Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Dell XPS8300 internet running really slow and taking ages to load [Sol


  • This topic is locked This topic is locked
37 replies to this topic

#16 killallviruses

killallviruses

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 03 September 2014 - 05:19 AM

C:\Users\Randles\Desktop\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application


    Advertisements

Register to Remove


#17 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 03 September 2014 - 05:30 AM

Hello, 
 

C:\Users\Randles\Desktop\Unlocker1.9.2.exe a variant of Win32/Toolbar.Babylon.E potentially unwanted application

This file isn't necessarily a threat. The detection is likely due to the programme bundling a Potentially Unwanted Programme (PUP). You can delete the file if you want (right-click + Delete). 
 
Here is some information on using MSCONFIG as a Startup Manager. 
 

F0hoanr.png Using MSCONFIG as a Startup Manager
From your logs I can see you are using MSCONFIG as a startup manager. I would not advise this. MSCONFIG is a system configuration utility, designed to help troubleshoot and diagnose system configuration issues in Windows. From the Microsoft article relating to MSCONFIG, "The System Configuration utility helps you find problems with your Windows configuration. It does not manage the programs that run when Windows starts."
 
Whilst the programme works as a basic startup manager, MSCONFIG should not be used to routinely disable auto-start programmes. It is a temporary solution and not a good practice for the following reasons.

  • Uninstalling programmes left disabled in MSCONFIG will sometimes result in a failed uninstallation. 
  • MSCONFIG will often leave orphaned entries when software is uninstalled. When used to switch back to normal startup mode, these orphan entries can result in boot-up errors.
  • MSCONFIG allows malware-related items to hide in your registry which may not become apparent until switched back to normal startup mode - this could result in reinfection. 
  • MSCONFIG does not list all applications loaded in all possible startup locations, as some entry points are hidden and unknown to the user. 
     
For these reasons, I recommend reversing the changes made in MSCONFIG...
  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type msconfig and click OK.
  • If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
  • In the Startup tab, click Enable All, followed by OK.
  • If prompted, click Restart.
...and installing the programme below. 
 
1Vc5ho7.png.pagespeed.ce.COxAFG6BVF.png WinPatrol is a versatile system monitoring programme (originally created by Bill Pytlovany/BillP Studios and now owned by Ruiware, LLC) that utilizes a small memory footprint and offers various features, such as:
  • Takes a snapshot of critical system resources and provides alerts if any changes occur.
  • Serves as a Startup Manager which works much better than MSCONFIG.
  • Tracks programmes that have been installed on your system and monitor the location Windows uses to store uninstall information.
  • Alerts to changes in programmes that run at startup.
  • Alerts if another programme has removed a startup programme.
  • Alerts if attempts are made to change (hijack) browser Home and Search pages in Internet Explorer.
  • Has the ability to delay the launch of a startup programmes.
  • Monitors toolbars, registry modifications, changes to file extensions and changes to the HOSTS file.
I recommend reading the documentation before installing the programme.

 

 

STEP 1
xCXrghb6.png.pagespeed.ic.GoiQhwxA2B.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
xEtQetiM.png.pagespeed.ic.6601abWTTy.jpg Remove Outdated Software

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
    • Adobe Reader XI (11.0.07)
  • Follow the prompts and reboot if necessary.
     

STEP 3
xzANS9oB.png.pagespeed.ic.nXxwTg2de3.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser. For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button x29Fou9c.jpg.pagespeed.ic.BYzVp8c_Mk.jpg and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png.pagespeed.ce.C25V2YBM3k.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Any outstanding issues?

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#18 killallviruses

killallviruses

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 03 September 2014 - 05:48 AM

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 14.0.0.179  
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 
 
Just going to reboot, ill let you know how things are upon reboot


#19 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 03 September 2014 - 06:11 AM

OK. If all is well...

 

All Clean!
Congratulations, your computer appears clean!  xsmile.png.pagespeed.ic.CwSpBGGvqN.png
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png.pagespeed.ce.vPjGp_AkW3.png
 

STEP 1
xAFZxnZc.jpg.pagespeed.ic.8db6OVtjOI.png DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Create system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
--- Malwarebytes Anti-Malware will still be present on your computer. I recommend keeping this programme, updating and scanning with it once a week to maintain security on your computer. If you do not wish to keep this programme on your computer, you can uninstall it by pressing the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time, typing appwiz.cpl, clicking OK and searching for Malwarebytes.
 
======================================================
 
Below I have compiled a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • 16x16xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8 AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • 16x16x7D2ig3K.png.pagespeed.ic.x4TC1AK8O Emsisoft Antimalware (free) acts as an additional on-demand scanner, and can be used in conjunction with your Anti-Virus. 
  • xEG85Vjt.png.pagespeed.ic.3itacBrobj.jpg Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • 16x16x6YRrgUC.png.pagespeed.ic.HjgFxjvw2 Malwarebytes Anti-Malware Premium (MBAM) incorporates real-time protection and is designed to run alongside your Anti-Virus. 
  • 16x16xjv4nhMJ.png.pagespeed.ic.A5YbWn1eD NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. 
  • 3O8r9Uq.png.pagespeed.ce.0ubSznu3ZV.png Sandboxie isolates programmes of your choice, preventing files from writing to your HDD unless you approve the file. 
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • 16x16xj1OLIec.png.pagespeed.ic.k6hhwopU0 SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • 16x16xsHjS79L.png.pagespeed.ic.n4Sk8_GzZ Unchecky automatically removes checkmarks for additional software in programme installers, helping you avoid adware and PUPs. 
  • 16x16xJEP5iWI.png.pagespeed.ic.4tmM1lM7D Web of Trust (WOT) is a browser add-on designed to alert the user before interacting with a potentially malicious website. 
     

Need a second opinion on a file or website? Scan the file/URL before clicking by using one of the following free online scanner services.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using WhatTheTech.
 
Safe Surfing.  xthumbup.gif.pagespeed.ic.7aXFW0A4z_.png
Adam (LiquidTension).


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#20 killallviruses

killallviruses

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 03 September 2014 - 06:17 AM

# DelFix v10.8 - Logfile created 03/09/2014 at 13:15:28
# Updated 29/07/2014 by Xplode
# Username : Randles - RANDLES-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\TDSSKiller.3.0.0.40_02.09.2014_15.43.29_log.txt
Deleted : C:\Users\Randles\Desktop\AdwCleaner.exe
Deleted : C:\Users\Randles\Desktop\CKScanner.exe
Deleted : C:\Users\Randles\Desktop\dds.scr
Deleted : C:\Users\Randles\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Randles\Desktop\Extras.Txt
Deleted : C:\Users\Randles\Desktop\Fixlog.txt
Deleted : C:\Users\Randles\Desktop\FRST64.exe
Deleted : C:\Users\Randles\Desktop\FSS.exe
Deleted : C:\Users\Randles\Desktop\FSS.txt
Deleted : C:\Users\Randles\Desktop\JRT.exe
Deleted : C:\Users\Randles\Desktop\JRT.txt
Deleted : C:\Users\Randles\Desktop\HiJackThis.exe
Deleted : C:\Users\Randles\Desktop\hijackthis.log
Deleted : C:\Users\Randles\Desktop\OTL.Txt
Deleted : C:\Users\Randles\Desktop\OTL.exe

Thanks Adam
 
I really appreciate your time and effort


#21 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 03 September 2014 - 06:19 AM

You are more than welcome. :)

 

All the best, 

Adam.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#22 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 03 September 2014 - 06:19 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#23 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 05 September 2014 - 09:31 AM

This topic has been reopened by request of the starter of this topic.

Or it has been moved to the correct forum

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#24 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 05 September 2014 - 09:39 AM

Hello, 
 

the internet is back to taking ages to connect when I switch the PC on

 
Are you saying there's a gap between the time your Desktop loads and the time your computer connects to the Internet?
Is this the only issue?
 
Please run the following programmes, and post the logs generated. 
 
STEP 1
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Right-Click FRST64.exe and select Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
xgxJsKn9.png.pagespeed.ic.M4hykS4GUJ.png Farbar Service Scanner (FSS)

  • Please download FSS and save the file to your Desktop.
  • Right-Click FSS.exe and select Run as administrator to run the programme.
  • Ensure the following items are checked:
    • xH5woOOZ.png.pagespeed.ic.T3Pfzk_LLB.png.
    • xTA6BLVm.png.pagespeed.ic.sqmxnaDPxe.png.
    • xe1PK1mD.png.pagespeed.ic.55-up2Fsst.png.
    • xmQdJltp.png.pagespeed.ic.LswxcoOK3I.png.
    • 7wCHunX.png.pagespeed.ce.KZduXTGibJ.png.
    • wU6iCZ5.png.pagespeed.ce.r8ASNNqNd0.png.
  • Click Scan.
  • A log (FSS.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
rzqZvBe.png.pagespeed.ce.PBqTwa5eBH.png MiniToolBox

  • Please download MiniToolBox and save the file to your Desktop.
  • Close any open windows.
  • Right-Click MiniToolBox.exe and select Run as administrator to run the programme.
  • Check the following items:
    • xnjvAG80.png.pagespeed.ic.gZ68caRLlk.png
    • x6N6QY9z.png.pagespeed.ic.RZLy3aMroe.png
    • xzmWTIXg.png.pagespeed.ic.jk5F8RLnO0.png
    • xVAFn5gg.png.pagespeed.ic.5odCA8V0sB.png
    • xAtULTyM.png.pagespeed.ic.DLOr6jzxBm.png
    • xkLju9nY.png.pagespeed.ic.vNxMEjiYIj.png
    • xchxHkm0.png.pagespeed.ic.PM6HDRTaQH.png
    • x6KiAnDw.png.pagespeed.ic.p9_-awFSHr.png
    • xrO2mCup.png.pagespeed.ic.D0lIj8O5zz.png & xIi0HSu5.png.pagespeed.ic.XpaRxlE4dr.png
  • Click GO.
  • A log (Result.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 4
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • FSS.txt
  • Result.txt
     

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#25 killallviruses

killallviruses

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 06 September 2014 - 04:15 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2014
Ran by Randles (administrator) on RANDLES-PC on 06-09-2014 11:12:45
Running from C:\Users\Randles\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM Group Policy restriction on software: *.wma.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.pif <====== ATTENTION
HKLM Group Policy restriction on software: *‮* <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.pif <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.7z.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\inst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\inst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\inst.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\inst.exe <====== ATTENTION
HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [395640 2014-03-19] (BitTorrent, Inc.)
HKU\S-1-5-21-2957639889-2282880335-1771364558-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
Startup: C:\Users\Randles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Get 2 FREE Audiobooks.lnk
ShortcutTarget: Get 2 FREE Audiobooks.lnk -> C:\Users\Randles\AppData\Local\Temp\HelpInstaller_StartUp.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA9B5D01D5D4DCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-11]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.facebook.com/"
CHR DefaultSearchKeyword: Default -> 75AF3BCA351B5A2B2AA27F74F2BD01317ED71D6AA7084628B5C73B004885A2C9
CHR DefaultSearchURL: Default -> B4ACD5766CD0EC0479720A4F2A16A214473FA79146CB6DC736EB3DDD639B9307
CHR Profile: C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-11]
CHR Extension: (Adblock Plus) - C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-06-11]
CHR Extension: (Google Search) - C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-11]
CHR Extension: (avast! Online Security) - C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-11]
CHR Extension: (Google Wallet) - C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-11]
CHR Extension: (Gmail) - C:\Users\Randles\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-11]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-04] (AVAST Software)
S4 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 ZY202_64; C:\Windows\System32\DRIVERS\WlanUZ64.SYS [535168 2006-06-20] (ZyDAS Technology Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-06 11:12 - 2014-09-06 11:13 - 00022787 _____ () C:\Users\Randles\Desktop\FRST.txt
2014-09-06 11:12 - 2014-09-06 11:12 - 00000000 ____D () C:\FRST
2014-09-06 11:11 - 2014-09-06 11:11 - 02104832 _____ (Farbar) C:\Users\Randles\Desktop\FRST64.exe
2014-09-05 13:28 - 2014-09-05 13:29 - 00000000 ____D () C:\Users\Randles\Desktop\Soundplate 540
2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\Users\Randles\AppData\Roaming\WinPatrol
2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-09-03 12:31 - 2014-09-03 12:31 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-03 12:31 - 2014-09-03 12:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-03 12:31 - 2014-09-03 12:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-03 12:31 - 2014-09-03 12:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-03 12:31 - 2014-09-03 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-03 12:31 - 2014-09-03 12:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-02 21:21 - 2014-09-02 21:21 - 00000000 ____D () C:\Users\Randles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-09-02 21:21 - 2014-09-02 21:21 - 00000000 ____D () C:\Program Files\Unlocker
2014-08-28 08:59 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 08:59 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 08:59 - 2014-08-23 01:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-24 11:45 - 2014-08-24 12:02 - 00000300 _____ () C:\Users\Randles\Documents\footy hashtags.txt
2014-08-23 11:26 - 2014-09-03 21:05 - 00009974 _____ () C:\Windows\PFRO.log
2014-08-22 14:56 - 2014-08-22 14:56 - 00000000 ____D () C:\Users\Randles\AppData\Local\SKIDROW
2014-08-16 11:13 - 2014-08-16 11:13 - 00000057 _____ () C:\Users\Randles\Documents\New Mash.txt
2014-08-13 14:12 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 14:12 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 14:12 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 14:12 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 14:12 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 14:12 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 14:12 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 14:12 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 11:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 11:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 11:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 11:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 11:25 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 11:25 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 11:25 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 11:25 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 11:25 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 11:25 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 11:25 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 11:25 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 11:24 - 2014-08-01 00:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 11:24 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 11:24 - 2014-07-25 15:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 11:24 - 2014-07-25 15:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 11:24 - 2014-07-25 15:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 11:24 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 11:24 - 2014-07-25 14:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 11:24 - 2014-07-25 14:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 11:24 - 2014-07-25 14:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 11:24 - 2014-07-25 14:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 11:24 - 2014-07-25 14:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 11:24 - 2014-07-25 14:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 11:24 - 2014-07-25 14:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 11:24 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 11:24 - 2014-07-25 14:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 11:24 - 2014-07-25 14:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 11:24 - 2014-07-25 14:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 11:24 - 2014-07-25 13:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 11:24 - 2014-07-25 13:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 11:24 - 2014-07-25 13:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 11:24 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 11:24 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 11:24 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 11:24 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 11:24 - 2014-07-25 13:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 11:24 - 2014-07-25 13:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 11:24 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 11:24 - 2014-07-25 13:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 11:24 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 11:24 - 2014-07-25 13:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 11:24 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 11:24 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 11:24 - 2014-07-25 13:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 11:24 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 11:24 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 11:24 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 11:24 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 11:24 - 2014-07-25 12:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 11:24 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 11:24 - 2014-07-25 12:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 11:24 - 2014-07-25 12:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 11:24 - 2014-07-25 12:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 11:24 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 11:24 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 11:24 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 11:24 - 2014-07-25 12:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 11:24 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 11:24 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 11:24 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 11:24 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 11:24 - 2014-07-25 11:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 11:24 - 2014-07-25 11:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 11:24 - 2014-07-25 11:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 11:24 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 11:24 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 11:24 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 11:24 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 11:24 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 11:24 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 11:24 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 11:24 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 11:24 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 11:24 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 11:00 - 2014-07-16 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 11:00 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 10:52 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 10:52 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 10:52 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 10:47 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 10:47 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 10:40 - 2014-08-07 03:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 10:40 - 2014-08-07 03:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-11 13:50 - 2014-08-11 13:50 - 00000076 _____ () C:\Users\Randles\Documents\Online Exchanges.txt
2014-08-11 12:17 - 2014-08-11 12:17 - 00000508 _____ () C:\Users\Randles\Documents\mobiles.co.uk.txt
2014-08-08 13:44 - 2014-08-08 13:44 - 00006691 _____ () C:\Users\Randles\Documents\chat with rick.txt
2014-08-08 10:47 - 2014-08-08 10:47 - 00000314 _____ () C:\Users\Randles\Documents\phone dropped out of window.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-06 11:13 - 2014-09-06 11:12 - 00022787 _____ () C:\Users\Randles\Desktop\FRST.txt
2014-09-06 11:12 - 2014-09-06 11:12 - 00000000 ____D () C:\FRST
2014-09-06 11:11 - 2014-09-06 11:11 - 02104832 _____ (Farbar) C:\Users\Randles\Desktop\FRST64.exe
2014-09-06 11:11 - 2014-01-06 14:59 - 00000000 ____D () C:\Users\Randles\AppData\Roaming\uTorrent
2014-09-06 10:59 - 2014-06-11 12:48 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 10:41 - 2009-07-14 05:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 10:41 - 2009-07-14 05:45 - 00028928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 10:40 - 2013-12-08 14:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-06 10:39 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-06 10:38 - 2013-05-09 03:08 - 01621932 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 10:36 - 2013-05-11 12:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-06 10:34 - 2014-07-20 17:47 - 00009853 _____ () C:\Windows\setupact.log
2014-09-06 10:34 - 2014-06-11 12:48 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 10:34 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 17:03 - 2014-04-04 10:30 - 00000000 ____D () C:\Users\Randles\AppData\Roaming\vlc
2014-09-05 13:29 - 2014-09-05 13:28 - 00000000 ____D () C:\Users\Randles\Desktop\Soundplate 540
2014-09-04 21:25 - 2013-05-10 12:24 - 00000000 ____D () C:\Users\Randles\Documents\Avast
2014-09-03 21:05 - 2014-08-23 11:26 - 00009974 _____ () C:\Windows\PFRO.log
2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\Users\Randles\AppData\Roaming\WinPatrol
2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\ProgramData\InstallMate
2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\Program Files (x86)\Ruiware
2014-09-03 14:06 - 2013-05-09 17:20 - 00059192 _____ () C:\Users\Randles\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-03 13:15 - 2014-05-23 10:04 - 00001417 _____ () C:\DelFix.txt
2014-09-03 12:45 - 2013-09-28 16:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-03 12:38 - 2014-07-23 16:39 - 00000000 ____D () C:\Windows\pss
2014-09-03 12:33 - 2014-03-21 12:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-03 12:31 - 2014-09-03 12:31 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-03 12:31 - 2014-09-03 12:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-03 12:31 - 2014-09-03 12:31 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-03 12:31 - 2014-09-03 12:31 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-03 12:31 - 2014-09-03 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-03 12:31 - 2014-09-03 12:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-03 03:00 - 2009-07-14 05:45 - 00269152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-02 21:41 - 2013-05-10 12:24 - 00000000 ____D () C:\Users\Randles\Documents\Exported WAV's
2014-09-02 21:21 - 2014-09-02 21:21 - 00000000 ____D () C:\Users\Randles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2014-09-02 21:21 - 2014-09-02 21:21 - 00000000 ____D () C:\Program Files\Unlocker
2014-09-02 20:35 - 2013-05-16 11:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-02 20:34 - 2011-04-12 09:28 - 00000000 ____D () C:\Windows\ShellNew
2014-09-02 20:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-02 11:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-28 17:32 - 2013-05-09 17:09 - 00000000 ____D () C:\Users\Randles
2014-08-28 17:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-08-28 17:27 - 2014-04-20 15:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-24 12:02 - 2014-08-24 11:45 - 00000300 _____ () C:\Users\Randles\Documents\footy hashtags.txt
2014-08-23 03:07 - 2014-08-28 08:59 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:45 - 2014-08-28 08:59 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 01:59 - 2014-08-28 08:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 14:56 - 2014-08-22 14:56 - 00000000 ____D () C:\Users\Randles\AppData\Local\SKIDROW
2014-08-17 12:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-17 11:55 - 2013-12-08 14:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-17 11:55 - 2013-11-09 17:00 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-17 11:55 - 2013-11-09 17:00 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-16 16:47 - 2014-08-04 15:53 - 15552056 _____ () C:\Users\Randles\Desktop\uN6LK37.bmp
2014-08-16 11:13 - 2014-08-16 11:13 - 00000057 _____ () C:\Users\Randles\Documents\New Mash.txt
2014-08-13 16:18 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 14:16 - 2013-07-15 16:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 14:15 - 2012-10-31 18:10 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 14:11 - 2014-05-06 10:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-11 13:50 - 2014-08-11 13:50 - 00000076 _____ () C:\Users\Randles\Documents\Online Exchanges.txt
2014-08-11 12:17 - 2014-08-11 12:17 - 00000508 _____ () C:\Users\Randles\Documents\mobiles.co.uk.txt
2014-08-10 16:16 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-10 16:16 - 2009-07-14 06:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU(18).TXT
2014-08-08 13:44 - 2014-08-08 13:44 - 00006691 _____ () C:\Users\Randles\Documents\chat with rick.txt
2014-08-08 10:47 - 2014-08-08 10:47 - 00000314 _____ () C:\Users\Randles\Documents\phone dropped out of window.txt
2014-08-07 03:06 - 2014-08-13 10:40 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:01 - 2014-08-13 10:40 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
 
Some content of TEMP:
====================
C:\Users\Randles\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 10:52
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2014
Ran by Randles at 2014-09-06 11:13:26
Running from C:\Users\Randles\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
ATI AVIVO64 Codecs (Version: 11.6.0.10104 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.2.4.1 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0104.2155.39304 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0104.2155.39304 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help English (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help French (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help German (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0104.2154.39304 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0104.2155.39304 - ATI) Hidden
ccc-utility64 (Version: 2011.0104.2155.39304 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
02-09-2014 10:50:23 Windows Update
02-09-2014 19:32:40 Removed Microsoft Office Professional Plus 2007
02-09-2014 19:38:15 Removed Sound Forge Audio Studio 10.0
02-09-2014 19:38:52 Removed Windows Phone app for desktop
03-09-2014 10:41:38 Removed Java 7 Update 65
03-09-2014 11:30:51 Installed Java 7 Update 67
03-09-2014 11:42:59 Removed Adobe Reader XI (11.0.07).
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2014-05-14 10:31 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0C0230EF-F304-45AC-AFDF-0690EF2E5151} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-11] (Google Inc.)
Task: {11A8484A-F7C2-43A3-9A1E-B244913C2ECF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-11] (Google Inc.)
Task: {478DEEB6-344A-428F-A02E-6CFB15800B0E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {7E1CD238-6F5B-4DFF-8AB6-769636295D02} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: {D8565047-BD5A-4AF6-8613-743DD98AA971} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-17] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-07-04 20:13 - 2014-07-04 20:13 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-05 13:36 - 2014-09-05 13:36 - 02845184 _____ () C:\Program Files\AVAST Software\Avast\defs\14090501\algo.dll
2014-07-04 20:13 - 2014-07-04 20:13 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-03 12:50 - 2014-08-30 03:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-03 12:50 - 2014-08-30 03:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-03 12:50 - 2014-08-30 03:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-03 12:50 - 2014-08-30 03:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-03 12:50 - 2014-08-30 03:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: BrcmMgmtAgent => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/06/2014 10:34:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/05/2014 04:22:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/05/2014 10:31:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/04/2014 01:59:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/04/2014 10:02:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 09:06:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 04:31:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 00:55:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 00:41:23 PM) (Source: MsiInstaller) (EventID: 1024) (User: Randles-PC)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (09/03/2014 00:40:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (09/06/2014 10:34:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/05/2014 04:22:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/05/2014 10:31:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/04/2014 01:59:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/04/2014 10:02:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 09:06:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 04:31:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 00:55:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 00:41:23 PM) (Source: MsiInstaller) (EventID: 1024) (User: Randles-PC)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
 
Error: (09/03/2014 00:40:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2320 CPU @ 3.00GHz
Percentage of memory in use: 16%
Total physical RAM: 12270.46 MB
Available physical RAM: 10223.26 MB
Total Pagefile: 24539.09 MB
Available Pagefile: 22309.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.66 GB) (Free:395.42 GB) NTFS
Drive d: (DATAPART1) (Fixed) (Total:931.51 GB) (Free:590.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 2CA64954)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 95681C2B)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Farbar Service Scanner Version: 21-07-2014
Ran by Randles (administrator) on 06-09-2014 at 11:17:29
Running from "C:\Users\Randles\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Randles (administrator) on 06-09-2014 at 11:20:14
Running from "C:\Users\Randles\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= IP Configuration: ================================
 
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Randles-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : 520b.com
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : 520b.com
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : D4-BE-D9-91-A1-6F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 06 September 2014 10:37:01
   Lease Expires . . . . . . . . . . : 07 September 2014 10:37:01
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1
 
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com.520b.com
Address:  67.198.145.18
 
 
Pinging google.com [74.125.230.101] with 32 bytes of data:
Reply from 74.125.230.101: bytes=32 time=23ms TTL=56
Reply from 74.125.230.101: bytes=32 time=24ms TTL=56
 
Ping statistics for 74.125.230.101:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 24ms, Average = 23ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.1
 
DNS request timed out.
    timeout was 2 seconds.
Name:    yahoo.com.520b.com
Address:  67.198.145.18
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=121ms TTL=51
Reply from 98.139.183.24: bytes=32 time=121ms TTL=51
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 121ms, Maximum = 121ms, Average = 121ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...d4 be d9 91 a1 6f ......Broadcom NetLink ™ Gigabit Ethernet
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    276
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    276
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (09/06/2014 10:34:58 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/05/2014 04:22:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/05/2014 10:31:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/04/2014 01:59:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/04/2014 10:02:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 09:06:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 04:31:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 00:55:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 00:41:23 PM) (Source: MsiInstaller) (User: Randles-PC)
Description: Product: Adobe Reader XI (11.0.07) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127
 
Error: (09/03/2014 00:40:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (09/06/2014 10:34:58 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/05/2014 04:22:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/05/2014 10:31:38 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/04/2014 01:59:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/04/2014 10:02:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 09:06:33 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 04:31:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 00:55:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/03/2014 00:41:23 PM) (Source: MsiInstaller)(User: Randles-PC)
Description: Adobe Reader XI (11.0.07){AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
 
Error: (09/03/2014 00:40:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
========================= Devices: ================================
 
 
**** End of log ****

Edited by killallviruses, 06 September 2014 - 04:22 AM.

    Advertisements

Register to Remove


#26 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 06 September 2014 - 06:28 AM

Hello, 
 
Please answer my question, and do the following. 

Are you saying there's a gap between the time your Desktop loads and the time your computer connects to the Internet?
Is this the only issue?

 
STEP 1
xlK5Hdb.png.pagespeed.ce.J4MzrrPAEo.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    Startup: C:\Users\Randles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Get 2 FREE Audiobooks.lnk
    ShortcutTarget: Get 2 FREE Audiobooks.lnk -> C:\Users\Randles\AppData\Local\Temp\HelpInstaller_StartUp.exe (No File)
    2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\ProgramData\InstallMate
    Folder: C:\Users\Randles\AppData\Local\SKIDROW
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
qd0Bfg4.png.pagespeed.ce.JmzDQ2NO-u.png System Summary Information

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time.
  • Type msinfo32 and click OK.
  • Click on System Summary to select it. 
  • Click FileSave. Name the file Summary and save it to your Desktop.
  • Right-click the file on your desktop, hover your mouse over Send To and click Compressed (zipped) Folder.
  • Attach the Summary.zip folder in your next reply. 
     

======================================================
 
STEP 3
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Answer to questions
  • Fixlog.txt
  • Summary.zip (attached)

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#27 killallviruses

killallviruses

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 07 September 2014 - 06:52 AM

Hi Adam

 

Yeah its connecting instantly now, it does this though, it will be fine for a couple of days then it will go back to taking 5-7 mins to connect

 

Ill keep you posted on how it goes

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-09-2014
Ran by Randles at 2014-09-07 13:45:24 Run:1
Running from C:\Users\Randles\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
Startup: C:\Users\Randles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Get 2 FREE Audiobooks.lnk
ShortcutTarget: Get 2 FREE Audiobooks.lnk -> C:\Users\Randles\AppData\Local\Temp\HelpInstaller_StartUp.exe (No File)
2014-09-03 21:04 - 2014-09-03 21:04 - 00000000 ____D () C:\ProgramData\InstallMate
Folder: C:\Users\Randles\AppData\Local\SKIDROW
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************
 
C:\Users\Randles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Get 2 FREE Audiobooks.lnk => Moved successfully.
C:\Users\Randles\AppData\Local\Temp\HelpInstaller_StartUp.exe not found.
C:\ProgramData\InstallMate => Moved successfully.
 
========================= Folder: C:\Users\Randles\AppData\Local\SKIDROW ========================
 
2014-08-22 14:56 - 2014-08-22 14:56 - 0000000 ____D () C:\Users\Randles\AppData\Local\SKIDROW\245490
2014-08-22 14:56 - 2014-08-22 14:56 - 0000000 ____D () C:\Users\Randles\AppData\Local\SKIDROW\245490\Storage
 
====== End of Folder: ======
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
There's no user specified settings to be reset.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 417 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

 

Attached Files



#28 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 07 September 2014 - 07:34 AM

Hello, 

 

What is the make and model of your router? 


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#29 killallviruses

killallviruses

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 07 September 2014 - 09:23 AM

Huawei EchoLife HG520b



#30 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 07 September 2014 - 09:34 AM

Hello, 
 
Please do the following. Monitor your computer, and let me know if the issue reoccurs. 
 
KOtu1Ft.png Router Power Cycle 

  • Switch your computer off. 
  • Turn your router and/or modem off. 
  • Unplug your router/modem and all cables from the wall. 
  • Wait 30 seconds. 
  • Plug your router/modem back in and turn on. 
  • Switch your computer on. 
  • Check for the issue. 
     

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users