User Tag List

Help Please

This is a discussion on Help Please within the Resolved HJT Threads forums, part of the Tech Support Forum category. Dear Sirs I recently opened an email, (despite being warned not to do so by Goole), sent to me from


 
 
Thread Tools Search this Thread
Old 09-27-2015, 11:05 AM   #1
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



Dear Sirs

I recently opened an email, (despite being warned not to do so by Goole), sent to me from BrianandSally!

Sally is my stepbrother’s daughter & Brian is her husband, but the email was not from my relatives.

Ever since I opened the email, Google has had problems:

It keeps locking on me, and I cannot go forwards, backwards or open another link.

The only way to get out of the problem is to reboot my computer.

My computer has Windows 8

Jack Willday
Jack Willday is offline  
Sponsored Links
Advertisement
 
Old 09-30-2015, 07:37 PM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-01-2015, 10:55 AM   #3
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



Chemist

Thank you for responding to my request.

ADW Cleaner Log

# AdwCleaner v5.009 - Logfile created 01/10/2015 at 20:36:06
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Jack - SAMSUNG
# Running from : C:\Users\Jack\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\majdjmonojghnfpedjnjihcmkhfjpgag

***** [ Files ] *****

[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majdjmonojghnfpedjnjihcmkhfjpgag_0.localstorage
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_majdjmonojghnfpedjnjihcmkhfjpgag_0.localstorage-journal
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_inboxace.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_inboxace.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\t422z5os.default\searchplugins\search.xml

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\AVG Nation toolbar
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKLM\SOFTWARE\AVG Nation toolbar
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[!] Key Not Deleted : [x64] HKCU\Software\AVG Nation toolbar
[!] Key Not Deleted : [x64] HKCU\Software\Avg Secure Update

***** [ Web browsers ] *****

[-] [C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : majdjmonojghnfpedjnjihcmkhfjpgag

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1968 bytes] ##########

FRST Log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015
Ran by Jack (administrator) on SAMSUNG (01-10-2015 20:43:21)
Running from C:\Users\Jack\Desktop
Loaded Profiles: Jack (Available Profiles: Jack)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(AVG Technologies) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHCE.EXE
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHCE.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894152 2013-11-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1353432 2013-09-26] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [3952128 2012-11-27] (Bitcasa, Inc)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3775912 2015-08-24] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHCE.EXE [241280 2012-07-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\...\Run: [GoogleChromeAutoLaunch_4DCD0A585AE1D27D19F4EB1351CC758F] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-09-24] (Google Inc.)
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {F133724C-9672-4202-9C2C-956661CBCB1E} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {F133724C-9672-4202-9C2C-956661CBCB1E} => C:\windows\SysWOW64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A9F55109-D9DE-4BA7-B3B8-F2285CBF2A9D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DFE5EE72-5EEA-4E0D-A589-9FC7E6767006}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001 -> DefaultScope {823198BF-10B5-4DB6-B880-B1CBD4D08665} URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001 -> {823198BF-10B5-4DB6-B880-B1CBD4D08665} URL = hxxp://www.bing.com/search?q={searchTerms}
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1207694035-1696072749-1821295723-1001 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\t422z5os.default
FF Homepage: Google
FF SelectedSearchEngine: search
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2015-10-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-01]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-01]
CHR Extension: (Rapport) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-06-16]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-01]
CHR Extension: (Google Search) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-01]
CHR Extension: (Google Docs Offline) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Skype Click to Call) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-01]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2013-10-01]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]
CHR HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171664 2012-11-06] (Adobe Systems Incorporated)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3637160 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-08-24] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594568 2013-01-04] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100104 2013-09-05] (ELAN Microelectronics Corp.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 IntelliMemory; C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe [55120 2012-11-01] (Condusiv Technologies)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-04-18] ()
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-09-16] (IBM Corp.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2604856 2015-02-25] (AVG Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3388144 2013-04-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313264 2015-08-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113664 2013-10-11] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22832 2013-07-24] (ELAN Microelectronic Corp.)
R1 intmfs; C:\Windows\System32\DRIVERS\intmfs.sys [28496 2012-11-01] (Condusiv Technologies)
R0 intmsd; C:\Windows\System32\DRIVERS\intmsd.sys [104272 2012-11-01] (Condusiv Technologies)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R1 RapportCerberus_1507072; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507072.sys [959416 2015-09-21] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-09-16] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-09-16] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-09-16] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489240 2015-09-16] (IBM Corp.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2013-03-11] (Windows (R) 2003 DDK 3790 provider)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2015-01-13] (TuneUp Software)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-10] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-10] (Windows (R) Win 7 DDK provider)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-01 20:43 - 2015-10-01 20:43 - 00026567 _____ C:\Users\Jack\Desktop\FRST.txt
2015-10-01 20:42 - 2015-10-01 20:43 - 00000000 ____D C:\FRST
2015-10-01 20:33 - 2015-10-01 20:33 - 02192384 _____ (Farbar) C:\Users\Jack\Desktop\FRST64.exe
2015-10-01 20:33 - 2015-10-01 20:32 - 01696256 _____ (Farbar) C:\Users\Jack\Desktop\FRST (1).exe
2015-10-01 20:32 - 2015-10-01 20:33 - 02192384 _____ (Farbar) C:\Users\Jack\Downloads\FRST64.exe
2015-10-01 20:32 - 2015-10-01 20:32 - 01696256 _____ (Farbar) C:\Users\Jack\Downloads\FRST (1).exe
2015-10-01 20:29 - 2015-10-01 20:29 - 00003154 _____ C:\Users\Jack\Downloads\Help_Please (1).txt
2015-10-01 20:20 - 2015-10-01 20:36 - 00000000 ____D C:\AdwCleaner
2015-10-01 20:18 - 2015-10-01 20:18 - 01670656 _____ C:\Users\Jack\Downloads\AdwCleaner.exe
2015-10-01 20:18 - 2015-10-01 20:18 - 01670656 _____ C:\Users\Jack\Desktop\AdwCleaner.exe
2015-10-01 20:10 - 2015-10-01 20:10 - 00003154 _____ C:\Users\Jack\Downloads\Help_Please.txt
2015-09-09 09:05 - 2015-09-03 05:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 09:05 - 2015-09-03 05:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 09:05 - 2015-09-02 21:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 09:05 - 2015-09-02 20:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 09:05 - 2015-08-27 05:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-09 09:05 - 2015-08-26 21:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-09 09:05 - 2015-08-26 21:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-09 09:05 - 2015-08-26 21:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-09 09:05 - 2015-08-26 21:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-09 09:05 - 2015-08-26 17:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-09 09:05 - 2015-08-26 17:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-09 09:05 - 2015-08-26 17:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-09 09:05 - 2015-08-26 17:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-09 09:05 - 2015-08-26 17:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-09 09:05 - 2015-08-26 17:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-09 09:05 - 2015-08-26 17:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-09 09:05 - 2015-07-30 20:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 09:05 - 2015-07-30 19:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 09:05 - 2015-07-22 17:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-09-09 09:05 - 2015-07-22 16:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-09 09:05 - 2015-07-17 17:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-09-09 09:05 - 2015-07-17 17:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-09-09 09:05 - 2015-06-27 14:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-09-09 09:04 - 2015-09-02 05:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 09:04 - 2015-09-02 05:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 09:04 - 2015-09-02 05:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 09:04 - 2015-09-02 05:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 09:04 - 2015-09-02 05:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 09:04 - 2015-08-22 21:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 09:04 - 2015-08-22 20:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 09:04 - 2015-08-22 20:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 09:04 - 2015-08-22 20:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 09:04 - 2015-08-22 20:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 09:04 - 2015-08-22 20:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 09:04 - 2015-08-22 19:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 09:04 - 2015-08-22 19:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 09:04 - 2015-08-22 19:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 09:04 - 2015-08-22 19:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 09:04 - 2015-08-22 19:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 09:04 - 2015-08-22 19:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 09:04 - 2015-08-22 19:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 09:04 - 2015-08-22 19:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 09:04 - 2015-08-22 19:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 09:04 - 2015-08-22 19:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 09:04 - 2015-08-22 19:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 09:04 - 2015-08-22 19:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 09:04 - 2015-08-22 19:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 09:04 - 2015-08-22 19:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 09:04 - 2015-08-22 19:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 09:04 - 2015-08-22 19:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 09:04 - 2015-08-22 19:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 09:04 - 2015-08-22 19:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 09:04 - 2015-08-22 19:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 09:04 - 2015-08-22 19:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 09:04 - 2015-08-22 19:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 09:04 - 2015-08-22 18:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 09:04 - 2015-08-22 18:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 09:04 - 2015-08-01 06:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 09:04 - 2015-08-01 06:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 09:04 - 2015-08-01 06:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 09:04 - 2015-08-01 06:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 09:04 - 2015-08-01 06:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 09:04 - 2015-07-22 17:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 09:04 - 2015-07-22 17:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 09:04 - 2015-07-22 17:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 09:04 - 2015-07-22 17:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 09:04 - 2015-07-18 21:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 09:04 - 2015-07-18 21:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 09:04 - 2015-07-18 21:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 09:04 - 2015-07-18 21:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 09:04 - 2015-07-10 22:06 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2015-09-09 09:04 - 2015-07-04 00:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-09-09 09:04 - 2015-07-03 17:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-09-09 09:04 - 2015-06-19 20:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-09-09 09:03 - 2015-08-04 00:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 09:03 - 2015-08-04 00:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 09:03 - 2015-08-01 17:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 09:03 - 2015-07-14 06:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-09-09 09:03 - 2015-07-13 22:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-09-09 09:03 - 2015-07-09 19:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-09-02 04:06 - 2015-09-02 04:06 - 00290960 _____ C:\WINDOWS\Minidump\090215-9921-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-01 20:41 - 2013-09-30 07:04 - 00865408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-01 20:41 - 2013-01-07 12:30 - 00000000 ____D C:\ProgramData\WinClon
2015-10-01 20:40 - 2015-08-20 08:36 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Skype
2015-10-01 20:40 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-10-01 20:38 - 2013-10-28 22:19 - 00000000 ___DO C:\Users\Jack\SkyDrive
2015-10-01 20:38 - 2013-10-14 13:19 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-01 20:37 - 2013-10-28 22:04 - 01341891 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-01 20:37 - 2013-08-22 17:46 - 00307185 _____ C:\WINDOWS\setupact.log
2015-10-01 20:37 - 2013-08-22 17:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-01 20:37 - 2013-08-22 16:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-01 20:33 - 2013-10-14 13:19 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-01 20:25 - 2013-06-27 10:13 - 00000000 ____D C:\Users\Jack\AppData\Local\CrashDumps
2015-10-01 20:23 - 2013-04-22 12:56 - 00000000 ____D C:\Users\Jack\Documents\Stamps
2015-10-01 20:23 - 2013-04-22 12:55 - 00000000 ____D C:\Users\Jack\Documents\Pointon York Email File
2015-10-01 20:02 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-01 19:22 - 2014-01-03 16:39 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A72716AC-6873-4836-83EE-7A0B8B5F9DC0}
2015-10-01 12:26 - 2013-04-19 18:58 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1207694035-1696072749-1821295723-1001
2015-10-01 11:23 - 2013-04-20 09:46 - 00000000 ____D C:\ProgramData\MFAData
2015-09-30 10:28 - 2013-04-22 13:50 - 00911872 ___SH C:\Users\Jack\Desktop\Thumbs.db
2015-09-29 19:35 - 2013-04-22 12:53 - 00000000 ____D C:\Users\Jack\Documents\J W Letters to Pointon York
2015-09-27 19:03 - 2013-08-22 16:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-25 17:34 - 2013-10-14 13:20 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-22 10:33 - 2012-07-26 10:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-21 17:27 - 2013-11-07 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-09-19 12:30 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-17 12:09 - 2014-10-20 10:55 - 00000981 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-09-17 12:09 - 2014-04-01 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-09-16 15:39 - 2013-11-07 14:56 - 00394584 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2015-09-16 15:39 - 2013-11-07 14:56 - 00139896 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2015-09-16 10:28 - 2013-10-14 13:19 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 10:28 - 2013-10-14 13:19 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 04:18 - 2013-08-22 18:38 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 04:18 - 2013-08-22 18:38 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 14:02 - 2013-05-07 12:53 - 20715520 ___SH C:\Users\Jack\Downloads\Thumbs.db
2015-09-13 23:33 - 2015-04-14 12:01 - 00000000 ____D C:\Users\Jack\Downloads\Sams PO
2015-09-12 01:16 - 2013-04-20 09:01 - 00000000 ____D C:\Users\Jack\AppData\Local\Google
2015-09-11 18:27 - 2014-07-10 15:42 - 00000000 ____D C:\Users\Jack\Documents\Bray & Bray Inland Revenue
2015-09-10 15:34 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-09 17:34 - 2013-08-22 17:44 - 00534464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-09 17:33 - 2013-09-30 06:51 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 17:33 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 11:29 - 2013-04-20 09:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 11:24 - 2013-07-22 12:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-02 21:11 - 2013-08-22 18:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-02 04:11 - 2013-10-28 21:59 - 00000000 ____D C:\Users\Jack
2015-09-02 04:06 - 2013-11-25 15:51 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-02 04:06 - 2013-04-27 12:11 - 1426175398 _____ C:\WINDOWS\MEMORY.DMP

==================== Files in the root of some directories =======

2015-02-03 14:46 - 2015-02-03 14:46 - 0000288 _____ () C:\Users\Jack\AppData\Roaming\A88DA3BB.reg
2013-04-19 18:54 - 2014-05-02 09:32 - 0093751 _____ () C:\Users\Jack\AppData\Roaming\AbsoluteReminder.xml
2015-02-03 14:46 - 2015-02-03 14:46 - 0009728 _____ () C:\Users\Jack\AppData\Roaming\mcp.ico
2015-01-28 17:12 - 2015-01-28 17:12 - 0000017 _____ () C:\Users\Jack\AppData\Local\resmon.resmoncfg
2013-04-19 19:04 - 2013-04-19 19:05 - 0021680 _____ () C:\Users\Jack\AppData\Local\WiDiSetupLog.20130419.090436.txt
2013-11-21 14:29 - 2013-11-21 14:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-04-19 19:26 - 2013-02-21 16:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-04-19 19:26 - 2013-01-12 23:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
ZeroAccess:
C:\Users\Jack\AppData\Local\Google\Desktop\Install

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some files in TEMP:
====================
C:\Users\Jack\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-28 19:06

==================== End of FRST.txt ============================

FRST Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015
Ran by Jack (2015-10-01 20:44:03)
Running from C:\Users\Jack\Desktop
Windows 8.1 (X64) (2013-10-28 19:16:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1207694035-1696072749-1821295723-500 - Administrator - Disabled)
Guest (S-1-5-21-1207694035-1696072749-1821295723-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1207694035-1696072749-1821295723-1005 - Limited - Enabled)
Jack (S-1-5-21-1207694035-1696072749-1821295723-1001 - Administrator - Enabled) => C:\Users\Jack

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6140 - AVG Technologies)
AVG 2015 (Version: 15.0.4419 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (HKLM-x32\...\AVG PC TuneUp) (Version: 15.0.1001.403 - AVG Technologies)
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bitcasa version 0.9.20.4133 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4133 - Bitcasa Inc.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-7515 Series Printer Uninstall (HKLM\...\EPSON WF-7515 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare X64 11.7.19.9_WHQL (HKLM\...\Elantech) (Version: 11.7.19.9 - ELAN Microelectronic Corp.)
Galerie foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
HomeSync Lite (HKLM-x32\...\{82EC241F-DFCA-4166-A8C3-EA5D2B9A41C4}) (Version: 1.1.0.32 - Samsung Electronics CO., LTD.)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e6d17d96-ddaa-476f-bb07-db601024ffb1}) (Version: 15.8.0 - Intel Corporation)
IntelliMemory (HKLM\...\{E93403C5-8A91-4940-89DB-EED69DA6E82E}) (Version: 1.0.30.0 - Condusiv Technologies)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Nero 7 Ultra Edition (HKLM-x32\...\{847CAE64-4CD2-4B2D-AF00-978FF5431033}) (Version: 7.02.9755 - Nero AG)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version: - )
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Quick Starter (HKLM\...\{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Rapport (x32 Version: 3.5.1507.77 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7055 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.10.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
S Service (HKLM-x32\...\{A48B04B8-12AF-4A71-8B3E-737FDEB0824F}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.4700 - DTS, Inc.)
Stockmarket Investor 3 (HKLM-x32\...\Investor_3) (Version: - )
Support Center (HKLM\...\{843A1BDC-0879-4E5B-83E1-B81CC0CF3580}) (Version: 2.1.1201 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.11 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.77 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
User Guide (HKLM-x32\...\{B1C9F5CF-2EE4-414A-906B-37896B032E8F}) (Version: 1.3.00 - Samsung Electronics CO., LTD.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Συλλογή φωτογραφιών (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

09-09-2015 11:17:14 Windows Update
18-09-2015 16:14:35 Scheduled Checkpoint
21-09-2015 17:27:06 Installed Rapport
01-10-2015 13:46:17 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 16:25 - 2013-08-22 16:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0055721D-0BC7-4B52-A05F-416C05404D35} - System32\Tasks\SUPatchForW10Up => %programdata%\Samsung\SamsungUpdatePatch\SUPatchForW10Up.exe
Task: {0776D734-6868-47DB-85E9-814DA722F9B2} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-02-25] (AVG Technologies)
Task: {0C0116F6-B0DD-48FF-B98C-841DA062FFAF} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-01-04] (Samsung Electronics CO., LTD.)
Task: {296AC81E-3FBD-4389-A3A4-DF75CD95DF09} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {3EF2F685-F0DC-4420-9294-68ECC4A0AE98} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-09-30] (Realtek Semiconductor)
Task: {3FC9F090-F22F-4BF5-8E80-19E774CB86DC} - System32\Tasks\SamsungHomeSyncPC => C:\Program Files (x86)\Samsung\HomeSync Lite\RefreshToken.exe [2013-11-06] ()
Task: {486C6487-8126-4975-9C7A-B7958C53F434} - System32\Tasks\{9C0F99CD-B46F-466B-91F7-5136B5BC453F} => Iexplore.exe Downloading and setting up Skype
Task: {4EF46444-2020-4928-B4D0-F6BA0834A8BE} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {689EF17E-7A20-42F7-B1A7-9FA23B7EB7FD} - System32\Tasks\RtHDVBg_SRSSA => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-09-26] (Realtek Semiconductor)
Task: {7C316CA8-E17F-48E1-9D2F-09CD157634B1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {88365E77-AC26-484B-8252-EA6C92577DE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8872A22B-2C31-423F-BFAF-6873F0DEA468} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {A69E5211-7CEB-4CD0-863A-700000A2A275} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BE0CBD34-D77C-4E0E-8322-EF9A30006D90} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-08-23] (SEC)
Task: {C9B59459-E942-4DFD-A301-6B027A5996BF} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E1F18E2C-E26F-4C8F-810C-4E5AFB9FACE6} - System32\Tasks\{0CBECC68-672D-4D4E-BBE0-77105BC5F3D1} => Iexplore.exe Downloading and setting up Skype
Task: {F6BB42E1-04AF-441E-B533-38B6B1AB4913} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-25 09:25 - 2015-02-25 09:25 - 00712504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2013-01-04 09:08 - 2013-01-04 09:08 - 00085192 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2015-02-25 09:25 - 2015-02-25 09:25 - 00855864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\tulnga.dll
2013-10-04 00:42 - 2013-10-04 00:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2013-01-04 09:08 - 2013-01-04 09:08 - 00029384 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2013-01-04 09:09 - 2013-01-04 09:09 - 01080520 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2013-01-04 09:08 - 2013-01-04 09:08 - 00111304 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2013-01-04 09:08 - 2013-01-04 09:08 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2013-01-04 09:08 - 2013-01-04 09:08 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2015-07-21 17:02 - 2015-07-21 17:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-01-04 09:08 - 2013-01-04 09:08 - 00027336 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2013-01-04 09:09 - 2013-01-04 09:09 - 00111304 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2013-01-04 09:08 - 2013-01-04 09:08 - 00061128 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2013-01-04 09:08 - 2013-01-04 09:08 - 00103624 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2015-09-25 17:34 - 2015-09-24 05:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll
2015-09-25 17:34 - 2015-09-24 05:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll
2013-11-21 14:42 - 2013-09-16 13:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Jack\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1207694035-1696072749-1821295723-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Samsung\Samsung_wallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{6DFE6F8D-A585-410E-89A9-A46EA515734B}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{1F2F62A2-97BD-4CD6-AFE4-1B84854F092C}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [{190AB817-0EDF-44D3-83A4-9322BB8C2FD5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F47930B8-FBDB-4E7B-ABD2-7D1D5ED99458}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{2D4A0C2A-5017-4757-A4BF-0AECE5697674}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{016553AD-AD4B-4A22-8873-01BDEB2F81D2}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{9FB516D5-85D4-40D1-B6F2-C3E7AD5F468F}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
FirewallRules: [{B7327E43-8329-44AB-970B-0C790A8D49D7}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
FirewallRules: [{E9BFD355-3DB8-4758-A798-3754FC345763}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{859259DF-CF5A-43B3-B262-F68BAC1407C9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{AA754469-2B12-42F8-B081-A6ED5DEF24CB}] => (Allow) LPort=1900
FirewallRules: [{B1250E3C-E045-4C70-B444-554D15DD99C3}] => (Allow) LPort=2869
FirewallRules: [{3F4BD563-863A-4FA0-820A-10B00D937024}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{39C4B55A-B34B-4505-8BEF-A6C9F491B6F8}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{A32CCFA8-A31F-4CDF-825D-BDFCAFD5DC44}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{66ECA3EB-084B-4ACA-AC79-ADC579D00807}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{7F3BF746-BE48-461F-87D3-97A2C6AB9EBA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{E00DAD27-C095-4DB7-99F5-E4A96B0971CD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{45E78B69-1541-41EA-BB16-8B15C6E548D6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{F03AE240-4F60-4955-A29E-0DED376D3B7A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2BF5A93B-582E-4BC9-A626-6ABDBCF3BF48}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{6689C901-C370-42ED-9FCE-187AF703912F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2158775F-89CD-4873-B9FE-A191B831E6DC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{00EA7B3D-62D9-4E85-ADCE-7CE24AFAAFD2}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{AD9C22DE-54B2-4E0B-9AA7-458FC31244E9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{163082DF-79F9-4678-9459-504606FB17ED}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{E1BD46A3-F3C7-47F9-B14A-21C5FFA58EAC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{9A899E95-714A-4856-A480-A0FC9E7C2D7E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{8E28A4E4-2E67-4D38-8949-618B94DCC6AB}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{F03BCE31-A63B-44CE-90D6-C0A1B3EB1784}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/01/2015 08:25:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: splwow64.exe, version: 6.3.9600.17415, time stamp: 0x54504ebb
Faulting module name: GDI32.dll, version: 6.3.9600.17925, time stamp: 0x55969629
Exception code: 0xc0000005
Fault offset: 0x0000000000078ce3
Faulting process id: 0x193c
Faulting application start time: 0xsplwow64.exe0
Faulting application path: splwow64.exe1
Faulting module path: splwow64.exe2
Report Id: splwow64.exe3
Faulting package full name: splwow64.exe4
Faulting package-relative application ID: splwow64.exe5

Error: (10/01/2015 01:37:06 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (10/01/2015 12:41:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (10/01/2015 12:27:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (09/30/2015 11:02:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAMSUNG)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/30/2015 11:02:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAMSUNG)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/30/2015 11:02:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAMSUNG)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/30/2015 01:16:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 45.0.2454.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2538

Start Time: 01d0fb00dd0f30ec

Termination Time: 5

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: a942b1c0-66f7-11e5-bf79-c8f733d26184

Faulting package full name:

Faulting package-relative application ID:

Error: (09/30/2015 01:07:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAMSUNG)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/30/2015 01:07:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SAMSUNG)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147023174 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (10/01/2015 08:37:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (10/01/2015 08:37:07 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (10/01/2015 08:37:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (10/01/2015 08:36:35 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (10/01/2015 08:36:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BBUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (10/01/2015 08:36:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/01/2015 08:36:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (10/01/2015 08:36:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (10/01/2015 08:36:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (10/01/2015 08:36:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Centrino® Wireless Bluetooth® + High Speed Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz
Percentage of memory in use: 40%
Total physical RAM: 7813.53 MB
Available physical RAM: 4622.55 MB
Total Virtual: 29317.54 MB
Available Virtual: 26176.51 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:211.1 GB) (Free:133 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: C95A723A)

Partition: GPT.

==================== End of Addition.txt ============================
Jack Willday is offline  
Sponsored Links
Advertisement
 
Old 10-01-2015, 12:55 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Jack Willday. You're very welcome. Do the Google problems only occur in Chrome?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

System Repair Disc - Create in Windows 8

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    AVG 2015 (Version: 15.0.4419 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.6140 - AVG Technologies) Hidden
    AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
    AVG PC TuneUp 2015 (x32 Version: 15.0.1001.403 - AVG Technologies) Hidden
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    C:\ProgramData\MakeMarkerFile.exe
    C:\Users\EasySurvey\EasySurvey.exe
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-02-2015, 02:32 AM   #5
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



Chemist

The problem does not affect the two programs that I run outside of Google.

The problem does not occurs all the time, it only occurs when closing down a Google Link in the incognito window.

If you happen to hit the exact correct spot on the X box when closing down a Google Link, it will work fine and the Link will close, but if you miss the exact correct spot within the X box, the computer locks and Google sends a message saying that Google is not Responding.

At this point I have to close all Google links, when reopening Google if you are quick enough you have one second to restore the links I was running outside of the incognito window.

Backup

I have many files that would cause me great problems if I was too loose them, far too many to list or name.

After reading through your Emergency Backup Procedure - Tech Support Forum document, I found it very confusing, as it did not refer to Windows 8, and I also could not find your Continue to External Link to Download the program.

System Repair Disc - Create in Windows 8

I have downloaded what I think is the correct program for Windows 8.1, is it is on my Desktop.

I have not proceeded any further with your instructions, because of my failure to Backup my Data.

Jack
Jack Willday is offline  
Old 10-02-2015, 11:53 AM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jack. The only differences are the folder structures. You most probably know where your important files are, and can simply copy them to an external hard drive, flash drive, etc.

However, it is just a precaution. I have never had a user lose any files, pics, etc. after running FRST.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-04-2015, 04:16 AM   #7
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



Chemist

I am sorry about the delay in coming back to you; I have purchased a flash drive and tried to back up all my data to it.

The files that are in Windows were easy to find, but the files for the two programmes that I have that run outside of Windows, my Family History program which has 6700 names in it, and my Stockmarket monitoring and Investment Management programmes, I am sorry but I do not know where to find these programmes to back them up to the flash drive.

This morning when I opened my Computer I sore that I had received an email which has been placed in my Spam Box by the computer, it was from “neilandcarol.elliott” who are friends of mine, Neil and I were at school together over 60 years ago, and are in my list of email contacts.

The message reads, RE:- Can not load message. You can view the message here Gmail timed out code: 2777 time: October 2, 2015,

I have not opened the Email, or deleted it as I would in normal circumstances, as it looks to me as if somebody has obtained a copy of my email list from my computer.

I await your comments and advice.

Jack
Jack Willday is offline  
Old 10-04-2015, 07:54 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jack. Well, you're going to have to make a decision here.

Quote:
but the files for the two programmes that I have that run outside of Windows, my Family History program which has 6700 names in it, and my Stockmarket monitoring and Investment Management programmes, I am sorry but I do not know where to find these programmes to back them up to the flash drive.
You mean you don't have such important data backed up? What if you hard drive failed, and you lost all your data?

We cannot be resonsible for any unforeseen outcomes here. We aren't charging you. If it were me, I would follow my previous instructions.

------------------------------------------------------

If you are still hesistant...

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :folderfind
    *Ancestral*
    *Stockmarket*
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-05-2015, 09:03 AM   #9
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



Chemist

You have now raised and reminded me of a problem that I have.

Before I do anything, can I bring to your attention the problem that I have had in the back of my mind ever since I purchased my latest computer.

One of the programs that keeps popping up at the bottom right-hand side of the screen is Norton Back Up, I ask the supplier of my latest computer, if I should use it to backup my computer, and was told NO, you have “Google Cloud” whatever that is.

Jack
Jack Willday is offline  
Old 10-05-2015, 02:02 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jack. I don't see Google Cloud installed. Your supplier must be mistaken.

You could use Norton and see what happens.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-07-2015, 06:02 AM   #11
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



Chemist
Thank you again for your email.
I tried to copy & paste my Documents File to a Flash drive but it said that some of my old documents I had downloaded for my Family History Program are an old format, I have been working at the program for 15 to 20 years, and could not be transferred the way that I was trying to do it.
I have made an appointment for tomorrow with the man who sold me my computer, who I hope will be able to copy the complete hard drive to a Flash drive.
Jack
Jack Willday is offline  
Old 10-07-2015, 01:25 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



OK, let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-08-2015, 11:25 AM   #13
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



Chemist
I visited my local Computer man today, and was told that a flash drive is not big enough to back up my data, I must purchase a independant hard drive.
Because I in my retirement live on the Island of Crete Greece, in a very small village of less than 100 people, he must order the hard drive and it will arrive some time next week.
He has informed me that he will set it up so that each time I plug it in, it will back up my data.
I will write to you again when the work has been done.
Jack
Jack Willday is offline  
Old 10-08-2015, 01:40 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



OK, let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-17-2015, 08:57 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Still with us, Jack Willday?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-18-2015, 12:39 AM   #16
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



Chemist

I have just received an email saying I can collect the external hard drive on Monday

Jack
Jack Willday is offline  
Old 10-18-2015, 01:52 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jack. Thanks for letting me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-19-2015, 08:57 AM   #18
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



Chemist

What I forgot to say this is Greece.

New External hard drive installed but not working correctly, will take it back to him in the morning

Jack
Jack Willday is offline  
Old 10-19-2015, 10:15 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



OK, let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-20-2015, 03:01 AM   #20
Registered Member
 
Join Date: Aug 2007
Posts: 184
OS: Win/10



Chemist

Took my computer this morning to the local boy, he not a programer but a computer repairer.

Every time we tried to backup to the external disk, the backup ran to 14% and then the computer froze, we repeated this 3 times, then he did a manual backup of some of my files but not of the complete computer.

He informed me that he suspected that there was something on my computer that was blocking my computer backup program from running.

So over to you.

The 2 programs you ask me to download are in my downloads file folder.

Jack
Jack Willday is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:23 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts