Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My daughter's PC slowing down with Win 10 [Solved]


  • This topic is locked This topic is locked

#1
dmcbass

dmcbass

    Member

  • Member
  • PipPipPip
  • 109 posts

Me again, here is the FRST logs for my daughter's PC:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Kim (administrator) on KIM-PC (10-02-2016 15:15:13)
Running from C:\Users\Kim\Downloads
Loaded Profiles: Kim (Available Profiles: Kim & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE
(Spotify Ltd) C:\Users\Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Spotify Ltd) C:\Users\Kim\AppData\Roaming\Spotify\Spotify.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Spotify Ltd) C:\Users\Kim\AppData\Roaming\Spotify\SpotifyCrashService.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Spotify Ltd) C:\Users\Kim\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Kim\AppData\Roaming\Spotify\Spotify.exe
(Curse, Inc) C:\Users\Kim\AppData\Roaming\Curse Client\Bin\Curse.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-24] (AVAST Software)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-2107817763-2323350340-3169641269-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [241280 2015-04-22] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2107817763-2323350340-3169641269-1000\...\Run: [Spotify Web Helper] => C:\Users\Kim\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-01-31] (Spotify Ltd)
HKU\S-1-5-21-2107817763-2323350340-3169641269-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-2107817763-2323350340-3169641269-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-2107817763-2323350340-3169641269-1000\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
HKU\S-1-5-21-2107817763-2323350340-3169641269-1000\...\Run: [Spotify] => C:\Users\Kim\AppData\Roaming\Spotify\Spotify.exe [8449136 2016-01-31] (Spotify Ltd)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [241280 2015-04-22] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-20] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-13]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-13]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2015-05-23]
ShortcutTarget: Curse.lnk -> C:\Users\Kim\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{0f54a57c-8089-4fb2-9180-a7671516d684}: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2107817763-2323350340-3169641269-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-20] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)

FireFox:
========
FF ProfilePath: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\iotybxm6.default
FF Homepage: hxxp://www.geekstogo.com/forum/
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-16]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-20]
CHR Extension: (Google Drive) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-24]
CHR Extension: (YouTube) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Google Docs Offline) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-24]
CHR Extension: (Avast Online Security) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-07-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDevice.exe [55336 2015-09-13] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-02-05] (NVIDIA Corporation)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-02-05] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-20] (AVAST Software)
R3 copperhd; C:\Windows\system32\drivers\copperhd.sys [13824 2006-05-24] (Razer (Asia-Pacific) Pte Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-02-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-10 15:15 - 2016-02-10 15:15 - 00013382 _____ C:\Users\Kim\Downloads\FRST.txt
2016-02-10 15:15 - 2016-02-10 15:15 - 00000000 ____D C:\FRST
2016-02-10 15:14 - 2016-02-10 15:15 - 02370560 _____ (Farbar) C:\Users\Kim\Downloads\FRST64.exe
2016-02-10 15:10 - 2016-02-10 15:10 - 00016148 _____ C:\WINDOWS\system32\KIM-PC_Kim_HistoryPrediction.bin
2016-02-09 14:49 - 2016-01-31 01:25 - 01951872 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-09 14:49 - 2016-01-31 01:25 - 01248896 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-09 14:49 - 2016-01-31 01:24 - 01824880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-09 14:49 - 2016-01-31 01:23 - 02601160 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-09 14:49 - 2016-01-31 01:23 - 01420392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-09 14:49 - 2016-01-31 01:06 - 01535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-09 14:49 - 2016-01-31 01:06 - 01531368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-09 14:49 - 2016-01-31 01:06 - 00809336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-09 14:49 - 2016-01-31 01:04 - 01811360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-09 14:49 - 2016-01-31 01:04 - 01180696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-09 14:49 - 2016-01-31 00:38 - 21873152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-09 14:49 - 2016-01-31 00:33 - 24593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-09 14:49 - 2016-01-31 00:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\IoTAssignedAccessLockFramework.dll
2016-02-09 14:49 - 2016-01-31 00:29 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-09 14:49 - 2016-01-31 00:29 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2016-02-09 14:49 - 2016-01-31 00:26 - 06787072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-02-09 14:49 - 2016-01-31 00:26 - 03793408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-02-09 14:49 - 2016-01-31 00:25 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-09 14:49 - 2016-01-31 00:25 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-09 14:49 - 2016-01-31 00:25 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-02-09 14:49 - 2016-01-31 00:25 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-09 14:49 - 2016-01-31 00:24 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-02-09 14:49 - 2016-01-31 00:24 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-02-09 14:49 - 2016-01-31 00:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-09 14:49 - 2016-01-31 00:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-02-09 14:49 - 2016-01-31 00:22 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-02-09 14:49 - 2016-01-31 00:20 - 02849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-09 14:49 - 2016-01-31 00:19 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-09 14:49 - 2016-01-31 00:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-02-09 14:49 - 2016-01-31 00:19 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-09 14:49 - 2016-01-31 00:18 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-09 14:49 - 2016-01-31 00:18 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-09 14:49 - 2016-01-31 00:17 - 19324928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-09 14:49 - 2016-01-31 00:17 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-09 14:49 - 2016-01-31 00:16 - 09889280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-09 14:49 - 2016-01-31 00:16 - 00950272 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-09 14:49 - 2016-01-31 00:14 - 07525376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-09 14:49 - 2016-01-31 00:14 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-09 14:49 - 2016-01-31 00:13 - 04791808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-09 14:49 - 2016-01-31 00:13 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2016-02-09 14:49 - 2016-01-31 00:13 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-09 14:49 - 2016-01-31 00:11 - 05156352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-02-09 14:49 - 2016-01-31 00:11 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-02-09 14:49 - 2016-01-31 00:11 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-09 14:49 - 2016-01-31 00:11 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-09 14:49 - 2016-01-31 00:07 - 18802176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-09 14:49 - 2016-01-31 00:06 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-09 14:49 - 2016-01-31 00:05 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-09 14:49 - 2016-01-31 00:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-09 14:49 - 2016-01-31 00:04 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-09 14:49 - 2016-01-31 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-09 14:49 - 2016-01-31 00:02 - 00768000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-09 14:49 - 2016-01-31 00:00 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-09 14:49 - 2016-01-30 23:59 - 05457408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-09 14:49 - 2016-01-30 23:58 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-09 14:48 - 2016-01-31 00:34 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-09 14:48 - 2016-01-31 00:05 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-01-28 16:37 - 2016-01-28 16:37 - 00000000 ____D C:\Users\Kim\Documents\League of Legends
2016-01-23 15:57 - 2016-01-23 15:57 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-01-23 15:57 - 2016-01-23 15:57 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-01-23 15:57 - 2016-01-23 15:57 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-01-23 15:57 - 2016-01-23 15:57 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-01-23 15:57 - 2016-01-23 15:57 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-01-23 15:57 - 2016-01-23 15:57 - 00000000 ____D C:\Users\DefaultAppPool
2016-01-23 15:57 - 2015-09-13 08:51 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-01-23 15:56 - 2016-01-23 15:56 - 00000000 ____D C:\Users\Kim\Documents\BnS
2016-01-23 15:56 - 2016-01-23 15:56 - 00000000 ____D C:\Users\Kim\AppData\Roaming\Awesomium
2016-01-23 15:56 - 2016-01-23 15:56 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2016-01-23 15:56 - 2016-01-09 10:39 - 03916368 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\GameMon.des
2016-01-23 15:56 - 2005-01-03 01:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\WINDOWS\SysWOW64\npptNT2.sys
2016-01-23 15:56 - 2003-07-18 16:17 - 00005174 _____ C:\WINDOWS\SysWOW64\nppt9x.vxd
2016-01-23 12:53 - 2016-01-23 12:53 - 00002307 _____ C:\Users\Public\Desktop\Blade & Soul.lnk
2016-01-23 12:53 - 2016-01-23 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-01-23 12:53 - 2016-01-23 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
2016-01-23 12:53 - 2016-01-23 12:53 - 00000000 ____D C:\Program Files (x86)\NCWest
2016-01-23 12:53 - 2016-01-23 12:53 - 00000000 ____D C:\Program Files (x86)\NCSOFT
2016-01-23 12:51 - 2016-01-23 12:52 - 225000432 _____ (NC Interactive, LLC ) C:\Users\Kim\Downloads\BnS_Lite_Installer.exe
2016-01-22 15:25 - 2016-01-22 15:25 - 00000000 ____D C:\Users\Kim\AppData\Roaming\NVIDIA
2016-01-12 15:36 - 2016-01-04 22:07 - 02463704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 15:36 - 2016-01-04 22:07 - 00377592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-12 15:36 - 2016-01-04 22:06 - 08022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 15:36 - 2016-01-04 22:06 - 01991120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-12 15:36 - 2016-01-04 22:06 - 01270104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 15:36 - 2016-01-04 22:06 - 01063504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-12 15:36 - 2016-01-04 22:06 - 00119800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 15:36 - 2016-01-04 22:04 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-01-12 15:36 - 2016-01-04 22:04 - 02641928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-12 15:36 - 2016-01-04 22:04 - 01591848 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 15:36 - 2016-01-04 22:04 - 01150816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-12 15:36 - 2016-01-04 22:04 - 00862056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 15:36 - 2016-01-04 22:04 - 00787720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 15:36 - 2016-01-04 22:04 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-12 15:36 - 2016-01-04 22:04 - 00779928 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-12 15:36 - 2016-01-04 22:04 - 00772448 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-12 15:36 - 2016-01-04 22:04 - 00751992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-12 15:36 - 2016-01-04 22:04 - 00667856 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 15:36 - 2016-01-04 22:04 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-12 15:36 - 2016-01-04 22:04 - 00249464 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-12 15:36 - 2016-01-04 22:04 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 15:36 - 2016-01-04 22:04 - 00233992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 15:36 - 2016-01-04 22:04 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-12 15:36 - 2016-01-04 22:04 - 00090912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-12 15:36 - 2016-01-04 22:04 - 00083704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-12 15:36 - 2016-01-04 21:59 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-01-12 15:36 - 2016-01-04 21:52 - 00441696 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-12 15:36 - 2016-01-04 21:50 - 01817064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 15:36 - 2016-01-04 21:50 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 15:36 - 2016-01-04 21:50 - 00723648 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 15:36 - 2016-01-04 21:50 - 00345080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-12 15:36 - 2016-01-04 21:50 - 00251544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-12 15:36 - 2016-01-04 21:50 - 00205072 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-12 15:36 - 2016-01-04 21:31 - 01365576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 15:36 - 2016-01-04 21:30 - 02459096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-12 15:36 - 2016-01-04 21:30 - 02162064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-12 15:36 - 2016-01-04 21:30 - 02152744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 15:36 - 2016-01-04 21:30 - 01106872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 15:36 - 2016-01-04 21:30 - 00882208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-12 15:36 - 2016-01-04 21:30 - 00368776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-12 15:36 - 2016-01-04 21:30 - 00232896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 15:36 - 2016-01-04 21:30 - 00100712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 15:36 - 2016-01-04 21:29 - 00208688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 15:36 - 2016-01-04 21:28 - 02445128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-01-12 15:36 - 2016-01-04 21:28 - 00714808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 15:36 - 2016-01-04 21:28 - 00696192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-12 15:36 - 2016-01-04 21:28 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 15:36 - 2016-01-04 21:28 - 00645144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-12 15:36 - 2016-01-04 21:28 - 00635312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-12 15:36 - 2016-01-04 21:28 - 00497896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 15:36 - 2016-01-04 21:28 - 00277400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-12 15:36 - 2016-01-04 21:28 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 15:36 - 2016-01-04 21:28 - 00107952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-12 15:36 - 2016-01-04 21:28 - 00082096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-12 15:36 - 2016-01-04 21:28 - 00072808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-12 15:36 - 2016-01-04 21:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-01-12 15:36 - 2016-01-04 21:15 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-01-12 15:36 - 2016-01-04 21:15 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 15:36 - 2016-01-04 21:15 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 15:36 - 2016-01-04 21:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2016-01-12 15:36 - 2016-01-04 21:10 - 00305776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-12 15:36 - 2016-01-04 21:10 - 00278424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-12 15:36 - 2016-01-04 21:10 - 00188032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-12 15:36 - 2016-01-04 21:09 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 15:36 - 2016-01-04 21:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 15:36 - 2016-01-04 21:02 - 01672192 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-12 15:36 - 2016-01-04 21:02 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 15:36 - 2016-01-04 21:02 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 15:36 - 2016-01-04 21:01 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 15:36 - 2016-01-04 21:00 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-12 15:36 - 2016-01-04 20:59 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 15:36 - 2016-01-04 20:57 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 15:36 - 2016-01-04 20:57 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 15:36 - 2016-01-04 20:57 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 15:36 - 2016-01-04 20:51 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 15:36 - 2016-01-04 20:51 - 01009664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 15:36 - 2016-01-04 20:51 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-12 15:36 - 2016-01-04 20:51 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-12 15:36 - 2016-01-04 20:51 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-12 15:36 - 2016-01-04 20:44 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 15:36 - 2016-01-04 20:44 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 15:36 - 2016-01-04 20:42 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 15:36 - 2016-01-04 20:38 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2016-01-12 15:36 - 2016-01-04 20:32 - 01541632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-12 15:36 - 2016-01-04 20:32 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 15:36 - 2016-01-04 20:31 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 15:36 - 2016-01-04 20:31 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 15:36 - 2016-01-04 20:29 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-12 15:36 - 2016-01-04 20:29 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 15:36 - 2016-01-04 20:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 15:36 - 2016-01-04 20:20 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 15:36 - 2016-01-04 20:19 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 15:36 - 2016-01-04 20:19 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-12 15:36 - 2016-01-04 20:19 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-12 15:36 - 2016-01-04 20:19 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-10 15:09 - 2015-02-20 12:57 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-10 15:09 - 2015-02-20 12:57 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-10 15:09 - 2015-02-20 12:56 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-10 15:07 - 2015-02-20 12:56 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-10 14:59 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-10 14:59 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-10 14:55 - 2015-09-13 17:38 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6BD7205F-39FE-4CB2-BF4C-D39877DC0D3E}
2016-02-10 14:53 - 2015-05-23 11:32 - 00000000 ____D C:\Users\Kim\AppData\Roaming\Curse Client
2016-02-10 14:52 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-02-10 14:52 - 2015-02-20 16:38 - 00000000 ____D C:\Users\Kim\AppData\Roaming\Spotify
2016-02-10 14:52 - 2015-02-20 16:38 - 00000000 ____D C:\Users\Kim\AppData\Local\Spotify
2016-02-10 14:51 - 2015-06-26 13:07 - 00000000 ____D C:\Program Files (x86)\Steam
2016-02-10 14:50 - 2015-09-13 08:46 - 00000000 ____D C:\ProgramData\NVIDIA
2016-02-10 14:50 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-10 14:49 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-09 22:34 - 2015-09-13 08:48 - 00000000 ____D C:\Users\Kim
2016-02-09 22:33 - 2015-02-20 17:03 - 00000000 ____D C:\Users\Kim\AppData\Roaming\Skype
2016-02-09 16:36 - 2015-07-28 18:45 - 00000000 ____D C:\Users\Kim\AppData\Local\osu!
2016-02-09 16:21 - 2015-07-28 18:45 - 00000902 _____ C:\Users\Kim\Desktop\osu!.lnk
2016-02-09 15:52 - 2015-02-20 12:57 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-02-09 15:47 - 2015-07-10 08:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-09 14:57 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-07 18:06 - 2015-07-07 16:27 - 00000000 ____D C:\Users\Kim\AppData\Roaming\OBS
2016-02-07 18:03 - 2015-05-23 11:32 - 00000988 _____ C:\Users\Kim\Desktop\Curse.lnk
2016-02-07 17:31 - 2015-07-07 16:27 - 00000939 _____ C:\Users\Kim\Desktop\Open Broadcaster Software.lnk
2016-02-06 21:44 - 2015-09-13 11:08 - 00002361 _____ C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-06 21:44 - 2015-09-13 11:08 - 00000000 ___RD C:\Users\Kim\OneDrive
2016-02-02 17:47 - 2015-07-10 06:06 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-02 17:47 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 15:02 - 2015-02-20 12:56 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 15:02 - 2015-02-20 12:56 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-31 21:17 - 2015-02-20 17:02 - 00000000 ____D C:\ProgramData\Skype
2016-01-31 14:46 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2016-01-28 16:28 - 2015-12-17 18:01 - 00001573 _____ C:\Users\Kim\Desktop\Rainmeter.lnk
2016-01-23 12:53 - 2015-02-20 11:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-15 15:05 - 2015-02-20 16:38 - 00001757 _____ C:\Users\Kim\Desktop\Spotify.lnk
2016-01-14 19:55 - 2015-09-13 13:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-14 19:51 - 2015-09-13 13:15 - 143671360 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-14 19:39 - 2015-09-13 08:47 - 01005662 _____ C:\WINDOWS\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-09-13 08:45 - 2015-09-13 08:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-08 13:16

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Kim (2016-02-10 15:15:54)
Running from C:\Users\Kim\Downloads
Windows 10 Home (X64) (2015-09-13 16:04:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2107817763-2323350340-3169641269-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2107817763-2323350340-3169641269-503 - Limited - Disabled)
Guest (S-1-5-21-2107817763-2323350340-3169641269-501 - Limited - Disabled)
Kim (S-1-5-21-2107817763-2323350340-3169641269-1000 - Administrator - Enabled) => C:\Users\Kim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.10.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version:  - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
osu! (HKLM-x32\...\{79c47af6-47ab-4f78-a223-2423b3af0aed}) (Version: latest - ppy Pty Ltd)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 beta r2468 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2107817763-2323350340-3169641269-1000\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TERA (HKLM-x32\...\Steam App 323370) (Version:  - Bluehole Inc.)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2107817763-2323350340-3169641269-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Kim\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06D2DACA-EF7D-4E2C-8322-BCB9006FBCF8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0965E0F1-58D1-420A-B537-0B0ADB102255} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {0EF12E49-29DC-48E4-ABFE-0B48203229DE} - System32\Tasks\{47917BFD-3294-4C52-9D2D-DE5B18460929} => C:\Users\Kim\AppData\Roaming\Spotify\Spotify.exe [2016-01-31] (Spotify Ltd)
Task: {11D44847-CA0B-4F74-8C86-7683445C5F97} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1A7F4845-BEA4-4447-8E80-51566BBDBFA1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {1ECEE7D1-D3C6-481B-965B-B81E227499A3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {230407FA-97DF-46ED-A96B-AB8FB8407D6F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {29F88213-B762-4207-BCCD-68A8668C06D8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {31E110F6-ECB7-4FB1-A3F3-FF678C486B18} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4243674C-4049-4AAE-8696-9CC407BF530B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {48BE597C-0F65-4076-9368-B22DDAEE6AF0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4CD88D25-D4D0-429E-AB70-B7A44CA66943} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {50626BD2-092B-489D-AA5D-DD5AF27A4A7F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {51001F0E-5BD7-45DC-B08D-002294661552} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {514EF2C1-A4C0-4353-BE7D-0621832BC015} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {5B8386A1-EE72-4B91-BC62-AA8AB6B6D74D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5D62066B-30A9-4C7C-AFBE-DE7983C961DA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {5D70BC43-ECD3-4539-A71D-1107159AA0D3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {5FA0EE63-E15C-44B2-A80C-FD615DA66032} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {70C461E8-6A2E-47CF-851F-4549F96C06C1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7220022F-4618-4430-B336-2270EAE7B260} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {82B1C784-3F38-4A17-84EA-296A4B2B6F1F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {846CDAC6-E0D2-4818-959C-B731086DA42C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {84FD1070-BAC9-4B21-A7E9-99249DFC9849} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {89DFFF9F-CEDD-4470-A137-A1B521D54375} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8D5E839B-C8C8-4B8A-9A51-C9EC398224C7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {8F316C96-22A2-4693-81CF-82E7811568FD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {9030735E-7FA2-4411-9F73-FCD331702519} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {9D23F886-8416-4CF8-B7DC-E3D7A9006E31} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-14] (Microsoft Corporation)
Task: {A4CE72A0-58D3-4508-A580-2347860112D7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {AC69A999-366A-449D-BA00-1CBC0C6CD97B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {AD14D628-E7C5-4404-86A1-DB426025A021} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {B2A4D151-3D0D-4F42-A131-74700774E81B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {C8419317-C1C9-425D-824C-B32C035579E7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {CDCC6381-DD97-4CCA-8038-46CCD5B65E23} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {E22D5949-6642-4627-A936-C54A11F05470} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E840D0EA-1E52-4967-8772-E44874628DC7} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F7C68077-8C08-4297-A1FA-4C76A65E7CE2} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F9678025-803C-4BB5-A618-CAE2E3F4C8A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-05] (Google Inc.)
Task: {FE9330E9-E7CB-45E8-AF5D-1717649A9921} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-13 11:48 - 2015-09-13 11:48 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-13 08:46 - 2015-07-22 20:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-03-20 17:12 - 2015-03-20 17:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 13:25 - 2015-09-15 13:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-13 13:12 - 2015-08-11 04:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-30 17:02 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-30 17:02 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-30 17:01 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-16 14:05 - 2015-11-24 23:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-16 14:04 - 2015-11-24 23:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-16 14:05 - 2015-11-24 23:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-30 17:02 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2015-07-20 09:58 - 2015-07-20 09:58 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 09:58 - 2015-07-20 09:58 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-09 15:46 - 2016-02-09 15:46 - 02820096 _____ () C:\Program Files\AVAST Software\Avast\defs\16020902\algo.dll
2015-06-26 13:07 - 2015-12-15 00:54 - 00782336 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-06-26 13:07 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-06-26 13:07 - 2016-02-04 16:02 - 02546768 _____ () C:\Program Files (x86)\Steam\video.dll
2015-06-26 13:07 - 2015-09-23 19:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-06-26 13:07 - 2015-09-23 19:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-06-26 13:07 - 2015-09-23 19:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-06-26 13:07 - 2015-09-23 19:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-06-26 13:07 - 2015-09-23 19:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-06-26 13:07 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-06-26 13:07 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-06-26 13:07 - 2016-02-04 16:01 - 00802896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-21 23:18 - 2015-12-29 20:51 - 00208896 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-06-26 13:07 - 2016-01-05 20:52 - 48387872 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-03-17 20:48 - 2016-01-31 14:17 - 50679920 _____ () C:\Users\Kim\AppData\Roaming\Spotify\libcef.dll
2015-07-20 09:58 - 2015-07-20 09:58 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-03-17 20:48 - 2016-01-31 14:17 - 01882224 _____ () C:\Users\Kim\AppData\Roaming\Spotify\libglesv2.dll
2015-03-17 20:48 - 2016-01-31 14:17 - 00082544 _____ () C:\Users\Kim\AppData\Roaming\Spotify\libegl.dll
2015-04-21 14:49 - 2015-11-24 14:50 - 00393608 _____ () C:\Users\Kim\AppData\Roaming\Curse Client\Bin\opus.dll
2015-11-24 14:50 - 2016-02-10 14:52 - 01094024 _____ () C:\Users\Kim\AppData\Roaming\Curse Client\Bin\Curse.Presto.Interface.dll
2015-02-20 12:32 - 2015-01-23 05:37 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2107817763-2323350340-3169641269-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{C6C541BE-67F0-4916-BAD3-6AC11A1DE5A1}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{14BA89C2-9CFF-49FC-A6E6-89AFD56F3704}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{595276BC-869B-4863-9715-8F3C9A06B97C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{0046A476-05FF-4FF0-9BF0-D81870A9C4AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{CFABD991-62E3-481D-8E46-777D3A19ECB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{06DC45A7-8C2D-45A5-A4CD-C969647929E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TERA\TERA-Launcher.exe
FirewallRules: [{C0D4F450-77EC-46F6-A4B5-9D786121030F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D810CF94-F938-4AFE-A879-0D0B566BA19E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{77C7F46A-0FDE-4936-9792-DF0DAC41DDAC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{64B745DF-B592-4849-9827-51D720193147}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{8458DE5F-9C50-448A-BDAB-32A68CD4FD06}C:\users\kim\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\kim\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{B29DB4EB-10E6-4036-8F20-C94D8643E56E}C:\users\kim\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\kim\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1E1A8497-6C1D-46F1-BF85-9A1F107FB90D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6197F0E3-6EFB-4AB0-BA3D-49468CDB112A}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [{539C56AC-2BDF-4B8D-9020-8A14DAAD65E2}] => (Allow) C:\Program Files (x86)\DolbyAxon\Axon.exe
FirewallRules: [UDP Query User{CE6ED4D6-46F7-445C-99D3-B515CF337C98}C:\users\kim\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kim\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{7E548D46-391B-468D-9203-0479D0EC0F27}C:\users\kim\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kim\appdata\roaming\spotify\spotify.exe
FirewallRules: [{53330F8E-6BEB-46D0-8A8E-69792A882DC9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C182B8C3-74C3-473C-8A6A-A681648EF814}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{42ABCCC2-01D2-442F-B85A-3A481C8ECB39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E889AE80-3DB7-4862-B120-EFD82E6501C4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9B84970B-E1E2-422A-90AB-A9BFB0F28115}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E2035C1C-1590-41A1-AC25-45BCFEBCD8D8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{AE8F9A2E-A762-43B9-A82F-3F7E98C46FED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F1832DB-BB95-4230-B322-4D1A188C7540}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BE092CBA-CCD3-4314-86E2-31D5E9C1E6A1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7601BFCB-F354-4C7E-8252-A0186C327CED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5445D37-F87F-4048-97CA-9E6935C52E0D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6ECD3B1A-6C84-4948-A446-7A9DD645B940}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7CE4318D-EBB2-407B-9D00-437274D5DE10}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4DCA3D6E-0C77-4612-83A3-A6C17D910FF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5C7A36C8-39D0-457F-B27F-8A2C7B5FE85C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{02039D1C-E0E5-495B-B6CF-68E01D72B141}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{ABA9468F-A6A8-49F6-A219-15E5F146DA50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{D13FA5AD-348B-483F-AB9F-0E6E0AA7BFF5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-01-2016 19:02:57 Windows Update
31-01-2016 16:54:23 Scheduled Checkpoint
07-02-2016 17:36:00 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2016 02:48:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.10240.16603 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: f20

Start Time: 01d1643aa17434c7

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 4386d4a5-d02f-11e5-9be6-ac220b51f402

Faulting package full name:

Faulting package-relative application ID:

Error: (02/09/2016 10:35:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 77906

Error: (02/09/2016 10:35:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 77906

Error: (02/09/2016 10:35:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/09/2016 10:35:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 62281

Error: (02/09/2016 10:35:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 62281

Error: (02/09/2016 10:35:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/09/2016 10:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46656

Error: (02/09/2016 10:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46656

Error: (02/09/2016 10:34:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/10/2016 03:02:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2 x64 Edition - February 2016 (KB890830).

Error: (02/10/2016 02:50:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error:
%%1058

Error: (02/10/2016 02:49:41 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.

Error: (02/10/2016 02:49:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/10/2016 02:39:06 PM) (Source: Service Control Manager) (EventID: 7046) (User: )
Description: The following service has repeatedly stopped responding to service control requests: System Events Broker

Contact the service vendor or the system administrator about whether to disable this service until the problem is identified.

You may have to restart the computer in safe mode before you can disable the service.

Error: (02/10/2016 02:38:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SystemEventsBroker service.

Error: (02/10/2016 02:38:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SystemEventsBroker service.

Error: (02/10/2016 02:37:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/10/2016 02:37:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BrokerInfrastructure service.

Error: (02/10/2016 02:37:06 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SystemEventsBroker service.


==================== Memory info ===========================

Processor: AMD FX™-8350 Eight-Core Processor
Percentage of memory in use: 15%
Total physical RAM: 16282.41 MB
Available physical RAM: 13732.51 MB
Total Virtual: 32666.41 MB
Available Virtual: 29769.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:700.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 55B31722)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Thanks

 


  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello dcmbass and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    I'm analysing your logs and will post further instructions soon :)

  • 0

#3
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi dmcbass

Here is some instructions for you.

Step1 - FRST fix



I noticed that you run FRST64.exe from Users\Kim\Downloads folder. Please move it to your Desktop. You can do it by right-clicking FRST64.exe, click Cut, then go to Desktop, right-click any free space and click Paste. For the FRST fix to work both FRST64.exe and fixlist.txt must be in the same location and the desktop is where the software is most effective from.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2015-09-13 08:45 - 2015-09-13 08:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Task: {06D2DACA-EF7D-4E2C-8322-BCB9006FBCF8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {11D44847-CA0B-4F74-8C86-7683445C5F97} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {230407FA-97DF-46ED-A96B-AB8FB8407D6F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {29F88213-B762-4207-BCCD-68A8668C06D8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4243674C-4049-4AAE-8696-9CC407BF530B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {48BE597C-0F65-4076-9368-B22DDAEE6AF0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5B8386A1-EE72-4B91-BC62-AA8AB6B6D74D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7220022F-4618-4430-B336-2270EAE7B260} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {89DFFF9F-CEDD-4470-A137-A1B521D54375} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AC69A999-366A-449D-BA00-1CBC0C6CD97B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E22D5949-6642-4627-A936-C54A11F05470} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Hosts:
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - AdwCleaner Scan

    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Step3 - Malwarebytes Scan


    Please download Malwarebytes' Anti-Malware from Here or Here
    Double-click on mbam-setup-version-number.exe to install the application.
    Before clicking Finish perform the following actions --

    Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
    Check the box beside Launch Malwarebytes Anti-Malware

    Once the program has loaded, The MBAM dashboard may appear with an alert to update - click the button Fix Now;

    Navigate to the Settings tab > Detection and Protection and ensure all the boxes under Detection Options are checked.

    MBAM_settings_zps3dey1yqg.jpg

    Return to the Dashboard click on Scan Now;

    MBAM_scan_zpsoqfjupkt.jpg

    If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    Copy and Paste the contents of the log in your next reply.


    Things for your next post:
  • fixlog.txt
  • adwcleaner[C*].txt
  • MBAM log
  • How is computer running now?

  • 0

#4
dmcbass

dmcbass

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts

Fix result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Kim (2016-02-11 19:53:39) Run:1
Running from C:\Users\Kim\Desktop
Loaded Profiles: Kim (Available Profiles: Kim & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
2015-09-13 08:45 - 2015-09-13 08:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Task: {06D2DACA-EF7D-4E2C-8322-BCB9006FBCF8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {11D44847-CA0B-4F74-8C86-7683445C5F97} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {230407FA-97DF-46ED-A96B-AB8FB8407D6F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {29F88213-B762-4207-BCCD-68A8668C06D8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4243674C-4049-4AAE-8696-9CC407BF530B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {48BE597C-0F65-4076-9368-B22DDAEE6AF0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {5B8386A1-EE72-4B91-BC62-AA8AB6B6D74D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7220022F-4618-4430-B336-2270EAE7B260} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {89DFFF9F-CEDD-4470-A137-A1B521D54375} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AC69A999-366A-449D-BA00-1CBC0C6CD97B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E22D5949-6642-4627-A936-C54A11F05470} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Hosts:
EmptyTemp:
*****************

Restore point was successfully created.
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
C:\ProgramData\DP45977C.lfl => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06D2DACA-EF7D-4E2C-8322-BCB9006FBCF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06D2DACA-EF7D-4E2C-8322-BCB9006FBCF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11D44847-CA0B-4F74-8C86-7683445C5F97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11D44847-CA0B-4F74-8C86-7683445C5F97}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{230407FA-97DF-46ED-A96B-AB8FB8407D6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{230407FA-97DF-46ED-A96B-AB8FB8407D6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{29F88213-B762-4207-BCCD-68A8668C06D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{29F88213-B762-4207-BCCD-68A8668C06D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4243674C-4049-4AAE-8696-9CC407BF530B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4243674C-4049-4AAE-8696-9CC407BF530B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{48BE597C-0F65-4076-9368-B22DDAEE6AF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48BE597C-0F65-4076-9368-B22DDAEE6AF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5B8386A1-EE72-4B91-BC62-AA8AB6B6D74D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B8386A1-EE72-4B91-BC62-AA8AB6B6D74D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7220022F-4618-4430-B336-2270EAE7B260}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7220022F-4618-4430-B336-2270EAE7B260}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89DFFF9F-CEDD-4470-A137-A1B521D54375}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89DFFF9F-CEDD-4470-A137-A1B521D54375}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC69A999-366A-449D-BA00-1CBC0C6CD97B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC69A999-366A-449D-BA00-1CBC0C6CD97B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E22D5949-6642-4627-A936-C54A11F05470}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E22D5949-6642-4627-A936-C54A11F05470}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::b823:31de:3ab6:6d97%2
   Default Gateway . . . . . . . . . :

Tunnel adapter isatap.hsd1.ga.comcast.net.:

   Media State . . . . . . . . . . . : Media unoperational
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.ga.comcast.net.
   Link-local IPv6 Address . . . . . : fe80::b823:31de:3ab6:6d97%2
   IPv4 Address. . . . . . . . . . . : 192.168.1.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:cf7:2ec5:3f57:fe9b
   Link-local IPv6 Address . . . . . : fe80::cf7:2ec5:3f57:fe9b%6
   Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.hsd1.ga.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.ga.comcast.net.

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 165.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:53:55 ====


  • 0

#5
dmcbass

dmcbass

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts

# AdwCleaner v5.033 - Logfile created 11/02/2016 at 20:01:25
# Updated 07/02/2016 by Xplode
# Database : 2016-02-07.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Kim - KIM-PC
# Running from : C:\Users\Kim\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [871 bytes] ##########
 


  • 0

#6
dmcbass

dmcbass

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts

Ran Malwarebytes and Threats Found = 0

The PC is running better


  • 0

#7
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi dmcbass
 

Ran Malwarebytes and Threats Found = 0


:thumbsup:

Post the log anyway please.
  • Double click on Malwarebytes to open the application.
  • Click on History
  • Click on application logs.
  • under the heading type, locate the latest log called Scan Log and double click to select it.
  • In the next window that opens click Export then select Text file (.txt). Save this to your desktop. You can call the file MBAM.
  • Copy and paste the entire contents of the report into your next reply.


    Next lets try running xbootmgr - this should help performance following an upgrade to windows 10.


    Download the SDK web installer from here
    Run the installer and select the following:

    Leave the location to default
    wdk%20location.JPG

    Windows Performance Toolkit
    Wintoolkitselect.JPG

    You must reboot on completion of the install

    After reboot set aside about 30 minutes when you will not need the computer

    To turn UAC off

    1.Open User Account Control Settings by clicking the Start button , and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.
    2.Do the following: To turn off UAC, move the slider to the Never notify position, and then click OK.


    When ready start an elevated command prompt :

    Go Start > All Programs > Accessories
    Right click Command Prompt and select Run as Administrator

    Then copy and paste the following command into the black box :

    xbootmgr -trace boot -prepSystem -verboseReadyBoot

    sdk%20command.JPG

    Now your PC will be restarted 6 times. With a two minute pause before the tool runs after the desktop loads
    After the second reboot the MS defragmentation program is running and is placing the files into an optimized layout, so that Windows will boot up faster
    The last Reboots are training of readyBoot. After the training is finished, you'll notice a huge improvement in startup.

    To turn UAC on

    1.Open User Account Control Settings by clicking the Start button , and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.
    2.Do the following: To turn on UAC, move the slider to the notify me (default) position, and then click OK.


    Things for your next post:
  • MBAM log
  • How is the computer running now following xbootmgr?

  • 0

#8
dmcbass

dmcbass

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/11/2016
Scan Time: 8:21 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.11.06
Rootkit Database: v2016.02.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Kim

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399706
Time Elapsed: 12 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#9
dmcbass

dmcbass

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts

Seems as speeedier than it used to be. Bravo


  • 0

#10
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi dmcbass
 

Seems as speeedier than it used to be. Bravo


:thumbsup:

Good stuff. OK, subject to no further issues I will remove my tools and give you some prevention advice.


Good News! - Your system now appears to be clean. :)
Now for some clean up and "housekeeping" procedures.


A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
  • Download Delfix from here
  • Locate the file and right click on it. Click on Run as Administrator.
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Create registry backup
  • Purge system restore
  • Reset system settings

    delfix.jpg
  • Click Run

    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply


    Malwarebytes - Update and run weekly to keep your system clean.


    Prevention Apps


    Crypto Warning!!!! - Complete Data Loss can occur!

    There are particularly nasty infections out there at the moment that encrypt your data and hold it for ransom. You may read more about this here
  • Download CryptoPrevent free for home use here following the instructions below.
  • Save the file to your desktop from the link above and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
    That's it. The protection is in place.

    Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.
    UpdatesV7.4.11.JPG



    Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.
  • Download Unchecky to your desktop
  • Right click on the Unchecky_setup and choose to Run as Administrator
  • Once open click the Install button.
  • Then click on Finish
  • Unchecky is now installed and will help you keep unwanted check boxes unchecked


    Prevention Tips
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When browsing the internet, look closely at the links you click on. Some aren't always what they seem.
  • Avoid Peer to Peer file sharing utilities, these are a minefield of malware infections.
  • Pay attention when installing a program to your computer, particularly to any check boxes that may appear during installation, it is common for unwanted software to be installed in this way.

    To learn more about how to protect yourself while on the internet read this little guide Best security practices.

    Go here for some good advice about how to prevent infection.

    Happy safe surfing!! :)

    Thanks for staying with the topic. It's been a pleasure working with you. :)

    Don't forget to post the Delfix log!

  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP