 20:14 - 2011-01-28 20:14 - 00094208 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2012-09-19 03:55 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-07-15 16:37 - 2015-07-15 16:37 - 00043008 _____ () c:\Users\bibblebucket1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbapioa.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00750080 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00047616 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00865280 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00200704 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-07-12 19:07 - 2015-03-19 08:15 - 00010240 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00726016 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-12 19:07 - 2015-03-19 08:15 - 00010240 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-01-04 16:15 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\sharepoint.com -> hxxps://maidenhillschool.sharepoint.com
IE trusted site: HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\sony.com -> sony.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "Communicator"
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\StartupApproved\Run: => "AdobeBridge"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CD84EDE2-D3FF-4C03-8B9C-CF9CF89BDA70}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{80CE6C2D-BB58-40AE-8C44-C47A954B2B27}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [UDP Query User{93EEFD9C-A222-4B43-BF15-FE8B452F2C43}C:\program files (x86)\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [TCP Query User{9945D442-C992-4851-98FC-D35A4EBA00BF}C:\program files (x86)\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [UDP Query User{712D58E0-8DD6-470C-B5C5-0C64A7B73CF8}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{6F375649-5463-4869-9F94-33792DC721D6}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{37F31F80-AB52-48A8-88E8-75A9CA301C98}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C6B33620-E856-490E-A192-B1AC863C92B5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{257F3770-2BBC-44FA-852D-969657E4B624}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A0516878-FD5E-46EA-B476-09A587829C52}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{F666ADDC-B153-4685-A8D8-0D03F9C777E0}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{185B11D0-D313-4017-8F2E-DA9E3A2DF920}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{1C089CB7-FC2E-4E04-9580-A6487B6A4419}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [TCP Query User{89D19706-000D-4CA3-BC12-6D20518273D6}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [UDP Query User{8998C44D-964E-460A-A2A8-93A03FE78AA4}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{18D631FB-4704-4D2F-8E40-5E8CDC41F6CC}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{0C1EAB3A-94DA-4828-BA45-E7296B5AEF72}C:\users\bibblebucket1\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\bibblebucket1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{4B0584C2-A8F3-4C48-91D0-0164B7E0D1CE}C:\users\bibblebucket1\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\bibblebucket1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F9768D2D-73A4-44D8-881E-7156B2BBAB86}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{854716D8-D445-47C1-8DF4-D1ED29963FFC}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{6A769E86-EFE3-46C2-B027-6F702817C49E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8B493322-C4DD-4D70-9F8C-A7EC3515C409}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E30A0338-220F-48BA-94D0-FB49042DDA7F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1558A73A-BDD2-4F0C-AF81-36EBE56B35DD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{040BA406-EBD2-49BC-A5A4-53FC9969EFFF}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [{C4E9308E-3320-4AD3-8B00-3D3200758994}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [{DB4A51DB-69CE-48B3-A7DF-DD4376860297}] => (Allow) LPort=51001
FirewallRules: [{FC83AFD7-4800-4F7B-B86F-94F4F06106F3}] => (Allow) LPort=51000
FirewallRules: [{732D7ACC-72E4-4D4A-B8B5-567393AB747C}] => (Allow) LPort=3704
FirewallRules: [{6D66E561-FA0A-46F2-91E7-476FEE987CB0}] => (Allow) LPort=3703
FirewallRules: [{783B7B83-61F7-4924-9810-70C7A6500AD9}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{78233243-38FE-4D34-B665-469139AA2735}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{6659F786-D7F8-4453-83E8-809975C07929}] => (Allow) LPort=5353
FirewallRules: [{791BF3F4-85F5-4524-8478-F88C78ECAC34}] => (Allow) C:\Users\bibblebucket1\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AD163CF9-710D-47B5-8D5C-ADC9EA3D3BA7}] => (Allow) C:\Users\bibblebucket1\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1F2CE9B7-6B61-4F5B-A09C-8D65E48B87B7}] => (Allow) LPort=1900
FirewallRules: [{01004575-EDC3-46D4-AB0C-C9D6CC74F459}] => (Allow) LPort=2869
FirewallRules: [{8CA8B631-F2D8-48EE-A7AC-032E71050173}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{56E1CFC4-48E3-4BAB-A573-3C9B21EA376A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0189B57F-AEAF-4419-AFF4-1CC3C37B365B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{9975384C-9363-4B02-BFE1-4C83613C4B7A}] => (Allow) C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{ECE0790F-A91B-4303-8A60-6953AA97C1EF}] => (Allow) C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B4CE0025-741F-4E7D-B269-EF21B8045B93}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{4B6B6EF5-D9E8-47DE-A5ED-3C157B84BD23}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
FirewallRules: [{A0AD0112-C28F-485E-83C0-8C55475E4BC7}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe
FirewallRules: [TCP Query User{421F2EAC-EB06-41B4-8FEA-E12D833C943D}C:\users\bibblebucket1\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\bibblebucket1\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{6F9F9838-0463-4528-A25F-E145287B6920}C:\users\bibblebucket1\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\bibblebucket1\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{DAEE4BFC-846F-45FD-81EE-97198FFDCE5D}] => (Allow) C:\Users\bibblebucket1\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7698D9DF-2F4E-41A9-A172-A92B8F0BCBB2}] => (Allow) C:\Users\bibblebucket1\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{6514FA54-A7E9-4DB2-848D-B90AB7964447}C:\users\bibblebucket1\appdata\local\frontier_developments\products\forc-fdev-d-1003\elitedangerous32.exe] => (Allow) C:\users\bibblebucket1\appdata\local\frontier_developments\products\forc-fdev-d-1003\elitedangerous32.exe
FirewallRules: [UDP Query User{EB985AE2-4F7C-4D44-8698-D4B29C5B61EA}C:\users\bibblebucket1\appdata\local\frontier_developments\products\forc-fdev-d-1003\elitedangerous32.exe] => (Allow) C:\users\bibblebucket1\appdata\local\frontier_developments\products\forc-fdev-d-1003\elitedangerous32.exe
FirewallRules: [{2A867EE9-EC82-4B9A-8F42-1421EFABE64B}] => (Allow) LPort=54925
FirewallRules: [{978DC8CD-C0BA-4C39-B2B2-4DC31738790E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2015 06:09:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SynTPEnh.exe, version: 19.0.11.1, time stamp: 0x55765a4b
Faulting module name: SynCOM.dll, version: 19.0.11.1, time stamp: 0x557656e7
Exception code: 0xc0000005
Fault offset: 0x0000000000017989
Faulting process ID: 0x9d8
Faulting application start time: 0xSynTPEnh.exe0
Faulting application path: SynTPEnh.exe1
Faulting module path: SynTPEnh.exe2
Report ID: SynTPEnh.exe3
Faulting package full name: SynTPEnh.exe4
Faulting package-relative application ID: SynTPEnh.exe5

Error: (07/15/2015 06:02:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.3.9600.17415, time stamp: 0x54504177
Faulting module name: sysmain.dll, version: 6.3.9600.17415, time stamp: 0x545041b7
Exception code: 0xc0000305
Fault offset: 0x000000000001cf9f
Faulting process ID: 0x9ac
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report ID: svchost.exe_SysMain3
Faulting package full name: svchost.exe_SysMain4
Faulting package-relative application ID: svchost.exe_SysMain5

Error: (07/15/2015 05:44:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program DllHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a34

Start Time: 01d0bf1d5eb0f0b1

Termination Time: 40531

Application Path: C:\WINDOWS\system32\DllHost.exe

Report Id: aafca821-2b10-11e5-8013-50b7c357ec82

Faulting package full name:

Faulting package-relative application ID:

Error: (07/15/2015 05:16:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bd8

Start Time: 01d0bf16679e3e5c

Termination Time: 13031

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: c3640477-2b0c-11e5-8013-50b7c357ec82

Faulting package full name:

Faulting package-relative application ID:

Error: (07/15/2015 05:10:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 98c

Start Time: 01d0bf14330e7ba4

Termination Time: 15156

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 006005c0-2b0c-11e5-8013-50b7c357ec82

Faulting package full name:

Faulting package-relative application ID:

Error: (07/15/2015 04:40:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Exception code: 0xc0000417
Fault offset: 0x000000000014d7cc
Faulting process ID: 0x624
Faulting application start time: 0xMakeMarkerFile.exe0
Faulting application path: MakeMarkerFile.exe1
Faulting module path: MakeMarkerFile.exe2
Report ID: MakeMarkerFile.exe3
Faulting package full name: MakeMarkerFile.exe4
Faulting package-relative application ID: MakeMarkerFile.exe5

Error: (07/15/2015 07:55:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18d0

Start Time: 01d0be630659a153

Termination Time: 1281

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 6ac1d5be-2abe-11e5-8012-50b7c357ec82

Faulting package full name:

Faulting package-relative application ID:

Error: (07/14/2015 09:16:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (07/14/2015 09:16:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
The system cannot find the file specified.
.

Error: (07/14/2015 09:16:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.
.

System errors:
=============
Error: (07/16/2015 11:53:26 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/16/2015 11:53:26 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/16/2015 11:40:18 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/16/2015 11:40:18 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/16/2015 11:37:23 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/16/2015 11:34:35 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/15/2015 09:40:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 252.

Error: (07/15/2015 07:12:00 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 106.

Error: (07/15/2015 06:49:06 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 106.

Error: (07/15/2015 06:16:13 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 106.

Microsoft Office:
=========================
Error: (07/15/2015 06:09:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SynTPEnh.exe19.0.11.155765a4bSynCOM.dll19.0.11.1557656e7c000000500000000000179899d801d0bf137fe15bebC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\WINDOWS\system32\SynCOM.dll33222e4e-2b14-11e5-8013-50b7c357ec82

Error: (07/15/2015 06:02:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.3.9600.1741554504177sysmain.dll6.3.9600.17415545041b7c0000305000000000001cf9f9ac01d0bf137fdc95e9C:\WINDOWS\system32\svchost.exec:\windows\system32\sysmain.dll5141273d-2b13-11e5-8013-50b7c357ec82

Error: (07/15/2015 05:44:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: DllHost.exe6.3.9600.174151a3401d0bf1d5eb0f0b140531C:\WINDOWS\system32\DllHost.exeaafca821-2b10-11e5-8013-50b7c357ec82

Error: (07/15/2015 05:16:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.178401bd801d0bf16679e3e5c13031C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEc3640477-2b0c-11e5-8013-50b7c357ec82

Error: (07/15/2015 05:10:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1784098c01d0bf14330e7ba415156C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE006005c0-2b0c-11e5-8013-50b7c357ec82

Error: (07/15/2015 04:40:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cc62401d0bf137797625eC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exed150250c-2b07-11e5-8013-50b7c357ec82

Error: (07/15/2015 07:55:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1784018d001d0be630659a1531281C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE6ac1d5be-2abe-11e5-8012-50b7c357ec82

Error: (07/14/2015 09:16:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (07/14/2015 09:16:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary avast! VM Monitor.

System Error:
The system cannot find the file specified.

Error: (07/14/2015 09:16:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
The system cannot find the file specified.

CodeIntegrity Errors:
===================================
  Date: 2015-07-14 16:24:37.123
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-14 16:10:43.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-23 20:40:52.084
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-23 20:40:50.661
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-23 20:40:49.123
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-23 20:40:47.874
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-23 20:40:46.534
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-23 20:40:45.376
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-23 20:40:43.470
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-03-23 20:40:41.935
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A6-4400M APU with Radeon™ HD Graphics
Percentage of memory in use: 45%
Total physical RAM: 5595.1 MB
Available physical RAM: 3050.4 MB
Total Virtual: 11227.1 MB
Available Virtual: 7762.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.15 GB) (Free:218.29 GB) NTFS
Drive d: (My Disc) (CDROM) (Total:0.32 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

==================== End of log ============================

 

 

 


  • 0

Advertisements


#2
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 


- General Instructions -


  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • It is also likely during our cleaning process that your internet browsing history will be removed. Your favorites will be untouched. If you don't want this to happen you need to let me know before running any steps so I can adjust my fixes accordingly.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-



All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-


 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

I'm reviewing your topic now.


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, let's get going. Please do the following.

 

Step#1 - Warnings
The Dangers of P2P Programs
IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.
You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.
 
Here are some information sources about the dangers of P2P programs:
FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers
 
I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.
 
It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.
 
Please uninstall the following Peer-to-Peer program(s): BitTorrent

 

 

Step#2 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

AVG PC TuneUp 2014   <----unless you absolutely must have I would uninstall it
free-4-pc bundle
Norton 360           
<-----I see you have Windows Defender enabled and Norton disabled which is what I would prefer as well. I would uninstall Norton 360.
Settings Manager
Speedial
WSE Rocket
WSE_Astromenda
WSE_Vosteran

 

 

Step#3 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   4.31KB   133 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#5 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

 

Items for your next post

1. Fixlog.txt

2. AdwCleaner log

3. JRT log

 

 


  • 0

#4
bibble

bibble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

HI,

sorry for the delay in replying, I've been away the last couple of ays. I have done the steps that you have requested.

here is the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by bibblebucket1 at 2015-07-19 19:10:35 Run:1
Running from C:\Users\bibblebucket1\Desktop
Loaded Profiles: bibblebucket1 (Available Profiles: bibblebucket1 & fbwuser & fbwuser0B88 & fbwuser5406 & fbwuser82D0 & fbwuserC806 & fbwuser124E & fbwuserF244)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
() C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe
() C:\Users\bibblebucket1\AppData\Roaming\Settings Manager\SettingsManager.exe
Task: {65CBDADE-3BC5-4BCF-AC52-3D23722D73A3} - System32\Tasks\WSE_Vosteran => C:\Users\bibblebucket1\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe [2014-12-01] () <==== ATTENTION
Task: {9AFDCE98-F2E3-4513-8E36-29D4DEA7AF1E} - System32\Tasks\WSE_Astromenda => C:\Users\bibblebucket1\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-12-31] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\WSE_Astromenda.job => 0x0306010057ADD92D9443F3408746C48A85DACA0C460022010000000044440000200000000014730F000000000013040020208021DF070700040010000B0035000000DB000000410043003A005C00550073006500720073005C0042004900420042004C0045007E0031005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C005700530045005F00410053007E0031005C005500500044004100540045007E0031005C005500500044004100540045007E0031002E00450058004500000007002F0043006800650063006B00000000001B0062006900620062006C0065006200750063006B00650074005C0062006900620062006C0065006200750063006B0065007400310000000000000008000000000000000000010030000000D4070800020000000000000001003500A00500003C0000000000000001000000010000000000000000000000
Task: C:\WINDOWS\Tasks\WSE_Vosteran.job => C:\Users\BIBBLE~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\BIBBLE~1\AppData\Roaming\WSE_VO~1
C:\Program Files (x86)\WSE_Astromenda
C:\Users\bibblebucket1\AppData\Roaming\Settings Manager
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\RunOnce: [Polono] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\BIBBLE~1\AppData\Local\552A60~1\Senapihu.dat"
HKLM-x32\...\RunOnce: [Rufoco] => C:\WINDOWS\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\BIBBLE~1\AppData\Local\621BF1~1\Netup.dat"
C:\Users\BIBBLE~1\AppData\Local\552A60~1
C:\Users\BIBBLE~1\AppData\Local\621BF1~1
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe [1043968 2014-10-10] ()
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [Settings Manager] => C:\Users\bibblebucket1\AppData\Roaming\Settings Manager\SettingsManager.EXE [897520 2015-05-22] ()
AppInit_DLLs: C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [220992 2014-06-26] ()
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Vosteran.com/...r=1627451199=
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://astromenda.co...cr=134114094=
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Vosteran.com/...r=1627451199=
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://rocket-find.c...cr=173684390=
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {3510A9C9-89BD-4CA3-AD0B-170752148322} URL = http://astromenda.co...cr=825971628=
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.condui...0502360717&UM=1
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://astromenda.co...cr=134114094=
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: No Name -> {074C1DC5-9320-4A9A-947D-C042949C6216} ->  No File
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
Toolbar: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} -  No File
CHR Extension: (Rocket New Tab) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom [2014-07-03]
CHR Extension: (Vosteran New Tab) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2015-03-18]
CHR Extension: (Astromenda New Tab) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2015-03-18]
2015-07-16 11:54 - 2014-12-01 17:54 - 00000340 _____ C:\WINDOWS\Tasks\WSE_Vosteran.job
2015-07-16 11:53 - 2014-08-20 17:30 - 00000340 _____ C:\WINDOWS\Tasks\WSE_Astromenda.job
EmptyTemp:
*****************

Restore point was successfully created.
[3900] C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe => process closed successfully.
C:\Users\bibblebucket1\AppData\Roaming\Settings Manager\SettingsManager.exe => No running process found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65CBDADE-3BC5-4BCF-AC52-3D23722D73A3} => key not found.
C:\Windows\System32\Tasks\WSE_Vosteran not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AFDCE98-F2E3-4513-8E36-29D4DEA7AF1E} => key not found.
C:\Windows\System32\Tasks\WSE_Astromenda not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda => key not found.
C:\WINDOWS\Tasks\WSE_Astromenda.job not found.
C:\WINDOWS\Tasks\WSE_Vosteran.job not found.
"C:\Users\BIBBLE~1\AppData\Roaming\WSE_VO~1" => File/Folder not found.
C:\Program Files (x86)\WSE_Astromenda => moved successfully.
"C:\Users\bibblebucket1\AppData\Roaming\Settings Manager" => File/Folder not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Polono => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Rufoco => value not found.
C:\Users\BIBBLE~1\AppData\Local\552A60~1 => moved successfully.
C:\Users\BIBBLE~1\AppData\Local\621BF1~1 => moved successfully.
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BRS => value removed successfully
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Settings Manager => value not found.
"C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => value data not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => key removed successfully
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => key removed successfully
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found.
"HKU\S-1-5-21-515815168-1746495529-2309485121-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}" => key removed successfully
HKCR\CLSID\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9} => key not found.
"HKU\S-1-5-21-515815168-1746495529-2309485121-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}" => key removed successfully
HKCR\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3510A9C9-89BD-4CA3-AD0B-170752148322} => key not found.
HKCR\CLSID\{3510A9C9-89BD-4CA3-AD0B-170752148322} => key not found.
"HKU\S-1-5-21-515815168-1746495529-2309485121-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => key removed successfully
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => key not found.
"HKU\S-1-5-21-515815168-1746495529-2309485121-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => key removed successfully
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => key removed successfully
"HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}" => key removed successfully
HKCR\Wow6432Node\CLSID\{074C1DC5-9320-4A9A-947D-C042949C6216} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => value removed successfully
HKCR\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} => key not found.
C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom => moved successfully.
C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce => moved successfully.
C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae => moved successfully.
"C:\WINDOWS\Tasks\WSE_Vosteran.job" => File/Folder not found.
"C:\WINDOWS\Tasks\WSE_Astromenda.job" => File/Folder not found.
EmptyTemp: => 3.2 GB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 19:32:03 ====

 

here is the adw log:

 

# AdwCleaner v4.208 - Logfile created 19/07/2015 at 20:49:18
# Updated 09/07/2015 by Xplode
# Database : 2015-07-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : bibblebucket1 - BIBBLEBUCKET
# Running from : C:\Users\bibblebucket1\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : hshld

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Hotspot Shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\WSE Rocket
Folder Deleted : C:\Program Files (x86)\Hotspot Shield
Folder Deleted : C:\WINDOWS\SysWOW64\Hotspot Shield
Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Hotspot Shield
Folder Deleted : C:\Users\bibblebucket1\AppData\Local\Astromenda
Folder Deleted : C:\Users\bibblebucket1\AppData\Local\Conduit
Folder Deleted : C:\Users\bibblebucket1\AppData\Local\Rocket
Folder Deleted : C:\Users\bibblebucket1\AppData\Local\SearchProtect
Folder Deleted : C:\Users\bibblebucket1\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield
Folder Deleted : C:\Users\bibblebucket1\AppData\Roaming\Astromenda
Folder Deleted : C:\Users\bibblebucket1\AppData\Roaming\RocketUpdater
Folder Deleted : C:\Users\bibblebucket1\AppData\Roaming\Update Manager
Folder Deleted : C:\Users\bibblebucket1\AppData\Roaming\Hotspot Shield
File Deleted : C:\END
File Deleted : C:\WINDOWS\Reimage.ini
File Deleted : C:\WINDOWS\System32\reimage.rep

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Astromenda
Key Deleted : HKCU\Software\BRS
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Rocket Browser
Key Deleted : HKCU\Software\RocketUpdater
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\WSE Rocket
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\reimagerepair
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Deleted : HKCU\Software\AppDataLow\Software\Hotspot_Shield
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\InstallCore
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SweetIM
Key Deleted : HKLM\SOFTWARE\Hotspot_Shield
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE Rocket
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

-\\ Google Chrome v43.0.2357.134

[C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1561552&CUI=UN13293740502360717&UM=1
[C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325860&octid=EB_ORIGINAL_CTID&ISID=582977a5-3b83-4c55-bc5f-adf315e0ebd8&SearchSource=58&CUI=&UM=6&UP=SP2133B839-250A-47B3-891B-B19B56FD10D9&q={searchTerms}&SSPV=
[C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_wnzp01_14_27_ie&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0F0DyBzyzyyEyDtB0ByDtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFtCtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0E0FtA0BzztAtDtGyD0EzzyBtG0F0B0D0AtGyC0EtD0CtGyB0A0C0B0A0B0E0EzzyEtAtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCtCtDyCyEyDzytG0Azy0CtDtG0ByDzy0BtG0Dzzzy0FtGtDtC0DyCyE0CtDyByDtCyEyC2Q&cr=173684390&ir=
[C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_wnzp01_14_27_ie&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0F0DyBzyzyyEyDtB0ByDtN0D0Tzu0SzytCyEtN1L2XzutBtFtBtCtFtCtCtFtCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StA0E0FtA0BzztAtDtGyD0EzzyBtG0F0B0D0AtGyC0EtD0CtGyB0A0C0B0A0B0E0EzzyEtAtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyCtCtDyCyEyDzytG0Azy0CtDtG0ByDzy0BtG0Dzzzy0FtGtDtC0DyCyE0CtDyByDtCyEyC2Q&cr=173684390&ir=
[C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_wnzp01_14_45_ie&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0F0DyBzyzyyEyDtB0ByDtN0D0Tzu0StCtDtAzztN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0ByBtB0AyC0FtDtG0A0D0BtBtGyB0A0CtCtG0D0F0DtAtGtD0DyC0Czz0E0A0EyDyEyDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyC0DtBtD0EyB0FtGyB0DzztCtGyEtDtD0EtGzztB0AzztG0EtA0D0DtByB0Czy0B0AyE0E2Q&cr=134114094&ir=
[C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_wnzp01_14_49_ie&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0F0DyBzyzyyEyDtB0ByDtN0D0Tzu0StCtDyCyDtN1L2XzutAtFyCtFyCtFtDtN1L1CzutCyEtBzytDyD1V1BtN1L1G1B1V1N2Y1L1Qzu2StAyBtByC0DtAyEyCtG0C0D0C0CtGyCzyyEyEtGyD0F0DyEtGtCtA0AyB0CtAyC0C0CyE0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyC0DtBtD0EyB0FtGyB0DzztCtGyEtDtD0EtGzztB0AzztG0EtA0D0DtByB0Czy0B0AyE0E2Q&cr=1627451199&ir=
[C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://astromenda.com/?f=1&a=ast_wnzp01_14_45_ie&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0F0DyBzyzyyEyDtB0ByDtN0D0Tzu0StCtDtAzztN1L2XzutAtFyCtFtDtFtAtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyE0ByBtB0AyC0FtDtG0A0D0BtBtGyB0A0CtCtG0D0F0DtAtGtD0DyC0Czz0E0A0EyDyEyDtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyC0DtBtD0EyB0FtGyB0DzztCtGyEtDtD0EtGzztB0AzztG0EtA0D0DtByB0Czy0B0AyE0E2Q&cr=134114094&ir=

*************************

AdwCleaner[R0].txt - [10389 bytes] - [19/07/2015 20:39:56]
AdwCleaner[S0].txt - [9682 bytes] - [19/07/2015 20:49:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9741  bytes] ##########

 

here is the final log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 8.1 x64
Ran by bibblebucket1 on 19/07/2015 at 21:00:54.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shell\TuneUp Undelete

 

~~~ Files

Successfully deleted: [File] C:\Users\Public\Desktop\hotspot shield.lnk

 

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\bibblebucket1\Documents\add-in express

 

~~~ Chrome

[C:\Users\bibblebucket1\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\bibblebucket1\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
ibnjmihbbanannlbobkbmnmckjnmdnom
oilkkkefbalmbfppgjmgjoefbclebkce
pfkfdlcdbajamklbneflfbcmfgddmpae

[C:\Users\bibblebucket1\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\bibblebucket1\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  ndibdjnfmopecpmkdieinmbadjfpblof
]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/07/2015 at 21:16:50.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

thank you for your help so far.

 

 


  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Excellent. How's your machine doing now?

 

Please do the following.

 

Step#1 - Malwarebytes Scan


  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#2 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 

 

Step#3 - ESET Online Scanner and Post Results
Before running this scan, please temporarily disable your antivirus software to avoid conflicts. You can re-enable once it's done. Instructions for doing this on many AVs are here. This scan can take hours to run but is necessary to ensure we don't miss anything. Plan accordingly.

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
     
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if anything was detected please click the List of found threats link.
  • ThreatsFound.JPG
     
  • Then click the Copy to Clipboard link and paste this information into your next reply.
  • CopyToClipboard.JPG

     

     

  • Then you may click the Back button.
  • Check Uninstall Application on Close before clicking finish.

 
Items for your next post

1. Malwarebytes log
2. Contents of the ESET log file

 

 


  • 0

#6
bibble

bibble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Hi,

it is running better but not perfect.

I have now done the next 2 steps, here is the mal log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 20/07/2015
Scan Time: 09:32
Logfile: new.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.20.01
Rootkit Database: v2015.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: bibblebucket1

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 515647
Time Elapsed: 1 hr, 53 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 27
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [9d649153bad03bfb48099aedbc46a35d],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [9d649153bad03bfb48099aedbc46a35d],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [9d649153bad03bfb48099aedbc46a35d],
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B29FE53-D39E-414B-98A3-67E41969F3E9}, Quarantined, [4bb69f4546446ec87adc97fca2628a76],
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{77F08C8B-3612-4388-9C97-29B6F0A32089}, Quarantined, [d42d2db73a50a492c195a6edc242f40c],
PUP.Optional.Spigot.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B61B11C7-4BFF-43C4-8A1E-B8F2948AA5C3}, Quarantined, [ff0291538505a88ecab245c5dc27de22],
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B29FE53-D39E-414B-98A3-67E41969F3E9}, Quarantined, [35ccac38f496191d78de41522dd70ff1],
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{77F08C8B-3612-4388-9C97-29B6F0A32089}, Quarantined, [fb069b49c9c1a690c78fbad9a2622ed2],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, Quarantined, [6899ad37692157df95cd7c0e46be847c],
PUP.Optional.RocketFind.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}, Quarantined, [0ff2568e503ac4721819bb4ce221f907],
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}, Quarantined, [bf427d67e9a13bfbb57d03879d6731cf],
PUP.Optional.Spigot.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B61B11C7-4BFF-43C4-8A1E-B8F2948AA5C3}, Quarantined, [b1508c584347b680f686a268f40f22de],
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Quarantined, [fe0312d2b5d5ae88032f5832ea1ace32],
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B29FE53-D39E-414B-98A3-67E41969F3E9}, Quarantined, [6b96974d0387d264292df99a0df704fc],
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{77F08C8B-3612-4388-9C97-29B6F0A32089}, Quarantined, [b849fee68604b97d8ccaeda606feb54b],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, Quarantined, [e21fb92bc4c60c2a8cd658329371728e],
PUP.Optional.RocketFind.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}, Quarantined, [1fe2eff518723105171a7c8b877cb050],
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}, Quarantined, [ba47edf7078313230c26c8c20400728e],
PUP.Optional.Spigot.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B61B11C7-4BFF-43C4-8A1E-B8F2948AA5C3}, Quarantined, [e21ffee6e5a5fb3ba7d56d9d92716e92],
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Quarantined, [976a08dc7515dd5943eff595d43026da],
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B29FE53-D39E-414B-98A3-67E41969F3E9}, Quarantined, [6b96a93b454579bd5402a4ef699ba65a],
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{77F08C8B-3612-4388-9C97-29B6F0A32089}, Quarantined, [7b860dd7800a999df85e2f64d72db64a],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, Quarantined, [5fa28c588ffb2115fc66f298828258a8],
PUP.Optional.RocketFind.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}, Quarantined, [2fd233b11773de58bc7571961be854ac],
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}, Quarantined, [3fc21cc82f5b5cdacf631c6e63a10ef2],
PUP.Optional.Spigot.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B61B11C7-4BFF-43C4-8A1E-B8F2948AA5C3}, Quarantined, [8081eff52169f73f0d6fa961a45fac54],
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Quarantined, [639e03e194f62a0cfd359feb0301e51b],

Registry Values: 67
PUP.Optional.Vosteran.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files (x86)\WSE_Vosteran\\, Quarantined, [8e73c91b90fae94dd6e818f01ee56a96]
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B29FE53-D39E-414B-98A3-67E41969F3E9}|AppPath, C:\Users\bibblebucket1\AppData\Local\Conduit\CT1561552, Quarantined, [4bb69f4546446ec87adc97fca2628a76]
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{77F08C8B-3612-4388-9C97-29B6F0A32089}|AppPath, C:\Users\bibblebucket1\AppData\Local\Conduit\CT1561552, Quarantined, [d42d2db73a50a492c195a6edc242f40c]
PUP.Optional.Spigot.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B61B11C7-4BFF-43C4-8A1E-B8F2948AA5C3}|URL, https://uk.search.ya...&p={searchTerms}, Quarantined, [ff0291538505a88ecab245c5dc27de22]
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B29FE53-D39E-414B-98A3-67E41969F3E9}|AppPath, C:\Users\bibblebucket1\AppData\Local\Conduit\CT1561552, Quarantined, [35ccac38f496191d78de41522dd70ff1]
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{77F08C8B-3612-4388-9C97-29B6F0A32089}|AppPath, C:\Users\bibblebucket1\AppData\Local\Conduit\CT1561552, Quarantined, [fb069b49c9c1a690c78fbad9a2622ed2]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|URL, http://Vosteran.com/...r=1627451199=, Quarantined, [6899ad37692157df95cd7c0e46be847c]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|TopResultURLFallback, http://Vosteran.com/...r=1627451199=, Quarantined, [71906f7545456fc719496d1dac58a55b]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|FaviconPath, C:\Program Files (x86)\WSE_Vosteran\\FavIcon.ico, Quarantined, [ae53bc282e5cb185d191e5a534d0c43c]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, Vosteran, Quarantined, [d9289153ff8bcb6b560cf4960cf8817f]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|DisplayName, Vosteran, Quarantined, [917053917d0d51e5ff637218fd07fa06]
PUP.Optional.RocketFind.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|URL, http://rocket-find.c...cr=173684390=, Quarantined, [0ff2568e503ac4721819bb4ce221f907]
PUP.Optional.RocketFind.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|TopResultURLFallback, http://rocket-find.c...cr=173684390=, Quarantined, [6e938a5a72189b9b052cda2d778c60a0]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}|URL, http://astromenda.co...cr=825971628=, Quarantined, [bf427d67e9a13bfbb57d03879d6731cf]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}|TopResultURLFallback, http://astromenda.co...cr=825971628=, Quarantined, [fa07489c404a57dffc36781252b2926e]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}, Astromenda, Quarantined, [d32ea63e1674fa3cec464e3c0400e11f]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}|DisplayName, Astromenda, Quarantined, [af5264808703fe386ec4c8c239cb0df3]
PUP.Optional.Conduit.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|URL, http://search.condui...0502360717&UM=1, Quarantined, [d32e06dedcae67cfbdd71af10201847c]
PUP.Optional.Conduit.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|SuggestionsURL_JSON, http://suggest.searc...ix={searchTerms}, Quarantined, [c73aa2423258c076b8dc858646bd21df]
PUP.Optional.Conduit.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|FaviconURL, http://search.conduit.com/favicon.ico, Quarantined, [1ce5e301325842f460340902ce3543bd]
PUP.Optional.Spigot.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B61B11C7-4BFF-43C4-8A1E-B8F2948AA5C3}|URL, https://uk.search.ya...&p={searchTerms}, Quarantined, [b1508c584347b680f686a268f40f22de]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|URL, http://astromenda.co...cr=134114094=, Quarantined, [fe0312d2b5d5ae88032f5832ea1ace32]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|TopResultURLFallback, http://astromenda.co...cr=134114094=, Quarantined, [26dbfee61e6cb77fe250d8b228dc13ed]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Astromenda, Quarantined, [d829865e4c3e092d9e948208a95bc53b]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1011\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|DisplayName, Astromenda, Quarantined, [1ce5a63eb2d846f0d45e9febe2225da3]
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B29FE53-D39E-414B-98A3-67E41969F3E9}|AppPath, C:\Users\bibblebucket1\AppData\Local\Conduit\CT1561552, Quarantined, [6b96974d0387d264292df99a0df704fc]
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{77F08C8B-3612-4388-9C97-29B6F0A32089}|AppPath, C:\Users\bibblebucket1\AppData\Local\Conduit\CT1561552, Quarantined, [b849fee68604b97d8ccaeda606feb54b]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|URL, http://Vosteran.com/...r=1627451199=, Quarantined, [e21fb92bc4c60c2a8cd658329371728e]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|TopResultURLFallback, http://Vosteran.com/...r=1627451199=, Quarantined, [45bcc81cc6c4072f1f436a205ba943bd]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|FaviconPath, C:\Program Files (x86)\WSE_Vosteran\\FavIcon.ico, Quarantined, [7b869054602ae650d68c6b1f70944eb2]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, Vosteran, Quarantined, [b34ee2024347a6905d0579114bb9b947]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|DisplayName, Vosteran, Quarantined, [a061657f791181b5540e59311ce80000]
PUP.Optional.RocketFind.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|URL, http://rocket-find.c...cr=173684390=, Quarantined, [1fe2eff518723105171a7c8b877cb050]
PUP.Optional.RocketFind.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|TopResultURLFallback, http://rocket-find.c...cr=173684390=, Quarantined, [26db37ade8a279bdd55c62a5b74c53ad]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}|URL, http://astromenda.co...cr=825971628=, Quarantined, [ba47edf7078313230c26c8c20400728e]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}|TopResultURLFallback, http://astromenda.co...cr=825971628=, Quarantined, [e51c994b9cee2d097fb3f793956f7f81]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}, Astromenda, Quarantined, [0cf523c182080b2b55ddb2d89d670ef2]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}|DisplayName, Astromenda, Quarantined, [fd048e5638521d19c1717c0e7292df21]
PUP.Optional.Conduit.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|URL, http://search.condui...0502360717&UM=1, Quarantined, [17ea0bd9e4a65ed81084c04b2bd8758b]
PUP.Optional.Conduit.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|SuggestionsURL_JSON, http://suggest.searc...ix={searchTerms}, Quarantined, [847d5a8a098147ef5440a5663bc8f808]
PUP.Optional.Conduit.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|FaviconURL, http://search.conduit.com/favicon.ico, Quarantined, [08f9a440f49672c4afe535d69b68748c]
PUP.Optional.Spigot.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B61B11C7-4BFF-43C4-8A1E-B8F2948AA5C3}|URL, https://uk.search.ya...&p={searchTerms}, Quarantined, [e21ffee6e5a5fb3ba7d56d9d92716e92]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|URL, http://astromenda.co...cr=134114094=, Quarantined, [976a08dc7515dd5943eff595d43026da]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|TopResultURLFallback, http://astromenda.co...cr=134114094=, Quarantined, [13ee8d57e3a7cf6729091b6fe91b50b0]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Astromenda, Quarantined, [768b35aff991e84e260c741664a0d62a]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1012\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|DisplayName, Astromenda, Quarantined, [57aa61839dede0561919dbafa85c7987]
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4B29FE53-D39E-414B-98A3-67E41969F3E9}|AppPath, C:\Users\bibblebucket1\AppData\Local\Conduit\CT1561552, Quarantined, [6b96a93b454579bd5402a4ef699ba65a]
PUP.Optional.ConduitTB.Gen.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{77F08C8B-3612-4388-9C97-29B6F0A32089}|AppPath, C:\Users\bibblebucket1\AppData\Local\Conduit\CT1561552, Quarantined, [7b860dd7800a999df85e2f64d72db64a]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|URL, http://Vosteran.com/...r=1627451199=, Quarantined, [5fa28c588ffb2115fc66f298828258a8]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|TopResultURLFallback, http://Vosteran.com/...r=1627451199=, Quarantined, [629f24c0701ae056ec766b1f34d053ad]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|FaviconPath, C:\Program Files (x86)\WSE_Vosteran\\FavIcon.ico, Quarantined, [40c1be263654f0462c36e1a956aefb05]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}, Vosteran, Quarantined, [cb368a5afa90072fde84d0ba3bc9629e]
PUP.Optional.Vosteran.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}|DisplayName, Vosteran, Quarantined, [719044a066241a1ce57dccbef70db24e]
PUP.Optional.RocketFind.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|URL, http://rocket-find.c...cr=173684390=, Quarantined, [2fd233b11773de58bc7571961be854ac]
PUP.Optional.RocketFind.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|TopResultURLFallback, http://rocket-find.c...cr=173684390=, Quarantined, [629f8262eaa040f6b67bfb0c34cf22de]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}|URL, http://astromenda.co...cr=825971628=, Quarantined, [3fc21cc82f5b5cdacf631c6e63a10ef2]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}|TopResultURLFallback, http://astromenda.co...cr=825971628=, Quarantined, [0bf6be26711937ff112191f914f0cd33]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}, Astromenda, Quarantined, [6a977d678ffb4beb84aed4b6d72db050]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{3510A9C9-89BD-4CA3-AD0B-170752148322}|DisplayName, Astromenda, Quarantined, [966b44a017737cbade5499f1e81cad53]
PUP.Optional.Conduit.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|URL, http://search.condui...0502360717&UM=1, Quarantined, [68993ea68ffb51e54c488685fd061fe1]
PUP.Optional.Conduit.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|SuggestionsURL_JSON, http://suggest.searc...ix={searchTerms}, Quarantined, [46bbb03499f1f343098b8b8004ff1be5]
PUP.Optional.Conduit.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}|FaviconURL, http://search.conduit.com/favicon.ico, Quarantined, [b54c9c484e3cfc3a9afa5ead8e7522de]
PUP.Optional.Spigot.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B61B11C7-4BFF-43C4-8A1E-B8F2948AA5C3}|URL, https://uk.search.ya...&p={searchTerms}, Quarantined, [8081eff52169f73f0d6fa961a45fac54]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|URL, http://astromenda.co...cr=134114094=, Quarantined, [639e03e194f62a0cfd359feb0301e51b]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|TopResultURLFallback, http://astromenda.co...cr=134114094=, Quarantined, [ec15c024672350e670c25c2e956fdd23]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}, Astromenda, Quarantined, [70917c68721861d5032f701a18ec9868]
PUP.Optional.Astromenda.A, HKU\S-1-5-21-515815168-1746495529-2309485121-1013\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}|DisplayName, Astromenda, Quarantined, [2bd627bd404a112536fc375318ec718f]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.DsiLoad, C:\Users\bibblebucket1\AppData\Local\dsisetup791875462.exe, Quarantined, [53aed50f583278be7a50416219e8e917],
PUP.Optional.DsiLoad, C:\Users\bibblebucket1\AppData\Local\dsisetup10758432.exe, Quarantined, [996827bdeaa0270f6763ccd77d8457a9],
PUP.Optional.Astromenda, C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwareb...restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"startup_urls":["http://astromenda.co...llback_tries":0}}), Replaced,[61a02cb81773f93d1de84729a461c43c]

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

here is the next log: 

 

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Hotspot Shield\ConduitUninstaller.exe.vir Win32/Toolbar.Conduit potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WSE Rocket\uninstall.exe.vir a variant of Win32/InstallCore.YX potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\Local\Conduit\Community Alerts\Alert.dll.vir a variant of Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\Local\Rocket\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom\0.2.4_0\js\background.js.vir JS/Astromenda.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\Local\Rocket\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom\0.2.4_0\js\bootstrap.js.vir JS/Astromenda.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\Local\Rocket\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom\0.2.4_0\js\newtab.js.vir JS/Astromenda.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\Local\Rocket\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom\0.2.4_0\js\opentab.js.vir JS/Astromenda.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\hk64tbHot0.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\hk64tbHot2.dll.vir a variant of Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\hk64tbHots.dll.vir Win64/Toolbar.Conduit.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\hktbHot0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\hktbHot2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\hktbHots.dll.vir Win32/Toolbar.Conduit.W potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\ldrtbHot0.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\ldrtbHot2.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\ldrtbHots.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\prxtbHot0.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\prxtbHot2.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\sc64tbHot0.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\sc64tbHot2.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\sctbHot0.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\sctbHot2.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\tbHot0.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\tbHot2.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\bibblebucket1\AppData\LocalLow\Hotspot_Shield\tbHots.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\WSE_Astromenda\BRS\brs.exe a variant of Win32/AdWare.Agent.NNW application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application
C:\Users\bibblebucket1\AppData\Local\Temp\22859uninstall.exe a variant of Win32/InstallCore.YX potentially unwanted application
C:\Windows\Installer\5ab340.msi a variant of Win32/Systweak.L potentially unwanted application
 

 


  • 0

#7
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Let me know what specific issues you have left and please do the following.

 

Step#1 - Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 

Step#2 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. Security Check log
2. FRST and Addition logs


  • 0

#8
bibble

bibble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Hi,

what im finding is that there is a delay between me pressing a button on the keyboard and the screen showing what I had done, whether a mouse click or just typing. t has got bettr, but its not fully correct. It also tends to be at its worst when using IE.

anyway her are the logs that you asked for:

Results of screen317's Security Check version 1.005 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 AVG PC TuneUp 2014 
 AVG PC TuneUp 2014 (en-GB)
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 10.1.15 Adobe Reader out of Date! 
 Google Chrome (43.0.2357.132)
 Google Chrome (43.0.2357.134)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Symantec Norton Online Backup NOBuAgent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 

 

here is the frst logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by bibblebucket1 (administrator) on BIBBLEBUCKET on 22-07-2015 11:23:49
Running from C:\Users\bibblebucket1\Desktop
Loaded Profiles: bibblebucket1 (Available Profiles: bibblebucket1 & fbwuser & fbwuser0B88 & fbwuser5406 & fbwuser82D0 & fbwuserC806 & fbwuser124E & fbwuserF244)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(Dropbox, Inc.) C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDLockedFiles.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3940040 2015-06-12] (Synaptics Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-06-26] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2013-09-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12118840 2015-03-28] (Microsoft Corporation)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [Clip2Net] => C:\Program Files (x86)\Clip2Net\clip2net.exe [1887744 2012-12-12] ()
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1825360 2011-01-28] (Sanford, L.P.)
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911032 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Run: [Dropbox Update] => C:\Users\bibblebucket1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
AppInit_DLLs: C:\Program Files => C:\Program Files [0 2015-07-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-07-15]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-07-15]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\bibblebucket1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\bibblebucket1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-04-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> DefaultScope {B61B11C7-4BFF-43C4-8A1E-B8F2948AA5C3} URL =
SearchScopes: HKU\S-1-5-21-515815168-1746495529-2309485121-1001 -> {EF878356-A90F-4751-9908-9086B52C0B5C} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-03-03] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-14] (Qualcomm Atheros Commnucations)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-12] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-12] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-17] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-17] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{152FD92D-6987-4A1F-8044-509E0CC6AD51}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{58FE4501-52FE-47DF-B17F-2375240D7896}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{5D5A3753-FE3D-4867-94BA-9A7CE4E7645C}: [DhcpNameServer] 8.8.8.8
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2011-01-28] ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-28] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-515815168-1746495529-2309485121-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\bibblebucket1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-10-03] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-28] ()

Chrome:
=======
CHR Profile: C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-23]
CHR Extension: (Google Drive) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-23]
CHR Extension: (YouTube) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-23]
CHR Extension: (Google Search) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-23]
CHR Extension: (Norton Identity Safe) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Norton Security Toolbar) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-07-05]
CHR Extension: (Google Wallet) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\bibblebucket1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2013-09-28] (Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246464 2015-06-12] (Synaptics Incorporated)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-06] (Western Digital)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [X]
S2 HssWd; "C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe"  -product hss [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 11:23 - 2015-07-22 11:23 - 00025714 _____ C:\Users\bibblebucket1\Desktop\FRST.txt
2015-07-22 11:00 - 2015-07-22 11:00 - 00000000 ___RD C:\Users\bibblebucket1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-07-22 10:56 - 2015-07-22 10:56 - 00281160 _____ C:\WINDOWS\Minidump\072215-92906-01.dmp
2015-07-22 09:51 - 2015-07-22 09:51 - 00852676 _____ C:\Users\bibblebucket1\Desktop\SecurityCheck.exe
2015-07-20 20:37 - 2015-07-20 20:37 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-20 09:56 - 2015-07-20 09:56 - 00000000 ____D C:\Users\bibblebucket1\Documents\Add-in Express
2015-07-20 09:28 - 2015-07-20 13:44 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-20 09:28 - 2015-07-20 09:28 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-20 09:28 - 2015-07-20 09:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-20 09:27 - 2015-07-20 09:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-20 09:27 - 2015-07-20 09:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-20 09:27 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-07-20 09:27 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-20 09:27 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-20 09:17 - 2015-07-20 09:17 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\bibblebucket1\Desktop\mbam-setup-2.1.8.1057.exe
2015-07-19 20:59 - 2015-07-19 20:59 - 01798288 _____ (Malwarebytes Corporation) C:\Users\bibblebucket1\Desktop\JRT.exe
2015-07-19 20:39 - 2015-07-19 20:49 - 00000000 ____D C:\AdwCleaner
2015-07-19 20:38 - 2015-07-19 20:38 - 02248704 _____ C:\Users\bibblebucket1\Desktop\AdwCleaner.exe
2015-07-19 18:11 - 2015-07-22 11:22 - 00000000 ____D C:\Users\bibblebucket1\Desktop\FRST-OlderVersion
2015-07-19 18:09 - 2015-07-19 18:09 - 00001321 _____ C:\Users\bibblebucket1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton Online Backup.lnk
2015-07-19 17:57 - 2015-07-19 17:58 - 00281160 _____ C:\WINDOWS\Minidump\071915-131062-01.dmp
2015-07-17 12:19 - 2015-07-17 12:20 - 00281160 _____ C:\WINDOWS\Minidump\071715-335187-01.dmp
2015-07-16 12:00 - 2014-11-04 20:25 - 00059712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-07-16 12:00 - 2014-11-04 20:25 - 00051008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-07-16 12:00 - 2014-11-04 07:55 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-16 12:00 - 2014-11-04 07:54 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-07-16 12:00 - 2014-11-04 07:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-16 12:00 - 2014-11-04 07:54 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-16 11:59 - 2015-04-30 00:22 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-07-16 11:58 - 2015-05-03 01:39 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-07-16 11:56 - 2015-05-07 16:21 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-07-16 11:56 - 2015-05-07 16:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-07-16 11:51 - 2015-05-07 18:50 - 22292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-07-16 11:50 - 2015-05-07 17:53 - 19734960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-07-16 11:49 - 2015-06-25 03:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-16 11:49 - 2015-05-07 18:00 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-16 11:49 - 2015-05-07 17:12 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-16 11:48 - 2015-07-22 11:22 - 02135552 _____ (Farbar) C:\Users\bibblebucket1\Desktop\FRST64.exe
2015-07-16 11:46 - 2015-05-11 19:17 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-07-16 11:44 - 2015-07-22 11:24 - 00000000 ____D C:\FRST
2015-07-16 11:43 - 2015-05-03 16:09 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 11:43 - 2015-05-03 15:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 11:43 - 2015-05-03 15:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-07-16 11:43 - 2015-05-03 15:49 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-07-16 11:43 - 2015-04-25 03:25 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-16 11:42 - 2015-06-15 21:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-16 11:41 - 2015-06-15 23:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-16 11:41 - 2015-06-15 23:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-16 11:41 - 2015-06-15 22:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-16 11:41 - 2015-06-15 22:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-16 11:41 - 2015-06-15 20:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-16 09:35 - 2015-06-28 06:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-16 09:34 - 2015-06-27 03:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-16 09:29 - 2015-06-27 04:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-16 09:28 - 2015-06-28 06:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-16 09:27 - 2015-06-27 04:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-16 09:26 - 2015-06-27 02:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-16 09:24 - 2015-06-27 04:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-16 09:21 - 2015-06-28 06:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-16 09:19 - 2015-06-27 17:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-16 09:07 - 2015-06-28 06:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-16 08:58 - 2015-06-27 03:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-16 08:48 - 2015-06-27 03:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-16 08:36 - 2015-06-27 02:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-16 01:16 - 2015-05-30 20:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-16 01:08 - 2015-05-30 20:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-16 00:32 - 2015-05-30 22:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-15 23:14 - 2015-07-03 14:50 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-15 23:05 - 2015-07-03 14:52 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-15 22:51 - 2015-07-03 14:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-15 22:42 - 2015-07-03 14:50 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-15 22:28 - 2015-07-01 23:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-15 22:17 - 2015-07-01 22:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-15 21:42 - 2015-07-09 17:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-15 21:42 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-15 21:41 - 2015-07-09 16:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-15 21:36 - 2015-07-09 16:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-15 21:27 - 2015-07-09 16:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-15 21:18 - 2015-07-09 20:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-15 21:09 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-15 21:00 - 2015-07-09 16:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-15 20:57 - 2015-07-09 16:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-15 20:55 - 2015-07-09 16:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-15 20:46 - 2015-07-09 16:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-15 20:38 - 2015-07-09 16:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-15 20:29 - 2015-07-09 16:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-15 20:24 - 2015-07-09 16:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-15 20:13 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-15 20:09 - 2015-06-27 04:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-15 18:51 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-15 18:50 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-15 18:48 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-15 18:47 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-15 18:47 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-15 18:47 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-15 18:47 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-15 18:47 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-15 18:38 - 2015-06-15 23:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-15 18:38 - 2015-06-15 22:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-15 18:38 - 2015-06-15 22:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-15 18:38 - 2015-06-15 22:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-15 18:38 - 2015-06-15 21:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-15 18:38 - 2015-06-15 21:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-15 18:38 - 2015-06-15 21:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-15 18:37 - 2015-06-15 23:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-15 18:37 - 2015-06-15 23:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-15 18:37 - 2015-06-15 23:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-15 18:37 - 2015-06-15 23:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-15 18:37 - 2015-06-15 22:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-15 18:37 - 2015-06-15 22:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-15 18:37 - 2015-06-15 22:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-15 18:37 - 2015-06-15 22:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-15 18:37 - 2015-06-15 22:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-15 18:37 - 2015-06-15 22:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-15 18:37 - 2015-06-15 22:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-15 18:37 - 2015-06-15 22:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-15 18:37 - 2015-06-15 22:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-15 18:37 - 2015-06-15 22:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-15 18:37 - 2015-06-15 22:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-15 18:37 - 2015-06-15 21:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-15 18:37 - 2015-06-15 21:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-15 18:37 - 2015-06-15 21:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-15 18:37 - 2015-06-15 21:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-15 18:37 - 2015-06-15 21:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-15 18:37 - 2015-06-15 21:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-15 18:37 - 2015-06-15 21:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-15 18:37 - 2015-06-15 21:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-15 18:37 - 2015-06-15 21:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-15 18:37 - 2015-06-15 21:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-15 18:37 - 2015-06-15 21:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-15 18:36 - 2015-05-11 17:34 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-07-15 18:35 - 2015-06-16 06:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-15 18:35 - 2015-06-16 06:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-15 18:35 - 2015-06-11 04:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-15 18:35 - 2015-06-10 17:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-15 18:35 - 2015-05-12 14:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-07-15 18:35 - 2015-05-07 17:47 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-07-15 18:35 - 2015-05-03 16:07 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-07-15 18:35 - 2015-05-03 15:57 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-07-15 18:35 - 2015-05-02 00:33 - 00410739 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-07-15 18:35 - 2015-04-28 14:13 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-07-15 18:35 - 2015-04-28 14:13 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-07-15 18:35 - 2015-04-23 16:47 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-15 18:35 - 2015-04-23 16:16 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-15 18:09 - 2015-07-15 18:09 - 00002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-07-15 18:09 - 2015-07-15 18:09 - 00002289 _____ C:\Users\Public\Desktop\WinZip.lnk
2015-07-15 18:09 - 2015-07-15 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-07-15 18:08 - 2015-07-15 18:11 - 00000000 ____D C:\Users\bibblebucket1\AppData\Local\WinZip
2015-07-15 18:06 - 2015-07-15 18:08 - 00000000 ____D C:\Program Files\WinZip
2015-07-14 14:35 - 2015-07-14 14:35 - 00001015 _____ C:\Users\bibblebucket1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\under the dome s1.lnk
2015-07-13 05:51 - 2015-07-13 05:52 - 00281216 _____ C:\WINDOWS\Minidump\071315-138625-01.dmp
2015-07-12 19:07 - 2015-07-12 19:08 - 00000000 ____D C:\Users\bibblebucket1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-07 22:44 - 2015-07-07 22:48 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-07-07 22:44 - 2015-07-07 22:48 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-07-07 22:32 - 2015-07-15 16:28 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-06 05:54 - 2015-07-06 05:56 - 00281160 _____ C:\WINDOWS\Minidump\070615-94906-01.dmp
2015-07-01 10:51 - 2015-07-01 10:52 - 00281160 _____ C:\WINDOWS\Minidump\070115-88718-01.dmp
2015-06-29 19:05 - 2015-06-29 19:05 - 00002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-06-24 21:34 - 2015-06-24 21:50 - 00014887 ____H C:\Users\bibblebucket1\Desktop\~WRL0301.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-22 11:20 - 2014-08-04 13:39 - 01737192 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-22 11:20 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-22 11:16 - 2013-08-23 20:35 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-515815168-1746495529-2309485121-1001
2015-07-22 11:12 - 2013-08-23 20:36 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-22 11:06 - 2012-09-19 03:50 - 00000000 ____D C:\ProgramData\WinClon
2015-07-22 11:03 - 2013-08-23 20:28 - 00000000 ____D C:\Users\bibblebucket1\AppData\Local\CrashDumps
2015-07-22 11:01 - 2013-10-23 20:17 - 00000000 ___RD C:\Users\bibblebucket1\Dropbox
2015-07-22 11:01 - 2013-10-23 20:11 - 00000000 ____D C:\Users\bibblebucket1\AppData\Roaming\Dropbox
2015-07-22 11:00 - 2013-08-23 20:36 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-22 11:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-22 11:00 - 2012-09-19 03:58 - 00000360 _____ C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2015-07-22 10:57 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-22 10:56 - 2014-08-10 17:50 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-22 10:56 - 2014-07-25 11:37 - 624347526 _____ C:\WINDOWS\MEMORY.DMP
2015-07-22 10:56 - 2013-08-22 15:46 - 00375582 _____ C:\WINDOWS\setupact.log
2015-07-22 10:33 - 2014-07-27 10:29 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-22 10:33 - 2014-07-27 10:29 - 00002039 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2015-07-22 10:30 - 2014-12-29 11:00 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-22 10:15 - 2014-08-04 12:54 - 00000000 ____D C:\Users\bibblebucket1
2015-07-22 10:10 - 2014-03-18 09:16 - 00798856 _____ C:\WINDOWS\PFRO.log
2015-07-22 09:57 - 2015-06-18 07:45 - 00000976 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001UA.job
2015-07-22 07:50 - 2015-06-18 07:45 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001Core.job
2015-07-20 17:56 - 2015-06-18 07:45 - 00003558 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001Core
2015-07-20 13:41 - 2014-03-18 16:26 - 00338232 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-20 13:33 - 2013-08-22 15:44 - 03086272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-20 13:31 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-07-20 13:27 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-20 13:27 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-07-19 20:31 - 2014-09-08 20:07 - 00068096 ___SH C:\Users\bibblebucket1\Desktop\Thumbs.db
2015-07-19 17:56 - 2014-07-03 10:19 - 00000000 ____D C:\Program Files (x86)\Norton 360
2015-07-19 17:52 - 2015-06-18 07:45 - 00003938 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001UA
2015-07-19 17:49 - 2014-07-03 10:19 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2015-07-19 17:48 - 2014-07-03 10:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-07-19 17:47 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-19 17:47 - 2012-07-26 09:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-07-19 17:33 - 2014-12-13 10:01 - 00000000 ____D C:\Users\bibblebucket1\AppData\Roaming\BitTorrent
2015-07-19 17:15 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-17 09:58 - 2015-04-05 06:33 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-17 09:58 - 2015-04-05 06:33 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-16 22:09 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-07-16 19:04 - 2013-09-28 10:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-16 15:28 - 2013-08-24 17:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-16 06:07 - 2013-08-23 20:36 - 00003904 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 06:06 - 2013-08-23 20:36 - 00003668 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 18:10 - 2014-11-03 17:52 - 00000000 ____D C:\ProgramData\WinZip
2015-07-14 15:46 - 2013-08-23 20:37 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-14 00:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\tracing
2015-07-13 22:10 - 2015-06-14 14:11 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 22:10 - 2015-06-14 14:11 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-08 10:30 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-05 11:08 - 2014-07-03 10:07 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-03 17:50 - 2015-03-02 00:08 - 00000000 ____D C:\Users\bibblebucket1\Desktop\invoices
2015-07-03 08:43 - 2013-08-24 17:53 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-01 10:01 - 2014-07-05 10:20 - 00000000 ____D C:\Users\bibblebucket1\AppData\Roaming\vlc
2015-06-29 19:04 - 2013-08-23 20:36 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-29 00:53 - 2014-08-25 19:30 - 00000212 _____ C:\Users\bibblebucket1\AppData\Roaming\WB.CFG
2015-06-25 17:42 - 2015-01-04 16:22 - 00001800 _____ C:\WINDOWS\BRRBCOM.INI

==================== Files in the root of some directories =======

2014-06-22 13:58 - 2014-06-22 14:00 - 0028456 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2014-08-25 19:30 - 2015-06-29 00:53 - 0000212 _____ () C:\Users\bibblebucket1\AppData\Roaming\WB.CFG
2014-12-02 19:53 - 2014-12-17 19:53 - 0000010 _____ () C:\Users\bibblebucket1\AppData\Local\DSI.DAT
2014-10-02 16:44 - 2014-10-02 16:44 - 0000000 _____ () C:\Users\bibblebucket1\AppData\Local\{8CC977A3-DDC4-4A18-9AD9-7AF6007B92EF}
2014-08-22 21:37 - 2014-08-22 21:37 - 0000000 _____ () C:\Users\bibblebucket1\AppData\Local\{D6242BCA-071C-430A-8C98-E56B7D61DDBF}
2012-09-19 03:58 - 2012-08-08 05:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-09-19 03:58 - 2012-08-07 11:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe

Some files in TEMP:
====================
C:\Users\bibblebucket1\AppData\Local\Temp\22859uninstall.exe
C:\Users\bibblebucket1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppiqpcb.dll
C:\Users\bibblebucket1\AppData\Local\Temp\Quarantine.exe
C:\Users\bibblebucket1\AppData\Local\Temp\Sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-22 11:17

==================== End of log ============================

 

 

 

 

addition  log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by bibblebucket1 at 2015-07-22 11:33:07
Running from C:\Users\bibblebucket1\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-515815168-1746495529-2309485121-500 - Administrator - Disabled)
bibblebucket1 (S-1-5-21-515815168-1746495529-2309485121-1001 - Administrator - Enabled) => C:\Users\bibblebucket1
fbwuser (S-1-5-21-515815168-1746495529-2309485121-1004 - Limited - Disabled) => C:\Users\fbwuser
fbwuser0B88 (S-1-5-21-515815168-1746495529-2309485121-1008 - Limited - Disabled) => C:\Users\fbwuser0B88
fbwuser124E (S-1-5-21-515815168-1746495529-2309485121-1012 - Limited - Disabled) => C:\Users\fbwuser124E
fbwuser5406 (S-1-5-21-515815168-1746495529-2309485121-1009 - Limited - Disabled) => C:\Users\fbwuser5406
fbwuser82D0 (S-1-5-21-515815168-1746495529-2309485121-1010 - Limited - Disabled) => C:\Users\fbwuser82D0
fbwuserC806 (S-1-5-21-515815168-1746495529-2309485121-1011 - Limited - Disabled) => C:\Users\fbwuserC806
fbwuserF244 (S-1-5-21-515815168-1746495529-2309485121-1013 - Limited - Disabled) => C:\Users\fbwuserF244
Guest (S-1-5-21-515815168-1746495529-2309485121-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-515815168-1746495529-2309485121-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.2.443 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.1.0.5790 - Adobe Systems Inc.)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_7e74552a59eaf9fafd13f90894ac9bd) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}) (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
Amazon Kindle (HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Amazon Kindle) (Version:  - Amazon)
AMD Catalyst Install Manager (HKLM\...\{8C6A4815-2E50-7B6E-9159-6608871EB5BF}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avery Wizard 5.0 (HKLM\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
AVG PC TuneUp 2014 (en-GB) (x32 Version: 14.0.1001.423 - AVG) Hidden
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.423 - AVG) Hidden
Brother MFL-Pro Suite DCP-J4120DW (HKLM-x32\...\{7FC49664-DAA4-4E7C-ADD0-614ABB43691B}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
Clip2Net 0.9.4b (HKLM-x32\...\Clip2Net_is1) (Version:  - AU78)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.3.0.1242 - Sanford, L.P.)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
Elite Dangerous Launcher version 0.4.1765.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.1765.0 - Frontier Developments)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Help Desk (HKLM\...\{D93F0B49-12AA-4AE6-8349-0ECB13B9532F}) (Version: 1.0.5 - Samsung Electronics CO., LTD.)
Hotspot Shield 4.15 (HKLM-x32\...\HotspotShield) (Version: 4.15 - AnchorFree Inc.)
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4461 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\SOE-PlanetSide 2 PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.209 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.6.5 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.0.7 - Samsung Electronics CO., LTD.) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Support Center (HKLM\...\{AC0273F1-68A3-42CF-B487-C594B0A92F8D}) (Version: 2.0.12 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.3 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{391A07F0-748F-474F-986C-F03934F98F6E}) (Version: 2.0.19 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.11.1 - Synaptics Incorporated)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Unity Web Player (HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD Drive Utilities (HKLM-x32\...\{72E40002-8CEC-47C1-A099-83AC8E173BF0}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{83270912-15C7-4336-822E-E8F1B1BBCA60}) (Version: 1.0.3.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Avery\Avery Wizard 5.0\AvWizRes.dll (Avery Products Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Avery\Avery Wizard 5.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-515815168-1746495529-2309485121-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

22-07-2015 11:18:04 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07736EE8-2192-4E15-A52B-5C7F16BCC854} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-09-17] (SEC)
Task: {136B747D-E273-44A7-B884-43549BDABE9A} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {1FE52322-05CF-4B86-88C2-230B4C1F5993} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {2AA17891-BAC0-491F-9269-913D94E05CD2} - System32\Tasks\SWUpdateAgent => C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-09-14] (Samsung Electronics CO., LTD.)
Task: {3937CFCF-EECD-4C0F-97ED-1282DA2C8671} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {393C10C2-F4C3-4089-BD9A-A6AB5606FDA3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {46E957D8-F993-416F-A946-500C7E809BD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {55117C80-DC4A-4F97-AD02-EE4ACC359019} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\msoia.exe
Task: {6258514D-6D79-48CB-82F7-84351242B84C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001Core => C:\Users\bibblebucket1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {84519659-0E6A-4C20-AC3E-902EEA032291} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-12] (Synaptics Incorporated)
Task: {9156DACE-469B-48C9-B8BC-4472E1B779D0} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {9B18EC55-2BE6-4215-B2DD-3EF892506C65} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23] (Google Inc.)
Task: {B8DFA1EA-8260-41F2-8276-C7D4E2C68213} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2012-08-17] (Samsung Electronics CO., LTD.)
Task: {BDF08D92-A75C-4D0B-9C0A-B6C8FC47CE3C} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {D38908C0-0CE1-481E-910E-92AD310CF7FF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001UA => C:\Users\bibblebucket1\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {DAB0BD5C-A8B2-4014-A140-9EB78B35E244} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {DCD799A5-ACB2-472A-9579-007056ED000A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\msoia.exe
Task: {F9469DEE-F7E3-45BD-BB1F-4FDF8BA0A0CC} - System32\Tasks\MakeMarkerFile => %ProgramData%\MakeMarkerFile.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001Core.job => C:\Users\bibblebucket1\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-515815168-1746495529-2309485121-1001UA.job => C:\Users\bibblebucket1\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-01-04 16:18 - 2005-04-22 05:36 - 00143360 ____R () C:\WINDOWS\system32\BrSNMP64.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-08-06 13:47 - 2014-03-12 20:09 - 08884904 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-09-14 04:42 - 2012-09-14 04:42 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2014-07-04 21:33 - 2014-07-04 21:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 01012856 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-09-05 08:50 - 2012-09-05 08:50 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2011-01-28 20:14 - 2011-01-28 20:14 - 00094208 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2015-07-22 11:00 - 2015-07-22 11:00 - 00043008 _____ () c:\Users\bibblebucket1\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppiqpcb.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00750080 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00047616 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00865280 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00200704 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-07-12 19:07 - 2015-03-19 08:15 - 00010240 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 22:45 - 2015-03-19 08:15 - 00726016 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-12 19:07 - 2015-03-19 08:15 - 00010240 _____ () C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2012-09-19 03:55 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 03:34 - 2012-06-08 03:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-01-04 16:15 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-07-22 09:51 - 2015-07-22 09:51 - 00852676 _____ () C:\Users\bibblebucket1\Desktop\SecurityCheck.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\sharepoint.com -> hxxps://maidenhillschool.sharepoint.com
IE trusted site: HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\sony.com -> sony.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-515815168-1746495529-2309485121-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "vProt"
HKLM\...\StartupApproved\Run32: => "Communicator"
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-515815168-1746495529-2309485121-1001\...\StartupApproved\Run: => "AdobeBridge"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CD84EDE2-D3FF-4C03-8B9C-CF9CF89BDA70}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{80CE6C2D-BB58-40AE-8C44-C47A954B2B27}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [UDP Query User{93EEFD9C-A222-4B43-BF15-FE8B452F2C43}C:\program files (x86)\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [TCP Query User{9945D442-C992-4851-98FC-D35A4EBA00BF}C:\program files (x86)\tera\tera-launcher.exe] => (Allow) C:\program files (x86)\tera\tera-launcher.exe
FirewallRules: [UDP Query User{712D58E0-8DD6-470C-B5C5-0C64A7B73CF8}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{6F375649-5463-4869-9F94-33792DC721D6}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{37F31F80-AB52-48A8-88E8-75A9CA301C98}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C6B33620-E856-490E-A192-B1AC863C92B5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{257F3770-2BBC-44FA-852D-969657E4B624}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{A0516878-FD5E-46EA-B476-09A587829C52}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{F666ADDC-B153-4685-A8D8-0D03F9C777E0}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{185B11D0-D313-4017-8F2E-DA9E3A2DF920}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{1C089CB7-FC2E-4E04-9580-A6487B6A4419}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [TCP Query User{89D19706-000D-4CA3-BC12-6D20518273D6}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe] => (Allow) C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe
FirewallRules: [UDP Query User{8998C44D-964E-460A-A2A8-93A03FE78AA4}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{18D631FB-4704-4D2F-8E40-5E8CDC41F6CC}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{0C1EAB3A-94DA-4828-BA45-E7296B5AEF72}C:\users\bibblebucket1\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\bibblebucket1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{4B0584C2-A8F3-4C48-91D0-0164B7E0D1CE}C:\users\bibblebucket1\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\bibblebucket1\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F9768D2D-73A4-44D8-881E-7156B2BBAB86}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{854716D8-D445-47C1-8DF4-D1ED29963FFC}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{6A769E86-EFE3-46C2-B027-6F702817C49E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{8B493322-C4DD-4D70-9F8C-A7EC3515C409}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E30A0338-220F-48BA-94D0-FB49042DDA7F}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1558A73A-BDD2-4F0C-AF81-36EBE56B35DD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{040BA406-EBD2-49BC-A5A4-53FC9969EFFF}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [{C4E9308E-3320-4AD3-8B00-3D3200758994}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
FirewallRules: [{DB4A51DB-69CE-48B3-A7DF-DD4376860297}] => (Allow) LPort=51001
FirewallRules: [{FC83AFD7-4800-4F7B-B86F-94F4F06106F3}] => (Allow) LPort=51000
FirewallRules: [{732D7ACC-72E4-4D4A-B8B5-567393AB747C}] => (Allow) LPort=3704
FirewallRules: [{6D66E561-FA0A-46F2-91E7-476FEE987CB0}] => (Allow) LPort=3703
FirewallRules: [{783B7B83-61F7-4924-9810-70C7A6500AD9}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{78233243-38FE-4D34-B665-469139AA2735}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
FirewallRules: [{6659F786-D7F8-4453-83E8-809975C07929}] => (Allow) LPort=5353
FirewallRules: [{791BF3F4-85F5-4524-8478-F88C78ECAC34}] => (Allow) C:\Users\bibblebucket1\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AD163CF9-710D-47B5-8D5C-ADC9EA3D3BA7}] => (Allow) C:\Users\bibblebucket1\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1F2CE9B7-6B61-4F5B-A09C-8D65E48B87B7}] => (Allow) LPort=1900
FirewallRules: [{01004575-EDC3-46D4-AB0C-C9D6CC74F459}] => (Allow) LPort=2869
FirewallRules: [{8CA8B631-F2D8-48EE-A7AC-032E71050173}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{56E1CFC4-48E3-4BAB-A573-3C9B21EA376A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{0189B57F-AEAF-4419-AFF4-1CC3C37B365B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{9975384C-9363-4B02-BFE1-4C83613C4B7A}] => (Allow) C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{ECE0790F-A91B-4303-8A60-6953AA97C1EF}] => (Allow) C:\Users\bibblebucket1\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B4CE0025-741F-4E7D-B269-EF21B8045B93}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{4B6B6EF5-D9E8-47DE-A5ED-3C157B84BD23}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
FirewallRules: [{A0AD0112-C28F-485E-83C0-8C55475E4BC7}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe
FirewallRules: [{DAEE4BFC-846F-45FD-81EE-97198FFDCE5D}] => (Allow) C:\Users\bibblebucket1\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{7698D9DF-2F4E-41A9-A172-A92B8F0BCBB2}] => (Allow) C:\Users\bibblebucket1\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{6514FA54-A7E9-4DB2-848D-B90AB7964447}C:\users\bibblebucket1\appdata\local\frontier_developments\products\forc-fdev-d-1003\elitedangerous32.exe] => (Allow) C:\users\bibblebucket1\appdata\local\frontier_developments\products\forc-fdev-d-1003\elitedangerous32.exe
FirewallRules: [UDP Query User{EB985AE2-4F7C-4D44-8698-D4B29C5B61EA}C:\users\bibblebucket1\appdata\local\frontier_developments\products\forc-fdev-d-1003\elitedangerous32.exe] => (Allow) C:\users\bibblebucket1\appdata\local\frontier_developments\products\forc-fdev-d-1003\elitedangerous32.exe
FirewallRules: [{2A867EE9-EC82-4B9A-8F42-1421EFABE64B}] => (Allow) LPort=54925
FirewallRules: [{978DC8CD-C0BA-4C39-B2B2-4DC31738790E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/22/2015 11:02:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Faulting module name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Exception code: 0x40000015
Fault offset: 0x0000000000183835
Faulting process ID: 0xfcc
Faulting application start time: 0xCommonAgent.exe0
Faulting application path: CommonAgent.exe1
Faulting module path: CommonAgent.exe2
Report ID: CommonAgent.exe3
Faulting package full name: CommonAgent.exe4
Faulting package-relative application ID: CommonAgent.exe5

Error: (07/22/2015 11:02:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Faulting module name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Exception code: 0x40000015
Fault offset: 0x0000000000183835
Faulting process ID: 0x644
Faulting application start time: 0xCommonAgent.exe0
Faulting application path: CommonAgent.exe1
Faulting module path: CommonAgent.exe2
Report ID: CommonAgent.exe3
Faulting package full name: CommonAgent.exe4
Faulting package-relative application ID: CommonAgent.exe5

Error: (07/22/2015 11:02:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Exception code: 0xc0000417
Fault offset: 0x000000000014d7cc
Faulting process ID: 0xea8
Faulting application start time: 0xMakeMarkerFile.exe0
Faulting application path: MakeMarkerFile.exe1
Faulting module path: MakeMarkerFile.exe2
Report ID: MakeMarkerFile.exe3
Faulting package full name: MakeMarkerFile.exe4
Faulting package-relative application ID: MakeMarkerFile.exe5

Error: (07/22/2015 10:17:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Faulting module name: CommonAgent.exe, version: 1.0.7.5, time stamp: 0x502ddd20
Exception code: 0x40000015
Fault offset: 0x0000000000183835
Faulting process ID: 0xf94
Faulting application start time: 0xCommonAgent.exe0
Faulting application path: CommonAgent.exe1
Faulting module path: CommonAgent.exe2
Report ID: CommonAgent.exe3
Faulting package full name: CommonAgent.exe4
Faulting package-relative application ID: CommonAgent.exe5

Error: (07/22/2015 10:15:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Faulting module name: MakeMarkerFile.exe, version: 1.0.0.2, time stamp: 0x5021e5e8
Exception code: 0xc0000417
Fault offset: 0x000000000014d7cc
Faulting process ID: 0xe8c
Faulting application start time: 0xMakeMarkerFile.exe0
Faulting application path: MakeMarkerFile.exe1
Faulting module path: MakeMarkerFile.exe2
Report ID: MakeMarkerFile.exe3
Faulting package full name: MakeMarkerFile.exe4
Faulting package-relative application ID: MakeMarkerFile.exe5

Error: (07/22/2015 10:13:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDBackupEngine.exe, version: 1.6.4.4, time stamp: 0x505a9648
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process ID: 0xc8c
Faulting application start time: 0xWDBackupEngine.exe0
Faulting application path: WDBackupEngine.exe1
Faulting module path: WDBackupEngine.exe2
Report ID: WDBackupEngine.exe3
Faulting package full name: WDBackupEngine.exe4
Faulting package-relative application ID: WDBackupEngine.exe5

Error: (07/22/2015 10:13:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Data.SQLite.SQLiteConnection.CheckDisposed()
   at System.Data.SQLite.SQLiteConnection.get_State()
   at WDIO.DBFile.Close()
   at WDIO.ManifestManager.!ManifestManager()
   at WDIO.ManifestManager.Dispose(Boolean)
   at WDIO.ManifestManager.Finalize()

Error: (07/22/2015 10:12:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WDBackupEngine.exe, version: 1.6.4.4, time stamp: 0x505a9648
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54504ade
Exception code: 0xe0434352
Fault offset: 0x00014598
Faulting process ID: 0x848
Faulting application start time: 0xWDBackupEngine.exe0
Faulting application path: WDBackupEngine.exe1
Faulting module path: WDBackupEngine.exe2
Report ID: WDBackupEngine.exe3
Faulting package full name: WDBackupEngine.exe4
Faulting package-relative application ID: WDBackupEngine.exe5

Error: (07/22/2015 10:12:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Data.SQLite.SQLiteConnection.CheckDisposed()
   at System.Data.SQLite.SQLiteConnection.get_State()
   at WDIO.DBFile.Close()
   at WDIO.ManifestManager.!ManifestManager()
   at WDIO.ManifestManager.Dispose(Boolean)
   at WDIO.ManifestManager.Finalize()

Error: (07/21/2015 06:48:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Map.exe version 2.1.3230.2048 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d3c

Start Time: 01d0c3d7a1e7bdd3

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.BingMaps_2.1.3230.2048_x64__8wekyb3d8bbwe\Map.exe

Report Id: e99585bd-2fca-11e5-801c-50b7c357ec82

Faulting package full name: Microsoft.BingMaps_2.1.3230.2048_x64__8wekyb3d8bbwe

Faulting package-relative application ID: AppexMaps

System errors:
=============
Error: (07/22/2015 11:36:14 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Access 2013 (KB3054950) 64-Bit Edition.

Error: (07/22/2015 11:36:14 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2013 (KB2899498) 64-Bit Edition.

Error: (07/22/2015 11:36:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Publisher 2013 (KB2883048) 64-Bit Edition.

Error: (07/22/2015 11:36:05 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft Office 2013 (KB3039782) 64-Bit Edition.

Error: (07/22/2015 11:35:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2013 (KB2975869) 64-Bit Edition.

Error: (07/22/2015 11:35:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2013 (KB3054925) 64-Bit Edition.

Error: (07/22/2015 11:35:13 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft Office 2013 (KB2881076) 64-Bit Edition.

Error: (07/22/2015 11:35:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Security Update for Microsoft Office 2013 (KB2956151) 64-Bit Edition.

Error: (07/22/2015 11:34:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070663: Update for Microsoft OneNote 2013 (KB3054936) 64-Bit Edition.

Error: (07/22/2015 11:34:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0831: Update for Windows 8.1 for x64-based Systems (KB2976978).

Microsoft Office:
=========================
Error: (07/22/2015 11:02:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd20400000150000000000183835fcc01d0c465916dbf75C:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exed3dc9e84-3058-11e5-801e-50b7c357ec82

Error: (07/22/2015 11:02:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd2040000015000000000018383564401d0c46532467132C:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exebae49d0f-3058-11e5-801e-50b7c357ec82

Error: (07/22/2015 11:02:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7ccea801d0c4650dbd46aeC:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exeb854f63b-3058-11e5-801e-50b7c357ec82

Error: (07/22/2015 10:17:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CommonAgent.exe1.0.7.5502ddd20CommonAgent.exe1.0.7.5502ddd20400000150000000000183835f9401d0c45f0b0ef5dfC:\Program Files\Samsung\S Agent\CommonAgent.exeC:\Program Files\Samsung\S Agent\CommonAgent.exe72956f09-3052-11e5-801d-50b7c357ec82

Error: (07/22/2015 10:15:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: MakeMarkerFile.exe1.0.0.25021e5e8MakeMarkerFile.exe1.0.0.25021e5e8c0000417000000000014d7cce8c01d0c45ee69c1313C:\ProgramData\MakeMarkerFile.exeC:\ProgramData\MakeMarkerFile.exe3cd096bc-3052-11e5-801d-50b7c357ec82

Error: (07/22/2015 10:13:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe1.6.4.4505a9648KERNELBASE.dll6.3.9600.1741554504adee043435200014598c8c01d0c45ea14821c1C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlle0e6f980-3051-11e5-801d-50b7c357ec82

Error: (07/22/2015 10:13:13 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Data.SQLite.SQLiteConnection.CheckDisposed()
   at System.Data.SQLite.SQLiteConnection.get_State()
   at WDIO.DBFile.Close()
   at WDIO.ManifestManager.!ManifestManager()
   at WDIO.ManifestManager.Dispose(Boolean)
   at WDIO.ManifestManager.Finalize()

Error: (07/22/2015 10:12:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: WDBackupEngine.exe1.6.4.4505a9648KERNELBASE.dll6.3.9600.1741554504adee04343520001459884801d0c45e88606d5bC:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlld1e3a76c-3051-11e5-801d-50b7c357ec82

Error: (07/22/2015 10:12:46 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: WDBackupEngine.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ObjectDisposedException
Stack:
   at System.Data.SQLite.SQLiteConnection.CheckDisposed()
   at System.Data.SQLite.SQLiteConnection.get_State()
   at WDIO.DBFile.Close()
   at WDIO.ManifestManager.!ManifestManager()
   at WDIO.ManifestManager.Dispose(Boolean)
   at WDIO.ManifestManager.Finalize()

Error: (07/21/2015 06:48:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Map.exe2.1.3230.2048d3c01d0c3d7a1e7bdd34294967295C:\Program Files\WindowsApps\Microsoft.BingMaps_2.1.3230.2048_x64__8wekyb3d8bbwe\Map.exee99585bd-2fca-11e5-801c-50b7c357ec82Microsoft.BingMaps_2.1.3230.2048_x64__8wekyb3d8bbweAppexMaps

CodeIntegrity Errors:
===================================
  Date: 2015-07-22 11:21:55.605
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-22 11:21:54.542
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-22 11:21:52.308
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-20 12:55:53.117
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-20 12:55:43.385
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-20 12:55:39.385
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-20 12:55:35.776
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-20 12:55:34.073
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-20 12:55:32.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-07-20 12:55:30.573
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A6-4400M APU with Radeon™ HD Graphics
Percentage of memory in use: 39%
Total physical RAM: 5595.1 MB
Available physical RAM: 3388.28 MB
Total Virtual: 11227.1 MB
Available Virtual: 8652.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:441.15 GB) (Free:214.86 GB) NTFS
Drive d: (My Disc) (CDROM) (Total:0.32 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 6A9FA048)

Partition: GPT Partition Type.

==================== End of log ============================

Thanks

 


  • 0

#9
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks for the information. Some of the Samsung software that came pre-installed on your computer is causing issues. We should uninstall them. I'll provide instructions below. If there are any you wish to keep please let me know which ones.

 

Please do the following.

 

Step#1 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

 

Allshare Play Link
E-POP
Easy File Share
Help Desk 
SW Update
User Guide
Support Center
Settings

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   271bytes   89 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

 

Items for your next post

1. Let me know how the uninstalls went

2. Fixlog.txt

3. Is your machine any better after this?
 


  • 0

#10
bibble

bibble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Hi,

all unistalls worked, I definatly working better, but there is still a little bit of lag between clicking and response when on ie.

here is the fis log:

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by bibblebucket1 at 2015-07-22 17:02:35 Run:2
Running from C:\Users\bibblebucket1\Desktop
Loaded Profiles: bibblebucket1 (Available Profiles: bibblebucket1 & fbwuser & fbwuser0B88 & fbwuser5406 & fbwuser82D0 & fbwuserC806 & fbwuser124E & fbwuserF244)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
AppInit_DLLs: C:\Program Files => C:\Program Files [0 2015-07-15] ()
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [X]
S2 HssWd; "C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe"  -product hss [X]
EmptyTemp:

*****************

Restore point was successfully created.
"C:\Program Files" => value data removed successfully.
HssTrayService => Service removed successfully
HssWd => Service removed successfully
EmptyTemp: => 1.2 GB temporary data Removed.


  • 0

Advertisements


#11
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

That's good news. Let's narrow down the issue with IE. Please do the following and let me know if your issues go away within IE.

 

Open IE in Safe Mode

1. Right-click on your Start button and choose Command Prompt (Admin). Answer Yes to allow if presented with a User Account Control prompt.

2. Copy and Paste the following into the command-prompt window and hit enter.

"C:\Program Files\Internet Explorer\iexplore.exe" -extoff 

 

3. Internet explorer will open and the page will say something like "Internet Explorer is currently running without add-ons."

4. Use this instance of Internet Explorer to browse/search and let me know if the issues you are experiencing are present or not.


  • 0

#12
bibble

bibble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

done that and it was definitely working faster without the addons.

so what do I do about the addons that ive got?

 

btw thank you so far for your help

 


  • 0

#13
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

My pleasure.

 

Let's see which Add-On is causing your issue. Disable one at a time or maybe half of them and then try using IE. Keep disabling until you narrow down which one it is. Please let me know.

  1. Open Internet Explorer.
  2. Tap or click the Tools button f2d3a394-a4c3-4747-989e-cf3f6b782b2f_43., and then tap or click Manage add-ons.
  3. Under Show, tap or click All add-ons, and then select the add-on you want to turn off.

  4. Tap or click Disable, and then tap or click Close.


  • 0

#14
bibble

bibble

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Hi,

well in the end ii disable quite a few add ons to get the speedup to happen, im afraid I lost track so not sure which add on was causing the trouble, but it looks to have been one of the windows ones


  • 0

#15
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

OK, good. Anything else I can assist with?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP