mij Posted December 15, 2014 Posted December 15, 2014 (edited) This is most noticeable when opening the sites that I read daily. I thought it was firefox (which I usually use) but having got rid and used IEx that was no better. In fact it was also inconsistent. Unusual with a computer. So I've tried chrome and that is no better. I use M. Essentials with defender disabled (they don't work happily together on this machine). I have run the requested and attach the reports/logs. The only thing that I recall downloading was Trusteers Rapport and I did that at SWMBO's request because we share bank accounts. I attempted to run adw.cleaner but when I clicked on run it said 'This not a valid 32 bit file'. Why should it say that as this is a 64bit machine. jim Hmm it doesn't like having large files attached I'll have to split them into more messages.MBAM log.txt Edited December 15, 2014 by mij Quote
mij Posted December 15, 2014 Author Posted December 15, 2014 Next message for the FRST log. No it looks too big. Big red shield with an exclamation mark or something. I'll try splitting it into two odt's (I use open office but they are readable in word). No that is 27Kb with a red mark. What am I doing wrong? Jim Quote
mij Posted December 16, 2014 Author Posted December 16, 2014 I have now deleted trusteers rapport and it has made no difference. It still takes an age to open a page on the 'net. Jim Quote
mij Posted December 16, 2014 Author Posted December 16, 2014 This morning I tried 'adwcleaner' and went ahead? It found something with a long rambling name and I deleted it. I will try to attach the copied and pasted odt document. jim # AdwCleaner v4.105 -Report created 16/12/2014 at 08:28:35 # Updated 08/12/2014 byXplode # Database :2014-12-13.4 [Live] # Operating System :Windows 7 Home Premium Service Pack 1 (64 bits) # Username : jim -JIM-PC # Running from :C:\Users\jim\Desktop\AdwCleaner (1).exe # Option : Clean ***** [ Services ]***** Service Deleted :{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64 ***** [ Files / Folders] ***** Folder Deleted :C:\ProgramData\Tbccint Folder Deleted :C:\Program Files (x86)\File Type Assistant Folder Deleted :C:\Program Files (x86)\FinalMediaPlayer Folder Deleted :C:\Program Files\Uninstaller Folder Deleted :C:\Users\jim\AppData\Local\FinalMediaPlayer Folder Deleted :C:\Users\jim\AppData\Local\CrashRpt Folder Deleted :C:\Users\jim\AppData\LocalLow\Tbccint Folder Deleted :C:\Users\jim\AppData\Roaming\SecureSearch Folder Deleted :C:\Users\jim\AppData\Roaming\Microsoft\Windows\StartMenu\Programs\SmootherWeb File Deleted : C:\END File Deleted :C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw64.sys File Deleted :C:\Program Files (x86)\MozillaFirefox\browser\searchplugins\adawaretb.xml ***** [ Scheduled Tasks] ***** Task Deleted :IHSelfDeleteTASK Task Deleted :IHUninstallTrackingTASK ***** [ Shortcuts ]***** Shortcut Disinfected :C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcherbundle\SoftwareWatcher bundle.lnk ***** [ Registry ]***** Key Deleted :HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted :HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Deleted :HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted :HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted :HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} Key Deleted :HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted :HKLM\SOFTWARE\Microsoft\Internet Explorer\LowRights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Key Deleted : [x64]HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C} Key Deleted : [x64]HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} Key Deleted : [x64]HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C} Key Deleted : [x64]HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6} Key Deleted : [x64]HKLM\SOFTWARE\Classes\Interface\{2830488C-079B-45C2-88B6-AFE4EAA2DF85} Key Deleted : [x64]HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} Key Deleted : [x64]HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} Key Deleted : [x64]HKLM\SOFTWARE\Microsoft\Internet Explorer\LowRights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5} Key Deleted : [x64]HKLM\SOFTWARE\Microsoft\Internet Explorer\LowRights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C} Key Deleted :HKCU\Software\Bitberry Software Key Deleted :HKCU\Software\Conduit Key Deleted :HKCU\Software\IM Key Deleted :HKCU\Software\Optimizer Pro Key Deleted :HKCU\Software\Reimage Key Deleted :HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted :HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : [x64]HKLM\SOFTWARE\Reimage ***** [ Browsers ]***** -\\ Internet Explorerv11.0.9600.17420 -\\ Mozilla Firefox v [plj6xuf0.default\prefs.js]- Line Deleted : user_pref("","hxxps://uk.search.yahoo.com/search?fr=spigot-nt-ff&ei=utf-8&ilc=12&type=523482&p={searchTerms}"); [plj6xuf0.default\prefs.js]- Line Deleted : user_pref("browser.startup.homepage","hxxps://uk.search.yahoo.com/?type=523482&fr=spigot-yhp-ff"); -\\ Google Chromev39.0.2171.95 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://uk.ask.com/web?q={searchTerms} [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=66506 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=66506 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://www.bigseekpro.com/search/browser/burn4free/{45E368B2-EE5C-489A-8E46-BC29B29E60EA}?q={searchTerms} [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://websearch.ask.com/redirect?client=ie&tb=BLT&o=15554&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=HH&apn_dtid=YYYYYYYYGB&apn_uid=95782B35-9D0A-4BCF-9038-34D29F1BA4E7&apn_sauid=D3494CD7-2EB5-4CD4-A2F6-40426EBF60E0 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://websearch.ask.com/redirect?client=ie&tb=BLT&o=15554&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=HH&apn_dtid=YYYYYYYYGB&apn_uid=95782B35-9D0A-4BCF-9038-34D29F1BA4E7&apn_sauid=D3494CD7-2EB5-4CD4-A2F6-40426EBF60E0 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.3.0&install_country=GB&install_date=20111011&user_guid=38364539440942149575D0FDAFDA5960&machine_id=3e0bb42f8eceaa5373cfbf14c7ae4b59&browser=IE&os=win&os_version=6.0-x86-SP2&iesrc={referrer:source} [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://start.facemoods.com/?a=grupo&s={searchTerms}&f=4 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://search.conduit.com/Result***t.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://search.conduit.com/Result***t.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms} -\\ Opera v0.0.0.0 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://uk.ask.com/web?q={searchTerms} [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=66506 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=66506 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://www.bigseekpro.com/search/browser/burn4free/{45E368B2-EE5C-489A-8E46-BC29B29E60EA}?q={searchTerms} [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://websearch.ask.com/redirect?client=ie&tb=BLT&o=15554&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=HH&apn_dtid=YYYYYYYYGB&apn_uid=95782B35-9D0A-4BCF-9038-34D29F1BA4E7&apn_sauid=D3494CD7-2EB5-4CD4-A2F6-40426EBF60E0 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://websearch.ask.com/redirect?client=ie&tb=BLT&o=15554&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=HH&apn_dtid=YYYYYYYYGB&apn_uid=95782B35-9D0A-4BCF-9038-34D29F1BA4E7&apn_sauid=D3494CD7-2EB5-4CD4-A2F6-40426EBF60E0 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.3.0&install_country=GB&install_date=20111011&user_guid=38364539440942149575D0FDAFDA5960&machine_id=3e0bb42f8eceaa5373cfbf14c7ae4b59&browser=IE&os=win&os_version=6.0-x86-SP2&iesrc={referrer:source} [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://start.facemoods.com/?a=grupo&s={searchTerms}&f=4 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://search.conduit.com/Result***t.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://search.conduit.com/Result***t.aspx?q={searchTerms}&SearchSource=4&ctid=CT2117678 [C:\Users\jim\AppData\Local\Google\Chrome\UserData\Default\Web Data] - Deleted [search Provider] :hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&sr=0&q={searchTerms} ************************* AdwCleaner[R3].txt -[6537 octets] - [16/12/2014 08:23:38] AdwCleaner[s1].txt -[8997 octets] - [16/12/2014 08:28:35] ########## EOF -C:\AdwCleaner\AdwCleaner[s1].txt - [9057 octets] ########## Quote
KenB Posted December 16, 2014 Posted December 16, 2014 Hi Jim I am sure one of the Security guys will be along shortly to advise you :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
mij Posted December 16, 2014 Author Posted December 16, 2014 Hi Jim I am sure one of the Security guys will be along shortly to advise you :) Thanks Ken. Jim Quote
mij Posted December 16, 2014 Author Posted December 16, 2014 Solved! I googled away until I found someone whose computer was showing almost identical symptoms as mine. Although his was a laptop it was otherwise very similar. I have moved the furniture around in this room, decorated etc and hadn't noticed the fall off in signal to my computer. Also adjacent signals from neighbours routers either side of us may be interfering as SWMBO's computer in another room and farther away got a stronger signal. I moved the router so to 'see' my computer better - voilà - all uncy dory. I was told by a utility that my network driver for the router was outdated so I downloaded another and lost connection altogether. Restore soon had the machine up and running again. jim Quote
KenB Posted December 16, 2014 Posted December 16, 2014 Nice one Jim Isn't it satisfying when you solve a problem ? :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted December 17, 2014 Posted December 17, 2014 Hi Jim, That's a nice collection of Adware that's been removed by AdwCleaner. If you want us to take a deeper look and make sure everything has been removed, just follow these instructions: For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Make sure that Addition.txt is selected at the bottom Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. Just post the 2 reports in your next reply. Thanks Quote Member of:UNITE
mij Posted December 19, 2014 Author Posted December 19, 2014 Thanks both for your replies. I have been busy for a couple of days and I need to get busier today LOL. ok here is one of the reports Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014 Ran by jim at 2014-12-19 10:30:11 Running from C:\Users\jim\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C5D8EEB2-EDBC-4375-829D-BE50547C8890}) (Version: 1.3 - Eyeo GmbH) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated) Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Advanced Wheel Mouse 6.0.0.010 (HKLM-x32\...\WheelMouse) (Version: - ) Amazon Music (HKU\S-1-5-21-2061593873-442737242-47621587-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC) AMD Catalyst Install Manager (HKLM\...\{3096080B-BFA4-F2E5-0E2B-D289933054C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AMD Catalyst Install Manager (HKLM\...\{A99B0881-5ED5-7E0B-DA57-43BA750852A9}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) BBC iPlayer Downloads (HKLM-x32\...\{476A047B-BDA1-4B37-BB40-0710C7E9EB61}) (Version: 1.4.1 - BBC) Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.) CD Player 1.0 (HKLM-x32\...\CD Player 1.0) (Version: - ) Dell System Detect (HKU\S-1-5-21-2061593873-442737242-47621587-1000\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell) Dell V505 (HKLM\...\Dell V505) (Version: - Dell, Inc.) DriverEasy 4.7.9 (HKLM\...\DriverEasy_is1) (Version: 4.7.9.0 - Easeware) Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology) Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden Eusing Free Registry Cleaner (HKLM-x32\...\Eusing Free Registry Cleaner) (Version: - Eusing Software) Free All-In-One Media Player (HKLM-x32\...\Free Media Player_is1) (Version: - Free Software Group) Free Desktop Timer 1.2 (HKLM-x32\...\Free Desktop Timer_is1) (Version: - Drive Software Company) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) GoToMeeting 6.0.0.1259 (HKU\S-1-5-21-2061593873-442737242-47621587-1000\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline) HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 34.0.5 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-GB)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation) Platform (x32 Version: 1.40 - VIA Technologies, Inc.) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Rapport (x32 Version: 3.5.1404.34 - Trusteer) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.90.826.2014 - Realtek) Software For Archers (HKLM-x32\...\Software For ArchersV2446) (Version: V2446 - Pinwheel Software, Inc) Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform) TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom) TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.) Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1404.34 - Trusteer) Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.40 - VIA Technologies, Inc.) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN) Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.4-3 - Wacom Technology Corp.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.) Windows 7 Codec Pack 4.1.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.1.0 - Windows 7 Codec Pack) Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2061593873-442737242-47621587-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) CustomCLSID: HKU\S-1-5-21-2061593873-442737242-47621587-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\jim\AppData\Local\Citrix\GoToMeeting\1259\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Restore Points ========================= 16-12-2014 01:53:02 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 16-12-2014 01:53:18 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 16-12-2014 02:00:00 Installed Install_Win7_7090_11252014.zip by DriverEasy 16-12-2014 02:00:43 Installed Realtek Ethernet Controller Driver 16-12-2014 02:45:12 Installed WacomTablet_634-3.exe by DriverEasy 16-12-2014 02:47:48 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 16-12-2014 02:48:06 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 16-12-2014 08:55:54 Installed Rapport 16-12-2014 17:12:02 Removed Google Earth. 16-12-2014 19:07:26 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 16-12-2014 19:07:55 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 16-12-2014 19:09:23 Installed Wifi_DriverOnly.zip by DriverEasy 16-12-2014 19:26:00 Restore Operation 17-12-2014 10:25:17 Installed Adblock Plus for IE (32-bit and 64-bit) 18-12-2014 16:03:43 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2014-03-09 23:19 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {372F985C-CE7D-441D-BEF7-89BBF6F4BB33} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Dell V505\dldwamon.exe [2010-02-10] () Task: {3F87415B-F9A2-40BD-A61A-5A7F02220EDF} - System32\Tasks\{DD7EE5B8-84A9-478F-B928-E586945B1EB7} => D:\YMT.exe Task: {4D631139-4BB9-464C-87F1-94321FA9B4EB} - System32\Tasks\{9A90A9F5-F725-43B7-9089-0040DCB980C3} => C:\Program Files (x86)\FreeAllInOneMediaPlayer\FreeMediaPlayer.exe [2013-12-30] (Free Software Group) Task: {9A27C598-77DD-4A3F-8B9C-311E6F0D6324} - System32\Tasks\{F430488F-B903-428C-8DF0-976F184A5B89} => pcalua.exe -a C:\Windows\UbiSoft\UbiSetup.exe -d C:\Windows\UbiSoft -c -play ARTIST Task: {A964B2BF-530E-4505-AA6A-0681AC2BF556} - System32\Tasks\{D44A2FEB-5421-4E2A-A697-18B200266FF3} => D:\YMT.exe Task: {B65D6E53-D4E3-41A8-BE9F-43A273D81C37} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-17] (Adobe Systems Incorporated) Task: {B70AB2ED-3A8F-4180-8922-DD576361DEAE} - System32\Tasks\{54971752-5FB6-4615-848D-B9CCECC8C04D} => pcalua.exe -a C:\Users\jim\AppData\Local\Temp\Temp1_SmartPackSetup1.22.0.exe.zip\SmartPackSetup1.22.0.exe Task: {BDC6F670-3171-4126-BB8F-788164F4D381} - System32\Tasks\{3DBD4212-4EDD-4A0C-8AF9-38D35941981C} => pcalua.exe -a C:\Users\jim\Desktop\wmp11-windowsxp-x64-enu.exe -d C:\Users\jim\Desktop Task: {C529E6F8-2B02-4CD3-B37A-ECF2C3E38DCF} - System32\Tasks\ESTsoft RunAsStdUser 33777258Task => C:\Program Files (x86)\ESTsoft\ALZip\ALZip.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2014-12-10 18:41 - 2009-07-02 07:44 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dldwdrpp.dll 2014-08-16 22:22 - 2014-08-16 22:22 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2013-11-04 16:03 - 2013-11-04 16:03 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2013-11-04 16:03 - 2013-11-04 16:03 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2014-08-16 22:21 - 2014-08-16 22:21 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-12-16 02:45 - 2012-10-29 08:14 - 01184640 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll 2014-10-29 12:57 - 2012-11-14 15:22 - 00078456 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2014-10-29 12:57 - 2012-11-14 15:22 - 00386168 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2014-12-10 18:40 - 2010-02-10 08:57 - 00676520 _____ () C:\Program Files (x86)\Dell V505\dldwmon.exe 2014-12-10 18:40 - 2010-02-10 08:57 - 00025256 _____ () C:\Program Files (x86)\Dell V505\dldwMsdMon.exe 2014-12-17 13:49 - 2014-12-08 06:27 - 06277952 _____ () C:\Users\jim\AppData\Local\Amazon Music\Amazon Music Helper.exe 2012-02-29 04:07 - 2010-05-26 12:47 - 00147456 _____ () C:\Advanced Wheel Mouse\wh_exec.exe 2014-12-10 18:39 - 2008-04-25 01:47 - 00065024 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dldwCFG.DLL 2009-05-27 04:03 - 2009-05-27 04:03 - 01401856 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dldwptpc.dll 2009-07-02 07:45 - 2009-07-02 07:45 - 00196608 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dldwdrui.dll 2009-03-25 22:57 - 2009-03-25 22:57 - 00130048 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\dldwPRPR.DLL 2012-02-29 04:07 - 2010-05-26 12:47 - 00036864 _____ () C:\Advanced Wheel Mouse\wh_hook.dll 2014-12-10 18:40 - 2008-04-25 01:44 - 00077906 _____ () C:\Program Files (x86)\Dell V505\dldwcfg.dll 2014-12-10 18:40 - 2009-07-23 14:51 - 00380928 _____ () C:\Program Files (x86)\Dell V505\dldwscw.dll 2014-12-10 18:40 - 2008-03-10 06:30 - 00188416 _____ () C:\Program Files (x86)\Dell V505\dldwdatr.dll 2014-12-10 18:40 - 2007-03-26 02:39 - 00073728 _____ () C:\Program Files (x86)\Dell V505\dldwcats.dll 2014-12-10 18:40 - 2009-07-23 14:52 - 01036288 _____ () C:\Program Files (x86)\Dell V505\dldwDRS.dll 2014-12-10 18:40 - 2009-05-13 09:50 - 00081920 _____ () C:\Program Files (x86)\Dell V505\dldwcaps.dll 2014-12-10 18:40 - 2008-02-26 14:24 - 00069632 _____ () C:\Program Files (x86)\Dell V505\dldwcnv4.dll 2014-12-10 18:40 - 2009-05-13 09:48 - 00151552 _____ () C:\Program Files (x86)\Dell V505\dldwmonr.dll 2014-12-10 18:40 - 2010-01-21 05:09 - 00028672 _____ () C:\Program Files (x86)\Dell V505\App4R.Monitor.Common.dll 2014-12-10 18:40 - 2010-01-21 05:09 - 00036864 _____ () C:\Program Files (x86)\Dell V505\App4R.Monitor.Core.dll 2014-12-10 18:40 - 2010-01-21 05:08 - 00065536 _____ () C:\Program Files (x86)\Dell V505\app4r.devmons.mcmdevmon.dll 2014-12-10 18:40 - 2008-03-25 03:53 - 00012288 _____ () C:\Program Files (x86)\Dell V505\app4r.devmons.mcmdevmon.autoplayutil.dll 2014-03-23 16:04 - 2014-03-23 16:04 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2014-12-17 19:48 - 2014-11-26 16:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2061593873-442737242-47621587-500 - Administrator - Disabled) Guest (S-1-5-21-2061593873-442737242-47621587-501 - Limited - Disabled) jim (S-1-5-21-2061593873-442737242-47621587-1000 - Administrator - Enabled) => C:\Users\jim ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/19/2014 08:22:44 AM) (Source: MsiInstaller) (EventID: 1024) (User: jim-PC) Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1646. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (12/19/2014 08:22:44 AM) (Source: MsiInstaller) (EventID: 1021) (User: jim-PC) Description: Product: Adobe Reader XI - Update 'Adobe Reader XI (11.0.09)' could not be removed. Error code 1646. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (12/19/2014 08:22:11 AM) (Source: MsiInstaller) (EventID: 1024) (User: jim-PC) Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011010}' could not be installed. Error code 1646. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (12/19/2014 08:22:11 AM) (Source: MsiInstaller) (EventID: 1021) (User: jim-PC) Description: Product: Adobe Reader XI - Update 'Adobe Reader XI (11.0.09)' could not be removed. Error code 1646. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (12/19/2014 08:11:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/19/2014 02:16:26 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (12/18/2014 07:43:27 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/18/2014 00:30:41 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3. Invalid Xml syntax. Error: (12/17/2014 10:28:53 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/17/2014 07:28:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (12/19/2014 08:10:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The dldwCATSCustConnectService service failed to start due to the following error: %%1053 Error: (12/19/2014 08:10:14 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the dldwCATSCustConnectService service to connect. Error: (12/19/2014 05:51:53 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (12/18/2014 07:42:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The dldwCATSCustConnectService service failed to start due to the following error: %%1053 Error: (12/18/2014 07:42:01 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the dldwCATSCustConnectService service to connect. Error: (12/18/2014 03:22:10 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (12/17/2014 10:27:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The dldwCATSCustConnectService service failed to start due to the following error: %%1053 Error: (12/17/2014 10:27:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the dldwCATSCustConnectService service to connect. Error: (12/17/2014 10:26:27 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (12/17/2014 07:27:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The dldwCATSCustConnectService service failed to start due to the following error: %%1053 Microsoft Office Sessions: ========================= Error: (12/19/2014 08:22:44 AM) (Source: MsiInstaller) (EventID: 1024) (User: jim-PC) Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011010}1646(NULL)(NULL)(NULL) Error: (12/19/2014 08:22:44 AM) (Source: MsiInstaller) (EventID: 1021) (User: jim-PC) Description: Adobe Reader XIAdobe Reader XI (11.0.09)1646(NULL)(NULL)(NULL) Error: (12/19/2014 08:22:11 AM) (Source: MsiInstaller) (EventID: 1024) (User: jim-PC) Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011010}1646(NULL)(NULL)(NULL) Error: (12/19/2014 08:22:11 AM) (Source: MsiInstaller) (EventID: 1021) (User: jim-PC) Description: Adobe Reader XIAdobe Reader XI (11.0.09)1646(NULL)(NULL)(NULL) Error: (12/19/2014 08:11:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/19/2014 02:16:26 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exeC:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe0 Error: (12/18/2014 07:43:27 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/18/2014 00:30:41 AM) (Source: SideBySide) (EventID: 59) (User: ) Description: C:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exeC:\Program Files\ATI\CIM\Bin64\InstallManagerApp.exe0 Error: (12/17/2014 10:28:53 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/17/2014 07:28:34 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2014-12-16 19:11:38.895 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-16 19:11:38.786 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-16 19:10:02.141 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-12-16 19:10:02.079 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-15 03:10:51.396 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-15 03:10:51.271 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-15 03:09:40.473 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-15 03:09:40.411 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-10-29 13:58:57.158 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-10-29 13:58:56.986 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\athrx.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD FX-4130 Quad-Core Processor Percentage of memory in use: 33% Total physical RAM: 7661.55 MB Available physical RAM: 5121 MB Total Pagefile: 15321.29 MB Available Pagefile: 12406.2 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:779.16 GB) NTFS Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8FC79151) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Quote
mij Posted December 19, 2014 Author Posted December 19, 2014 And I hope I can attach the second one here. It worked! Wonder of wonders! A BTW is now and again I get snow coming down the screen - it only shows in the none white parts. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014 Ran by jim (administrator) on JIM-PC on 19-12-2014 10:29:18 Running from C:\Users\jim\Desktop Loaded Profile: jim (Available profiles: jim) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (AMD) C:\Windows\System32\atiesrxx.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe ( ) C:\Windows\System32\dldwcoms.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (AMD) C:\Windows\System32\atieclxx.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (VIA Technologies, Inc.) C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe () C:\Program Files (x86)\Dell V505\dldwmon.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files (x86)\Dell V505\dldwmsdmon.exe () C:\Users\jim\AppData\Local\Amazon Music\Amazon Music Helper.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe () C:\Advanced Wheel Mouse\wh_exec.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\splwow64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation) HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monito HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4694192 2013-11-06] (VIA) HKLM\...\Run: [dldwmon.exe] => C:\Program Files (x86)\Dell V505\dldwmon.exe [676520 2010-02-10] () HKLM\...\Run: [dldwamon] => C:\Program Files (x86)\Dell V505\dldwamon.exe [16040 2010-02-10] () HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-08-16] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [WheelMouse] => C:\Advanced Wheel Mouse\wh_exec.exe [147456 2010-05-26] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKU\S-1-5-21-2061593873-442737242-47621587-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom) HKU\S-1-5-21-2061593873-442737242-47621587-1000\...\Run: [sMARTPACK] => C:\Program Files (x86)\SmartPack\SmartPack.exe HKU\S-1-5-21-2061593873-442737242-47621587-1000\...\Run: [Amazon Music] => C:\Users\jim\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-08] () HKU\S-1-5-21-2061593873-442737242-47621587-1000\...\Run: [DellSystemDetect] => C:\Users\jim\AppData\Local\Apps\2.0\J6QE4TVR.CZ0\6OPWJBOJ.BK4\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-10] (Dell) HKU\S-1-5-21-2061593873-442737242-47621587-1000\...\RunOnce: [Adobe Speed Launcher] => 1418977321 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe () CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-2061593873-442737242-47621587-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ HKU\S-1-5-21-2061593873-442737242-47621587-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2061593873-442737242-47621587-1000 -> URL http://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP34ABE26C-462B-418C-931B-4D2EE699B991&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-2061593873-442737242-47621587-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\plj6xuf0.default FF DefaultSearchEngine: Yahoo! FF SelectedSearchEngine: Yahoo! FF Homepage: www.google.co.uk FF Keyword.URL: https://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=523482&p= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2061593873-442737242-47621587-1000: @citrixonline.com/appdetectorplugin -> C:\Users\jim\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKU\S-1-5-21-2061593873-442737242-47621587-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF SearchPlugin: C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\plj6xuf0.default\searchplugins\yahoo_ff.xml FF Extension: British English Dictionary (Forked by Marco Pinto) - C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\plj6xuf0.default\Extensions\marcoagpinto@mail.telepac.pt [2014-12-01] FF Extension: Download YouTube Videos, Easy,Fast And Simple - C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\plj6xuf0.default\Extensions\jid1-cHKBMlArKdIVEg@jetpack.xpi [2014-12-09] FF Extension: Smart Ads Blocker - C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\plj6xuf0.default\Extensions\jid1-LYopfl0r00ZV5k@jetpack.xpi [2014-10-06] FF Extension: Adblock Plus - C:\Users\jim\AppData\Roaming\Mozilla\Firefox\Profiles\plj6xuf0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-30] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.co.uk/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-19] CHR Extension: (Google Docs) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-05] CHR Extension: (Google Drive) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-05] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-19] CHR Extension: (Adguard AdBlocker) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2014-12-15] CHR Extension: (YouTube) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-05] CHR Extension: (Adblock Plus) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-15] CHR Extension: (Google Search) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-05] CHR Extension: (Google Sheets) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-19] CHR Extension: (Google Wallet) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05] CHR Extension: (Gmail) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-08-16] (Advanced Micro Devices, Inc.) [File not signed] S2 dldwCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldwserv.exe [33448 2009-07-24] () R2 dldw_device; C:\Windows\system32\dldwcoms.exe [1044136 2009-07-24] ( ) R2 dldw_device; C:\Windows\SysWOW64\dldwcoms.exe [594600 2009-07-24] ( ) S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation) R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-11-21] (IBM Corp.) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [613760 2012-10-29] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices) S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2014-06-21] (Advanced Micro Devices) [File not signed] S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-15] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation) R1 RapportCerberus_80083; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80083.sys [761720 2014-12-08] () R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445912 2014-11-21] (IBM Corp.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-11-21] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-11-21] (IBM Corp.) R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [223744 2013-03-19] (VIA Technologies, Inc.) R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [10368 2009-09-16] () R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [295424 2013-03-19] (VIA Technologies, Inc.) S3 cpuz134; \??\C:\Users\jim\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S3 TEAM; system32\DRIVERS\RtTeam60.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 10:29 - 2014-12-19 10:29 - 00015365 _____ () C:\Users\jim\Desktop\FRST.txt 2014-12-19 10:28 - 2014-12-19 10:28 - 02121216 _____ (Farbar) C:\Users\jim\Desktop\FRST64.exe 2014-12-18 16:03 - 2014-11-27 01:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-12-18 16:03 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-12-18 16:03 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-12-18 16:03 - 2014-11-22 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-12-18 16:03 - 2014-11-22 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-12-18 16:03 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-12-18 16:03 - 2014-11-22 02:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-12-18 16:03 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-12-18 16:03 - 2014-11-22 02:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-12-18 16:03 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-12-18 16:03 - 2014-11-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-12-18 16:03 - 2014-11-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-12-18 16:03 - 2014-11-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-12-18 16:03 - 2014-11-22 02:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 16:03 - 2014-11-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-12-18 16:03 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-12-18 16:03 - 2014-11-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-12-18 16:03 - 2014-11-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-12-18 16:03 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-12-18 16:03 - 2014-11-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-12-18 16:03 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-12-18 16:03 - 2014-11-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-12-18 16:03 - 2014-11-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-12-18 16:03 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-12-18 16:03 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-12-18 16:03 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-12-18 16:03 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-12-18 16:03 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-12-18 16:03 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-12-18 16:03 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-12-18 16:03 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-12-18 16:03 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-12-18 16:03 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-12-18 16:03 - 2014-11-22 01:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-18 16:03 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-12-18 16:03 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-12-18 16:03 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-12-18 16:03 - 2014-11-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-12-18 16:03 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-12-18 16:03 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-12-18 16:03 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-12-18 16:03 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-12-18 16:03 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-12-18 16:03 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-12-18 16:03 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-12-18 16:03 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-12-18 16:03 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-12-18 16:03 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-12-18 16:03 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-12-18 16:03 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-12-18 16:03 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-12-18 16:03 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-12-18 16:03 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-12-18 16:03 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-12-18 16:03 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-12-18 16:03 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-12-18 16:02 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-12-18 16:02 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-12-17 19:48 - 2014-12-17 19:48 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-12-17 19:48 - 2014-12-17 19:48 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-12-17 19:48 - 2014-12-17 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-12-17 19:47 - 2014-12-17 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-12-17 13:50 - 2014-12-17 13:50 - 00001170 _____ () C:\Users\jim\Desktop\Amazon Music.lnk 2014-12-17 13:48 - 2014-12-17 13:49 - 39565896 _____ (Amazon) C:\Users\jim\Downloads\AmazonMusicInstaller.exe 2014-12-17 13:29 - 2014-12-19 09:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-12-17 13:29 - 2014-12-17 13:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-12-16 21:57 - 2014-12-16 21:57 - 24743106 _____ () C:\Users\jim\Desktop\vlc-2.1.5-win32(1).exe 2014-12-16 08:58 - 2014-11-21 00:30 - 00534104 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys 2014-12-16 08:56 - 2014-12-16 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection 2014-12-16 08:56 - 2014-12-16 08:56 - 00000000 ____D () C:\Program Files (x86)\Trusteer 2014-12-16 08:23 - 2014-12-16 17:19 - 00000000 ____D () C:\AdwCleaner 2014-12-16 02:46 - 2014-12-16 02:46 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet 2014-12-16 02:46 - 2014-12-16 02:46 - 00000000 ____D () C:\Users\jim\AppData\Roaming\WTablet 2014-12-16 02:46 - 2014-12-16 02:46 - 00000000 ____D () C:\Program Files\TabletPlugins 2014-12-16 02:46 - 2014-12-16 02:46 - 00000000 ____D () C:\Program Files (x86)\TabletPlugins 2014-12-16 02:45 - 2014-12-16 02:46 - 00000000 ____D () C:\Program Files\Tablet 2014-12-16 02:45 - 2012-10-29 08:14 - 01981312 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll 2014-12-16 02:45 - 2012-10-29 08:14 - 01974144 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll 2014-12-16 02:45 - 2012-10-29 08:14 - 01843072 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll 2014-12-16 02:45 - 2012-10-29 08:14 - 01840000 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll 2014-12-16 02:45 - 2012-10-29 08:14 - 01628032 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll 2014-12-16 02:45 - 2012-10-29 08:14 - 01621376 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll 2014-12-16 02:45 - 2012-10-29 08:14 - 01509248 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll 2014-12-16 02:45 - 2012-10-29 08:14 - 01505152 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll 2014-12-16 02:01 - 2014-12-16 02:01 - 00000000 ____D () C:\Program Files (x86)\Realtek 2014-12-16 02:01 - 2014-08-27 06:10 - 00942808 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys 2014-12-16 02:01 - 2014-08-27 06:10 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll 2014-12-16 01:45 - 2014-12-16 01:45 - 00000000 ____D () C:\Program Files (x86)\Etron Technology 2014-12-15 22:16 - 2014-12-15 22:16 - 00025439 _____ () C:\Users\jim\Documents\last pages of MBAM log.odt 2014-12-15 22:13 - 2014-12-15 22:13 - 00031885 _____ () C:\Users\jim\Documents\MBAM log.odt 2014-12-15 21:31 - 2014-12-15 21:31 - 00030673 _____ () C:\Users\jim\Documents\FRST LOG.odt 2014-12-15 21:24 - 2014-12-19 10:29 - 00000000 ____D () C:\FRST 2014-12-15 19:05 - 2014-12-15 21:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-12-15 19:05 - 2014-12-15 20:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-15 19:05 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-12-15 19:05 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-12-15 19:05 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-12-15 16:24 - 2014-12-15 16:24 - 00397360 _____ () C:\Users\jim\Downloads\adguardInstaller (2).exe 2014-12-15 16:23 - 2014-12-15 16:23 - 00397360 _____ () C:\Users\jim\Downloads\adguardInstaller.exe 2014-12-15 16:23 - 2014-12-15 16:23 - 00397360 _____ () C:\Users\jim\Downloads\adguardInstaller (1).exe 2014-12-14 23:04 - 2014-12-14 23:04 - 00009243 _____ () C:\Users\jim\Documents\spread sheet of project records.ods 2014-12-12 15:19 - 2014-12-12 15:19 - 00011630 _____ () C:\Users\jim\Documents\Inside the card grandchildren.odt 2014-12-12 15:09 - 2014-12-12 15:09 - 00058661 _____ () C:\Users\jim\Documents\Joes Christmas Card.odt 2014-12-12 08:32 - 2014-12-14 20:13 - 00000000 ____D () C:\Users\jim\Desktop\My sent Cards in gallery or in project forum 2014-12-12 08:01 - 2014-12-12 08:01 - 00000232 _____ () C:\Users\jim\Desktop\project page.url 2014-12-12 02:41 - 2014-12-12 09:39 - 02076533 _____ () C:\Users\jim\Documents\Artastics cards.odt 2014-12-12 00:54 - 2014-12-18 13:16 - 00000000 ____D () C:\Users\jim\Desktop\Christmas cards 2014 received 2014-12-10 18:40 - 2014-12-10 18:40 - 00000000 ____D () C:\Program Files\Dell V505 2014-12-10 18:40 - 2009-07-24 16:04 - 00019112 _____ () C:\Windows\system32\DLDWwupd.exe 2014-12-10 18:40 - 2009-04-28 04:59 - 00488960 _____ () C:\Windows\system32\DLDWwupd.dll 2014-12-10 18:39 - 2014-12-10 18:44 - 00147313 _____ () C:\Windows\system32\LexFiles.ulf 2014-12-10 18:39 - 2014-12-10 18:44 - 00000000 ____D () C:\Program Files (x86)\Dell V505 2014-12-10 18:39 - 2014-12-10 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Printers 2014-12-10 18:39 - 2009-07-24 16:04 - 01044136 _____ ( ) C:\Windows\system32\dldwcoms.exe 2014-12-10 18:39 - 2009-07-24 16:04 - 00615080 _____ ( ) C:\Windows\system32\dldwcfg.exe 2014-12-10 18:39 - 2009-07-24 16:04 - 00594600 _____ ( ) C:\Windows\SysWOW64\dldwcoms.exe 2014-12-10 18:39 - 2009-07-24 16:04 - 00525992 _____ ( ) C:\Windows\system32\dldwih.exe 2014-12-10 18:39 - 2009-07-24 16:04 - 00369320 _____ ( ) C:\Windows\SysWOW64\dldwcfg.exe 2014-12-10 18:39 - 2009-07-24 16:04 - 00328360 _____ ( ) C:\Windows\SysWOW64\dldwih.exe 2014-12-10 18:39 - 2009-07-24 16:02 - 00001957 _____ () C:\Windows\SysWOW64\dldw.loc 2014-12-10 18:39 - 2009-07-24 16:02 - 00001957 _____ () C:\Windows\system32\dldw.loc 2014-12-10 18:39 - 2009-07-03 01:29 - 00335872 _____ () C:\Windows\SysWOW64\dldwcomx.dll 2014-12-10 18:39 - 2009-05-21 04:53 - 00987648 _____ ( ) C:\Windows\system32\dldwpmui.dll 2014-12-10 18:39 - 2009-05-21 03:49 - 01661952 _____ ( ) C:\Windows\system32\dldwserv.dll 2014-12-10 18:39 - 2009-05-21 03:25 - 01091584 _____ ( ) C:\Windows\system32\dldwhbn3.dll 2014-12-10 18:39 - 2009-05-21 03:11 - 01338368 _____ ( ) C:\Windows\system32\dldwusb1.dll 2014-12-10 18:39 - 2009-05-21 02:26 - 00681984 _____ ( ) C:\Windows\system32\DLDWhcp.dll 2014-12-10 18:39 - 2009-05-21 02:17 - 00580608 _____ ( ) C:\Windows\system32\dldwcomm.dll 2014-12-10 18:39 - 2009-05-21 02:15 - 00897024 _____ ( ) C:\Windows\system32\dldwlmpm.dll 2014-12-10 18:39 - 2009-05-21 01:48 - 00513024 _____ ( ) C:\Windows\system32\dldwiesc.dll 2014-12-10 18:39 - 2009-05-21 01:46 - 01291264 _____ ( ) C:\Windows\system32\dldwcomc.dll 2014-12-10 18:39 - 2009-05-21 01:34 - 00548352 _____ ( ) C:\Windows\system32\dldwinpa.dll 2014-12-10 18:39 - 2009-05-21 00:14 - 00594944 _____ () C:\Windows\system32\DLDWinst.dll 2014-12-10 18:39 - 2009-05-20 18:48 - 00651264 _____ ( ) C:\Windows\SysWOW64\dldwpmui.dll 2014-12-10 18:39 - 2009-05-20 18:30 - 01069056 _____ ( ) C:\Windows\SysWOW64\dldwserv.dll 2014-12-10 18:39 - 2009-05-20 18:17 - 00684032 _____ ( ) C:\Windows\SysWOW64\dldwhbn3.dll 2014-12-10 18:39 - 2009-05-20 18:11 - 00860160 _____ ( ) C:\Windows\SysWOW64\dldwusb1.dll 2014-12-10 18:39 - 2009-05-20 16:46 - 00376832 _____ ( ) C:\Windows\SysWOW64\dldwcomm.dll 2014-12-10 18:39 - 2009-05-20 16:44 - 00577536 _____ ( ) C:\Windows\SysWOW64\dldwlmpm.dll 2014-12-10 18:39 - 2009-05-20 15:58 - 00339968 _____ ( ) C:\Windows\SysWOW64\dldwiesc.dll 2014-12-10 18:39 - 2009-05-20 15:35 - 00761856 _____ ( ) C:\Windows\SysWOW64\dldwcomc.dll 2014-12-10 18:39 - 2009-05-20 15:35 - 00364544 _____ ( ) C:\Windows\SysWOW64\dldwinpa.dll 2014-12-10 18:39 - 2009-05-20 14:57 - 00389120 _____ () C:\Windows\SysWOW64\DLDWinst.dll 2014-12-10 18:39 - 2009-03-25 22:58 - 00090112 _____ () C:\Windows\system32\dldwinsr.dll 2014-12-10 18:39 - 2009-03-25 22:58 - 00022016 _____ () C:\Windows\system32\dldwcur.dll 2014-12-10 18:39 - 2009-03-25 22:57 - 00129536 _____ () C:\Windows\system32\dldwjswr.dll 2014-12-10 18:39 - 2009-03-25 22:55 - 00236544 _____ () C:\Windows\system32\dldwins.dll 2014-12-10 18:39 - 2009-03-25 22:55 - 00164864 _____ () C:\Windows\system32\dldwinsb.dll 2014-12-10 18:39 - 2009-03-25 22:55 - 00100352 _____ () C:\Windows\system32\dldwcu.dll 2014-12-10 18:39 - 2009-03-25 22:55 - 00068608 _____ () C:\Windows\system32\dldwcub.dll 2014-12-10 18:39 - 2009-03-25 22:54 - 00749568 _____ () C:\Windows\system32\dldwutil.dll 2014-12-10 18:39 - 2009-03-25 22:54 - 00299008 _____ () C:\Windows\system32\dldwgrd.dll 2014-12-10 18:39 - 2009-03-25 22:12 - 00106496 _____ () C:\Windows\SysWOW64\dldwinsr.dll 2014-12-10 18:39 - 2009-03-25 22:12 - 00036864 _____ () C:\Windows\SysWOW64\dldwcur.dll 2014-12-10 18:39 - 2009-03-25 22:11 - 00147456 _____ () C:\Windows\SysWOW64\dldwjswr.dll 2014-12-10 18:39 - 2009-03-25 22:10 - 00180224 _____ () C:\Windows\SysWOW64\dldwinsb.dll 2014-12-10 18:39 - 2009-03-25 22:10 - 00176128 _____ () C:\Windows\SysWOW64\dldwins.dll 2014-12-10 18:39 - 2009-03-25 22:10 - 00086016 _____ () C:\Windows\SysWOW64\dldwcub.dll 2014-12-10 18:39 - 2009-03-25 22:10 - 00077824 _____ () C:\Windows\SysWOW64\dldwcu.dll 2014-12-10 18:39 - 2009-03-25 22:09 - 00536576 _____ () C:\Windows\SysWOW64\dldwutil.dll 2014-12-10 18:39 - 2008-04-25 01:47 - 00065024 _____ () C:\Windows\system32\DLDWcfg.dll 2014-12-10 18:39 - 2008-03-31 19:13 - 00983121 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dldwgf.dll 2014-12-10 18:39 - 2008-03-31 19:13 - 00983121 _____ (Microsoft Corporation) C:\Windows\system32\dldwgf.dll 2014-12-10 18:13 - 2014-12-10 18:13 - 00000000 ____D () C:\Users\jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell 2014-12-10 18:12 - 2014-12-10 18:13 - 00000000 ____D () C:\Users\jim\AppData\Local\Deployment 2014-12-10 18:12 - 2014-12-10 18:12 - 00000000 ____D () C:\Users\jim\AppData\Local\Apps\2.0 2014-12-09 09:12 - 2014-12-09 09:12 - 00588899 _____ () C:\ProgramData\SPL6911.tmp 2014-12-08 08:58 - 2014-12-08 08:58 - 00000000 ____D () C:\Users\Default\AppData\Local\Trusteer 2014-12-08 08:58 - 2014-12-08 08:58 - 00000000 ____D () C:\Users\Default User\AppData\Local\Trusteer 2014-12-06 23:39 - 2014-12-06 23:39 - 00135691 _____ () C:\Users\jim\Documents\Preliminary layout for medieval farmhouse.odt 2014-12-06 14:59 - 2014-12-10 10:18 - 00000285 _____ () C:\Users\jim\Desktop\ifixit camera question.url 2014-12-05 11:09 - 2014-12-05 11:10 - 00000145 _____ () C:\Users\jim\Desktop\WDE.url 2014-12-04 15:48 - 2014-12-04 15:48 - 00000000 ____D () C:\Users\jim\AppData\Local\Trusteer 2014-12-04 15:46 - 2014-12-04 15:46 - 00000000 ____D () C:\ProgramData\Trusteer 2014-12-03 23:43 - 2014-12-03 23:43 - 00002774 _____ () C:\Users\jim\AppData\Local\recently-used.xbel 2014-12-01 18:31 - 2014-12-01 18:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-12-01 18:31 - 2014-12-01 18:31 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-12-01 18:28 - 2014-12-17 13:29 - 00000000 ____D () C:\Users\jim\AppData\Local\Adobe 2014-12-01 16:58 - 2014-12-01 16:58 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Free All-In-One Media Player.lnk 2014-12-01 16:58 - 2014-12-01 16:58 - 00001143 _____ () C:\Users\jim\Desktop\Free All-In-One Media Player.lnk 2014-12-01 16:58 - 2014-12-01 16:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free All-In-One Media Player 2014-12-01 08:55 - 2014-12-01 08:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack 2014-12-01 08:54 - 2014-12-01 08:55 - 00000000 ____D () C:\Windows\SysWOW64\C2MP 2014-11-27 13:41 - 2014-11-27 13:42 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-11-27 13:41 - 2014-11-27 13:41 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-11-27 13:41 - 2014-11-27 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-11-27 13:41 - 2014-11-27 13:41 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-11-27 13:40 - 2014-11-27 13:40 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2014-11-27 13:40 - 2014-11-27 13:40 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update 2014-11-26 08:08 - 2014-12-17 07:26 - 00096876 _____ () C:\Windows\PFRO.log 2014-11-26 01:09 - 2014-12-17 13:37 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-26 01:09 - 2014-12-17 13:37 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-24 23:28 - 2014-11-24 23:30 - 00016093 _____ () C:\Users\jim\Documents\karen archery club.odt 2014-11-24 23:25 - 2014-11-24 23:25 - 00010361 _____ () C:\Users\jim\Documents\alan owens yuotube demos.odt 2014-11-22 23:55 - 2014-12-19 08:10 - 00006498 _____ () C:\Windows\setupact.log 2014-11-22 23:55 - 2014-11-22 23:55 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-20 09:25 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-20 09:25 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-20 09:25 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-20 09:25 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-19 10:27 - 2013-11-08 00:09 - 00000000 ____D () C:\ProgramData\Dl_cats 2014-12-19 10:26 - 2014-06-12 08:51 - 00000000 ____D () C:\Users\jim\Desktop\viewing daily 2014-12-19 08:25 - 2009-07-14 04:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-12-19 08:25 - 2009-07-14 04:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-12-19 08:22 - 2013-11-06 20:45 - 01655178 _____ () C:\Windows\WindowsUpdate.log 2014-12-19 08:14 - 2009-07-14 05:13 - 00855524 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-19 08:10 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-12-19 05:51 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-12-18 16:07 - 2013-11-19 23:52 - 00000000 ____D () C:\Windows\system32\MRT 2014-12-18 16:05 - 2014-03-09 08:31 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-12-17 10:26 - 2014-06-06 21:35 - 00000000 ____D () C:\Program Files\Adblock Plus for IE 2014-12-16 20:38 - 2013-11-07 17:13 - 00000000 ____D () C:\Users\jim\Desktop\jims folder 2014-12-16 19:30 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-12-16 19:28 - 2013-11-06 21:19 - 00000000 ____D () C:\Users\jim 2014-12-16 19:27 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration 2014-12-16 17:57 - 2014-03-05 12:20 - 00000000 ____D () C:\Program Files (x86)\Google 2014-12-16 08:28 - 2014-04-28 06:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftwareWatcher bundle 2014-12-16 02:00 - 2014-07-24 06:40 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-12-16 00:47 - 2014-06-29 17:41 - 00000185 _____ () C:\Users\jim\Desktop\freepchelp.url 2014-12-15 20:54 - 2009-07-14 03:20 - 00000000 __RSD () C:\Windows\Media 2014-12-10 18:44 - 2013-11-07 21:59 - 00005808 _____ () C:\ProgramData\dldw.log 2014-12-10 18:40 - 2013-11-10 02:29 - 00003176 _____ () C:\Windows\System32\Tasks\Installation App Launcher 2014-12-10 18:35 - 2014-01-29 15:28 - 00000000 ____D () C:\ProgramData\Oracle 2014-12-10 18:22 - 2014-06-19 18:25 - 00000000 ____D () C:\Program Files (x86)\Java 2014-12-10 00:13 - 2014-06-06 21:34 - 00000000 ____D () C:\ProgramData\Package Cache 2014-12-09 11:06 - 2014-06-11 21:04 - 00000000 ____D () C:\Users\jim\AppData\Local\CrashDumps 2014-12-04 00:44 - 2014-10-18 01:21 - 00017653 _____ () C:\Users\jim\Documents\christmas card exchange addresses 2014.odt 2014-12-03 23:44 - 2013-11-07 05:21 - 00000000 ____D () C:\Users\jim\.gimp-2.8 2014-12-03 23:43 - 2013-12-05 19:26 - 00000000 ____D () C:\Users\jim\AppData\Local\gtk-2.0 2014-12-01 16:58 - 2014-07-21 15:53 - 00000000 ____D () C:\Program Files (x86)\FreeAllInOneMediaPlayer 2014-11-25 19:46 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-11-22 23:51 - 2014-10-29 02:01 - 00000000 ____D () C:\Windows\Minidump 2014-11-19 01:25 - 2014-11-08 04:07 - 00000209 _____ () C:\Users\jim\Desktop\New Internet Shortcut.url Some content of TEMP: ==================== C:\Users\jim\AppData\Local\Temp\Quarantine.exe C:\Users\jim\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-12-15 00:48 ==================== End Of Log ============================ Quote
Starbuck Posted December 19, 2014 Posted December 19, 2014 Hi Jim, BTW is now and again I get snow coming down the screen - it only shows in the none white parts. Don't worry, it's only KenB getting into the Christmas spirit ( he's a big kid at heart ) Thanks for the reports. Step 1 Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION This indicates that the program shown should be uninstalled. Step 2 Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. Thanksfixlist.txt Quote Member of:UNITE
mij Posted December 19, 2014 Author Posted December 19, 2014 Hi Jim, Don't worry, it's only KenB getting into the Christmas spirit ( he's a big kid at heart ) Well it suits me as well but I do know that some viruses start like that LOL. Thanks for the reports. Step 1 This indicates that the program shown should be uninstalled. Step 2 Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. Thanks Ok I hopefully have done that correctly and will try to find the log. Is this the one? It has the correct timing on it but I had tucked them all away in an all encompassing folder before I read your post a little more accurately. Jim Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014 Ran by jim at 2014-12-19 23:23:08 Run:1 Running from C:\Users\jim\Desktop Loaded Profile: jim (Available profiles: jim) Boot Mode: Normal ============================================== Content of fixlist: ***************** CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2061593873-442737242-47621587-1000 -> URL http://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID &SearchSource=58&CUI=&UM=4&UP=SP34ABE26C-462B-418C-931B-4D2EE699B991&q={searchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-2061593873-442737242-47621587-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} S3 cpuz134; \??\C:\Users\jim\AppData\Local\Temp\cpuz134\cpuz13 4_x64.sys [X] S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S3 TEAM; system32\DRIVERS\RtTeam60.sys [X] 2014-12-09 09:12 - 2014-12-09 09:12 - 00588899 _____ () C:\ProgramData\SPL6911.tmp C:\Users\jim\AppData\Local\Temp\Quarantine.exe C:\Users\jim\AppData\Local\Temp\sqlite3.dll Task: {B70AB2ED-3A8F-4180-8922-DD576361DEAE} - System32\Tasks\{54971752-5FB6-4615-848D-B9CCECC8C04D} => pcalua.exe -a C:\Users\jim\AppData\Local\Temp\Temp1_SmartPackSet up1.22.0.exe.zip\SmartPackSetup1.22.0.exe Hosts: CMD: ipconfig /flushdns EmptyTemp: ***************** "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-21-2061593873-442737242-47621587-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL http://search.conduit.com/Results.aspx?ctid=CT3323737&octid=EB_ORIGINAL_CTID => Value not found. HKU\S-1-5-21-2061593873-442737242-47621587-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully. cpuz134 => Service deleted successfully. MREMP50 => Service deleted successfully. MREMP50a64 => Service deleted successfully. MREMPR5 => Service deleted successfully. MRENDIS5 => Service deleted successfully. MRESP50 => Service deleted successfully. MRESP50a64 => Service deleted successfully. TEAM => Service deleted successfully. C:\ProgramData\SPL6911.tmp => Moved successfully. C:\Users\jim\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\jim\AppData\Local\Temp\sqlite3.dll => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B70AB2ED-3A8F-4180-8922-DD576361DEAE}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B70AB2ED-3A8F-4180-8922-DD576361DEAE}" => Key deleted successfully. C:\Windows\System32\Tasks\{54971752-5FB6-4615-848D-B9CCECC8C04D} => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{54971752-5FB6-4615-848D-B9CCECC8C04D}" => Key deleted successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => Removed 1.9 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== Quote
Starbuck Posted December 20, 2014 Posted December 20, 2014 Hi Jim, Is this the one? Yes, that's the one Results look good :) How's the system running? Any problems? Quote Member of:UNITE
mij Posted December 20, 2014 Author Posted December 20, 2014 How's the system running? Any problems? Going like a V8 on alcohol and firing on all cylinders. Like a dream machine. Thanks guys a merry Christmas and a happy new year. jim Quote
Starbuck Posted December 20, 2014 Posted December 20, 2014 Going like a V8 on alcohol and firing on all cylinders. Like a dream machine. Sounds pretty good then :) Let's finish the cleaning process and remove the tools we have used. We'll also set you a fresh restore point. Download Delfix and save it to your desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to: Create registry backup Purge system restore http://img.photobucket.com/albums/v708/starbuck50/delf_zpsb39a5ff3.png . Click the Run button. When the tool has finished, a log will open in notepad.... but i don't actually need this report I wish you and your family a very Merry Christmas Jim. Safe surfing. http://fc08.deviantart.net/fs71/f/2010/033/b/3/Computer_addict__by_Sinister_Starfeesh.gif Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.