Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Random Debug.log Has Appeared on Desktop

This is a discussion on Random Debug.log Has Appeared on Desktop within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello all i have got a new pc, theres hardly anything installed, i was wondering if anyone knew what this


 
 
Thread Tools Search this Thread
Old 07-30-2015, 06:31 AM   #1
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: 8.1 Pro



Hello all i have got a new pc, theres hardly anything installed, i was wondering if anyone knew what this ment ?
here is the writting thats inside the notepad file:

[0729/193712:INFO0)] WebCore is now online.
[0729/193712:INFO0)] Running Awesomium 1.7.5.0
[0729/193955:WARNING:Awesomium.NET(0)] System.ComponentModel.InvalidAsynchronousStateException: An error occurred invoking the method. The destination thread no longer exists.
at System.Windows.Forms.WindowsFormsSynchronizationContext.Send(SendOrPostCall back d, Object state)
at Awesomium.Core.WebCore.SwoYrDtsHvuLJUY08ID(Object , Object , Object )
at Awesomium.Core.WebCore.wQrBKtHAGh()
[0729/194115:INFO0)] WebCore is now online.
[0729/194115:INFO0)] Running Awesomium 1.7.5.0
[0729/194303:WARNING:Awesomium.NET(0)] System.ComponentModel.InvalidAsynchronousStateException: An error occurred invoking the method. The destination thread no longer exists.
at System.Windows.Forms.WindowsFormsSynchronizationContext.Send(SendOrPostCall back d, Object state)
at Awesomium.Core.WebCore.SwoYrDtsHvuLJUY08ID(Object , Object , Object )
at Awesomium.Core.WebCore.wQrBKtHAGh()
Danbryn16 is offline  
Sponsored Links
Advertisement
 
Old 07-30-2015, 10:09 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Are you using Awesomium? Let's get some information first.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-30-2015, 11:04 AM   #3
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: 8.1 Pro



Hello,
Thank you for your reply, Here is the AdwCleaner Log that i got after cleaning & Reboot

# AdwCleaner v4.208 - Logfile created 30/07/2015 at 19:02:15
# Updated 09/07/2015 by Xplode
# Database : 2015-07-26.2 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : Dan Coombes - DAN
# Running from : C:\Users\Dan Coombes\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Google Chrome v44.0.2403.107


*************************

AdwCleaner[R0].txt - [839 bytes] - [30/07/2015 19:00:51]
AdwCleaner[S0].txt - [767 bytes] - [30/07/2015 19:02:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [825 bytes] ##########
Danbryn16 is offline  
Sponsored Links
Advertisement
 
Old 07-30-2015, 11:13 AM   #4
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: 8.1 Pro



Here is my FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by Dan Coombes (administrator) on DAN (30-07-2015 19:05:51)
Running from C:\Users\Dan Coombes\Downloads
Loaded Profiles: Dan Coombes (Available Profiles: Dan Coombes)
Platform: Windows 8.1 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intel(R) Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3730344 2015-07-07] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1493809043-4046822524-1557692107-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{651EF57D-D88D-47A0-9FA0-844EE5407347}: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Dan Coombes\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Dan Coombes\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-14]
CHR Extension: (Google Search) - C:\Users\Dan Coombes\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-14]
CHR Extension: (AdBlock) - C:\Users\Dan Coombes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dan Coombes\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan Coombes\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\Dan Coombes\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-06-18] ()
R2 avgfws; C:\Program Files (x86)\AVG\AVG2015\avgfws.exe [1528432 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3518376 2015-07-07] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [314304 2015-07-07] (AVG Technologies CZ, s.r.o.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-24] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-24] (NVIDIA Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [67552 2015-04-14] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [293296 2015-06-26] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [253408 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [226784 2015-06-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [295400 2015-06-15] (AVG Technologies CZ, s.r.o.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7546544 2014-10-22] (Broadcom Corporation)
S3 dtproscsibus; C:\Windows\System32\drivers\dtproscsibus.sys [30352 2015-07-29] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-24] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-07-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 19:05 - 2015-07-30 19:06 - 00014533 _____ C:\Users\Dan Coombes\Downloads\FRST.txt
2015-07-30 19:05 - 2015-07-30 19:05 - 02169856 _____ (Farbar) C:\Users\Dan Coombes\Downloads\FRST64.exe
2015-07-30 19:05 - 2015-07-30 19:05 - 00000000 ____D C:\FRST
2015-07-30 19:00 - 2015-07-30 19:02 - 00000000 ____D C:\AdwCleaner
2015-07-30 19:00 - 2015-07-30 19:00 - 02248704 _____ C:\Users\Dan Coombes\Downloads\AdwCleaner.exe
2015-07-30 18:55 - 2015-07-30 18:57 - 00000495 _____ C:\Users\Dan Coombes\Desktop\debug.log
2015-07-30 16:55 - 2015-07-30 19:05 - 00072407 _____ C:\Windows\WindowsUpdate.log
2015-07-30 15:44 - 2015-07-30 19:02 - 00001044 _____ C:\Windows\setupact.log
2015-07-30 15:44 - 2015-07-30 15:44 - 00000000 _____ C:\Windows\setuperr.log
2015-07-30 15:37 - 2015-07-30 15:37 - 00000000 ____D C:\Users\Public\Documents\Awesomium SDK Samples
2015-07-30 13:29 - 2015-07-30 13:29 - 00000000 ____D C:\ProgramData\Caphyon
2015-07-30 13:13 - 2015-07-30 13:29 - 00000000 ____D C:\Users\Dan Coombes\AppData\Roaming\Awesomium Technologies LLC
2015-07-30 13:06 - 2015-07-30 13:07 - 71471328 _____ (Awesomium Technologies LLC) C:\Users\Dan Coombes\Downloads\awesomium_1_7_5_1_sdk_win.exe
2015-07-30 12:52 - 2015-07-30 12:52 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-30 12:51 - 2015-07-30 12:51 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-07-30 12:51 - 2015-07-30 12:51 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-07-30 12:51 - 2015-07-30 12:51 - 00000000 ____D C:\Users\Dan Coombes\AppData\Local\Avg
2015-07-29 21:04 - 2015-07-29 21:04 - 00000000 ____D C:\Users\Public\Documents\Sports Interactive
2015-07-29 21:04 - 2015-07-29 21:04 - 00000000 ____D C:\Users\Dan Coombes\AppData\Local\Sports Interactive
2015-07-29 20:57 - 2015-07-30 15:38 - 00000000 ____D C:\Users\Dan Coombes\AppData\Roaming\DAEMON Tools Pro
2015-07-29 20:57 - 2015-07-29 20:59 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtproscsibus.sys
2015-07-29 20:56 - 2015-07-29 20:56 - 00000000 ____D C:\Users\Dan Coombes\AppData\Roaming\WinRAR
2015-07-29 20:56 - 2015-07-29 20:56 - 00000000 ____D C:\Users\Dan Coombes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-29 20:56 - 2015-07-29 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-29 20:56 - 2015-07-29 20:56 - 00000000 ____D C:\Program Files\WinRAR
2015-07-29 20:39 - 2015-07-29 20:39 - 00002792 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-07-29 20:39 - 2015-07-29 20:39 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-29 20:39 - 2015-07-29 20:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-29 20:39 - 2015-07-29 20:39 - 00000000 ____D C:\Program Files\CCleaner
2015-07-29 20:38 - 2015-07-29 20:38 - 06609608 _____ (Piriform Ltd) C:\Users\Dan Coombes\Downloads\ccsetup508.exe
2015-07-29 19:07 - 2015-07-29 19:07 - 00000000 ____D C:\Windows\system32\appmgmt
2015-07-29 17:15 - 2015-07-23 01:46 - 00572232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-07-29 17:14 - 2015-07-23 05:06 - 42730128 _____ C:\Windows\system32\nvcompiler.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 30487880 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 22950544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 16151688 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 15892200 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 15129192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 14503880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 13268712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 11836680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 11055248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-29 17:14 - 2015-07-23 05:06 - 02933576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 02600592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435362.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435362.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 01101856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 01061008 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 01053000 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00983368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00976528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00940104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00879000 _____ C:\Windows\system32\nvmcumd.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00503592 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00117576 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-07-29 17:14 - 2015-07-23 05:06 - 00039056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-07-28 19:39 - 2015-07-28 19:39 - 00000000 ____D C:\Users\Dan Coombes\AppData\Roaming\Macromedia
2015-07-28 19:28 - 2015-07-28 19:28 - 00000000 ____D C:\Users\Dan Coombes\AppData\Local\Downloaded Installations
2015-07-28 19:21 - 2015-07-30 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-07-28 19:21 - 2015-07-28 19:21 - 00000000 ____D C:\Users\Dan Coombes\AppData\Roaming\TuneUp Software
2015-07-28 19:21 - 2015-07-28 19:21 - 00000000 ____D C:\Users\Dan Coombes\AppData\Roaming\AVG2015
2015-07-28 19:20 - 2015-07-28 19:21 - 00000000 ____D C:\ProgramData\AVG2015
2015-07-28 19:20 - 2015-07-28 19:20 - 00000000 ___HD C:\$AVG
2015-07-28 19:20 - 2015-07-28 19:20 - 00000000 ____D C:\Program Files (x86)\AVG
2015-07-28 19:19 - 2015-07-30 19:04 - 00000000 ____D C:\ProgramData\MFAData
2015-07-28 19:19 - 2015-07-29 21:08 - 00000000 ____D C:\Users\Dan Coombes\AppData\Local\Avg2015
2015-07-28 19:19 - 2015-07-28 19:19 - 00000000 ____D C:\Users\Dan Coombes\AppData\Local\MFAData
2015-07-28 19:17 - 2015-07-30 19:03 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-28 17:17 - 2015-07-28 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-28 17:17 - 2015-07-28 17:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-28 17:17 - 2015-07-28 17:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-28 17:17 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-28 17:17 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-28 17:17 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-28 17:13 - 2015-07-30 19:03 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-07-28 17:13 - 2015-07-28 21:13 - 00000000 ____D C:\Windows\AutoKMS
2015-07-28 17:13 - 2015-07-28 17:13 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-07-28 17:11 - 2015-07-28 17:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-28 17:10 - 2015-07-28 17:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-28 17:10 - 2015-07-28 17:10 - 00000000 ____D C:\Windows\PCHEALTH
2015-07-28 17:10 - 2015-07-28 17:10 - 00000000 ____D C:\Users\Dan Coombes\AppData\Local\Microsoft Help
2015-07-28 17:10 - 2015-07-28 17:10 - 00000000 ____D C:\Program Files (x86)\Daemon Tools
2015-07-28 17:10 - 2015-07-28 17:10 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-07-28 17:10 - 2015-07-28 17:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-07-28 17:10 - 2015-07-28 17:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-07-28 17:09 - 2015-07-28 17:09 - 00000000 __RHD C:\MSOCache
2015-07-28 17:09 - 2015-07-28 17:09 - 00000000 ____D C:\Program Files\Microsoft Office
2015-07-28 17:05 - 2015-07-28 17:05 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-07-28 17:05 - 2015-07-28 17:05 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-28 17:05 - 2015-07-28 17:05 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-07-28 17:05 - 2015-07-28 17:05 - 00000000 ____D C:\Users\Dan Coombes\AppData\Roaming\Apple Computer
2015-07-28 17:05 - 2015-07-28 17:05 - 00000000 ____D C:\Users\Dan Coombes\AppData\Local\Apple Computer
2015-07-28 17:05 - 2015-07-28 17:05 - 00000000 ____D C:\Users\Dan Coombes\AppData\Local\Apple
2015-07-28 17:05 - 2015-07-28 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-28 17:05 - 2015-07-28 17:05 - 00000000 ____D C:\ProgramData\Apple Computer
2015-07-28 17:05 - 2015-07-28 17:05 - 00000000 ____D C:\Program Files\iTunes
2015-07-28 17:05 - 2015-07-28 17:05 - 00000000 ____D C:\Program Files\iPod
2015-07-28 17:05 - 2015-07-28 17:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-28 17:05 - 2015-07-28 17:05 - 00000000 ____D C:\Program Files\Bonjour
2015-07-28 17:05 - 2015-07-28 17:05 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-28 17:05 - 2015-07-28 17:05 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-07-28 17:05 - 2015-07-28 17:05 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-07-28 17:04 - 2015-07-28 17:05 - 00000000 ____D C:\ProgramData\Apple
2015-07-28 14:39 - 2015-07-28 14:39 - 00000000 ____D C:\Users\Dan Coombes\AppData\Local\CyberLink
2015-07-28 14:38 - 2015-07-28 14:39 - 00000000 ____D C:\ProgramData\PDVD
2015-07-28 14:38 - 2015-07-09 20:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-28 14:38 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-28 14:38 - 2015-07-09 17:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-28 14:38 - 2015-07-09 16:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-28 14:38 - 2015-07-09 16:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-28 14:38 - 2015-07-09 16:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-28 14:38 - 2015-07-09 16:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-28 14:38 - 2015-07-09 16:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-28 14:38 - 2015-07-09 16:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-28 14:38 - 2015-07-09 16:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-28 14:38 - 2015-07-09 16:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-28 14:38 - 2015-07-09 16:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-28 14:38 - 2015-07-09 16:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-28 14:38 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-28 14:38 - 2015-06-27 04:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-28 14:38 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-28 14:37 - 2015-06-28 06:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-28 14:37 - 2015-06-28 06:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-28 14:37 - 2015-06-28 06:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-28 14:37 - 2015-06-28 06:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-28 14:37 - 2015-06-27 17:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-28 14:37 - 2015-06-27 04:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-28 14:37 - 2015-06-27 04:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-28 14:37 - 2015-06-27 04:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-28 14:37 - 2015-06-27 03:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-28 14:37 - 2015-06-27 03:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-28 14:37 - 2015-06-27 03:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-28 14:37 - 2015-06-27 02:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-28 14:37 - 2015-06-27 02:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-28 14:37 - 2015-06-25 03:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-28 14:37 - 2015-06-15 23:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-28 14:37 - 2015-06-15 23:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-28 14:37 - 2015-06-15 22:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-28 14:37 - 2015-06-15 22:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-28 14:37 - 2015-06-15 21:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-28 14:37 - 2015-06-15 20:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-28 14:37 - 2015-05-30 22:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-28 14:37 - 2015-05-30 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-28 14:37 - 2015-05-30 20:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-28 14:37 - 2015-05-25 14:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-07-28 14:37 - 2015-05-25 14:07 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-07-28 14:37 - 2015-05-07 18:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-28 14:37 - 2015-05-07 18:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-28 14:37 - 2015-05-07 17:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-28 14:37 - 2015-05-07 17:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-28 14:37 - 2015-05-07 16:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-28 14:37 - 2015-05-07 16:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-28 14:37 - 2015-05-03 01:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-28 14:37 - 2015-04-30 00:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-28 14:37 - 2015-04-25 03:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-28 14:37 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-07-28 14:37 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-07-28 14:37 - 2015-03-20 04:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-07-28 14:37 - 2015-03-20 03:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-07-28 14:37 - 2015-03-20 03:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-07-28 14:37 - 2015-03-02 02:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-07-28 14:37 - 2015-03-02 02:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-07-28 14:36 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-28 14:36 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-28 14:36 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-28 14:36 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-28 14:36 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-28 14:36 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-28 14:36 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-28 14:36 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-28 14:36 - 2015-07-01 23:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-28 14:36 - 2015-07-01 22:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-28 14:36 - 2015-05-03 16:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-28 14:36 - 2015-05-03 15:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-28 14:36 - 2015-05-03 15:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-28 14:36 - 2015-05-03 15:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-28 14:36 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-07-28 14:36 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-07-28 14:36 - 2015-03-09 03:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storvsp.sys
2015-07-28 14:35 - 2015-07-29 21:12 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2015-07-28 14:35 - 2015-07-29 21:12 - 00000000 ____D C:\ProgramData\CyberLink
2015-07-28 14:35 - 2015-07-28 14:39 - 00000000 ____D C:\ProgramData\install_clap
2015-07-28 14:35 - 2015-07-28 14:35 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-28 14:32 - 2015-07-28 14:32 - 00003276 _____ C:\Windows\System32\Tasks\SamsungMagician
2015-07-28 14:32 - 2015-07-28 14:32 - 00000000 ____D C:\ProgramData\Samsung
2015-07-28 14:32 - 2015-07-28 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2015-07-28 14:32 - 2015-07-28 14:32 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-28 14:32 - 2015-07-28 14:32 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-07-28 14:32 - 2015-06-17 10:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-07-28 14:31 - 2015-06-17 10:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-28 14:31 - 2015-06-17 10:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-07-28 14:31 - 2015-06-17 10:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-07-28 14:31 - 2015-06-15 23:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-28 14:31 - 2015-06-15 23:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-28 14:31 - 2015-06-15 23:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-28 14:31 - 2015-06-15 23:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-28 14:31 - 2015-06-15 23:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-28 14:31 - 2015-06-15 22:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-28 14:31 - 2015-06-15 22:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-28 14:31 - 2015-06-15 22:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-28 14:31 - 2015-06-15 22:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-28 14:31 - 2015-06-15 22:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-28 14:31 - 2015-06-15 22:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-28 14:31 - 2015-06-15 22:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-28 14:31 - 2015-06-15 22:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-28 14:31 - 2015-06-15 22:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-28 14:31 - 2015-06-15 22:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-28 14:31 - 2015-06-15 22:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-28 14:31 - 2015-06-15 22:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-28 14:31 - 2015-06-15 22:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-28 14:31 - 2015-06-15 22:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-28 14:31 - 2015-06-15 21:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-28 14:31 - 2015-06-15 21:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-28 14:31 - 2015-06-15 21:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-28 14:31 - 2015-06-15 21:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-28 14:31 - 2015-06-15 21:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-28 14:31 - 2015-06-15 21:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-28 14:31 - 2015-06-15 21:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-28 14:31 - 2015-06-15 21:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-28 14:31 - 2015-06-15 21:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-28 14:31 - 2015-06-15 21:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-28 14:31 - 2015-06-15 21:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-28 14:31 - 2015-06-15 21:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-28 14:31 - 2015-06-15 21:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-28 14:31 - 2015-06-15 21:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-28 14:31 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-28 14:31 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-28 14:31 - 2015-05-22 20:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-28 14:31 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-28 14:31 - 2015-05-22 19:08 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-28 14:30 - 2015-05-11 17:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-28 14:30 - 2015-04-25 03:34 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-28 14:30 - 2015-04-25 03:33 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-28 14:30 - 2015-04-16 07:17 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-07-28 14:30 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-07-28 14:30 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-07-28 14:30 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-07-28 14:30 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-07-28 14:30 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-07-28 14:30 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-07-28 14:30 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-07-28 14:30 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-07-28 14:30 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-07-28 14:30 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-07-28 14:30 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-07-28 14:30 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-07-28 14:30 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-07-28 14:30 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-07-28 14:30 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-07-28 14:29 - 2015-07-28 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-07-28 14:29 - 2015-07-25 14:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 14:29 - 2015-06-29 23:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 14:29 - 2015-06-29 16:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-28 14:29 - 2015-06-29 16:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 14:29 - 2015-06-29 16:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 14:29 - 2015-06-29 16:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 14:29 - 2015-06-27 00:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 14:29 - 2015-06-27 00:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 14:29 - 2015-06-16 06:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-28 14:29 - 2015-06-16 06:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-28 14:29 - 2015-06-11 04:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-28 14:29 - 2015-06-10 17:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-28 14:29 - 2015-05-21 14:08 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-07-28 14:29 - 2015-04-28 14:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-28 14:29 - 2015-04-28 14:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-28 14:28 - 2015-07-28 14:28 - 00000000 ____D C:\ProgramData\TP-LINK
2015-07-28 14:28 - 2015-07-14 15:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-28 14:28 - 2015-07-14 15:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-28 14:28 - 2015-07-14 15:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-28 14:28 - 2015-07-14 15:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-28 14:28 - 2015-05-07 17:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-28 14:28 - 2015-04-23 16:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-28 14:28 - 2015-04-23 16:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-28 14:28 - 2014-10-22 15:23 - 07546544 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\BCMWL63a.SYS
2015-07-28 14:28 - 2014-10-22 15:23 - 07546544 _____ (Broadcom Corporation) C:\Windows\system32\bcmwl63a.sys
2015-07-28 14:28 - 2014-10-22 15:23 - 06772400 _____ (Broadcom Corporation) C:\Windows\system32\bcmwl63.sys
2015-07-28 14:28 - 2014-10-22 15:23 - 04136960 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2015-07-28 14:28 - 2014-10-22 15:23 - 04044800 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv.dll
2015-07-28 14:28 - 2014-10-22 15:23 - 03781632 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2015-07-28 14:28 - 2014-10-22 15:23 - 03753984 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui.dll
2015-07-28 14:28 - 2014-10-22 15:23 - 00015245 _____ C:\Windows\system32\bcm43xx64.cat
2015-07-28 14:28 - 2014-10-22 15:23 - 00015217 _____ C:\Windows\system32\bcm43xx.cat
2015-07-28 14:26 - 2015-05-02 00:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-28 14:25 - 2015-05-12 14:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-28 14:25 - 2015-05-03 16:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-28 14:25 - 2015-05-03 15:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-28 14:24 - 2015-07-28 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZotacFireStorm
2015-07-28 14:24 - 2015-07-28 14:24 - 00000000 ____D C:\Program Files (x86)\ZotacFireStorm
2015-07-28 14:22 - 2015-07-03 05:28 - 00065896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-07-28 14:22 - 2015-07-03 05:28 - 00047976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-07-28 14:18 - 2015-07-28 14:19 - 00000000 ____D C:\Users\Dan Coombes\AppData\Local\NVIDIA Corporation
2015-07-28 14:18 - 2015-07-28 14:19 - 00000000 ____D C:\Users\Dan Coombes\AppData\Local\NVIDIA
2015-07-28 14:18 - 2015-07-24 05:21 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-07-28 14:18 - 2015-07-24 05:21 - 01710568 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-07-28 14:18 - 2015-07-24 05:21 - 01423304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-07-28 14:18 - 2015-07-24 05:21 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-07-28 14:18 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-07-28 14:18 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-07-28 14:18 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-07-28 14:18 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-07-28 14:18 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-07-28 14:18 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-07-28 14:17 - 2015-07-30 19:02 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-28 14:17 - 2015-07-29 17:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-28 14:17 - 2015-07-29 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-28 14:17 - 2015-07-28 14:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-07-28 14:17 - 2015-07-23 05:06 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-07-28 14:17 - 2015-07-23 05:06 - 00112968 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-07-28 14:17 - 2015-07-23 05:06 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-07-28 14:17 - 2015-07-23 05:06 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-07-28 14:17 - 2015-07-23 02:31 - 06873744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-07-28 14:17 - 2015-07-23 02:31 - 03493008 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-07-28 14:17 - 2015-07-23 02:31 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-07-28 14:17 - 2015-07-23 02:31 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-07-28 14:17 - 2015-07-23 02:31 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-07-28 14:17 - 2015-07-23 02:31 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-07-28 14:17 - 2015-07-20 15:16 - 05121613 _____ C:\Windows\system32\nvcoproc.bin
2015-07-28 14:17 - 2015-07-03 05:28 - 00069992 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-07-28 14:17 - 2015-06-17 10:10 - 01567576 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-07-28 14:17 - 2015-03-13 20:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-07-28 14:17 - 2015-03-13 20:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-07-28 14:15 - 2015-07-23 05:06 - 17615408 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-07-28 14:15 - 2015-07-23 05:06 - 12876336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-07-28 14:15 - 2015-07-23 05:06 - 03407144 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-07-28 14:15 - 2015-07-23 05:06 - 03008880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-07-28 14:06 - 2015-07-28 14:18 - 00000000 ____D C:\Program Files\NVIDIA Corporation

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-30 19:05 - 2015-05-14 13:59 - 00006464 _____ C:\Windows\SysWOW64\Gms.log
2015-07-30 19:03 - 2015-05-14 13:16 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-30 19:02 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-30 19:02 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-30 19:00 - 2015-05-14 13:26 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1493809043-4046822524-1557692107-1002
2015-07-30 19:00 - 2014-11-21 08:38 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-30 17:08 - 2015-05-14 13:16 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-30 17:07 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-30 15:43 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-29 20:44 - 2015-05-14 20:58 - 00000000 ____D C:\Windows\Panther
2015-07-29 20:06 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2015-07-29 19:07 - 2015-05-14 08:57 - 00000000 ____D C:\ProgramData\Skype
2015-07-29 18:11 - 2013-08-22 15:44 - 00482560 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-29 17:54 - 2015-05-14 12:03 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-29 17:54 - 2014-11-21 16:14 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-29 17:54 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-29 17:54 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\WinStore
2015-07-29 17:54 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-29 17:14 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-29 17:09 - 2015-05-14 08:50 - 00000000 ____D C:\Windows\system32\MRT
2015-07-29 17:08 - 2015-05-14 12:03 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-29 17:08 - 2015-05-14 12:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-29 02:29 - 2013-08-22 16:36 - 00262144 _____ C:\Windows\system32\config\BCD-Template
2015-07-28 19:29 - 2015-05-14 13:14 - 00000000 ____D C:\Users\Dan Coombes\AppData\Local\VirtualStore
2015-07-28 19:25 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-07-28 19:21 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-07-28 17:11 - 2014-11-21 08:18 - 00000000 ____D C:\Windows\ShellNew
2015-07-28 17:10 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-28 17:10 - 2013-08-22 14:25 - 00000167 _____ C:\Windows\win.ini
2015-07-28 17:03 - 2014-10-27 17:22 - 00000000 ____D C:\Users\Dan Coombes\Documents\michelles level 2
2015-07-28 14:38 - 2015-05-14 13:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-28 14:17 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Help
2015-07-28 14:04 - 2015-05-14 13:16 - 00002279 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-28 14:04 - 2015-05-14 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-28 14:03 - 2015-05-14 13:16 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-28 14:03 - 2015-05-14 13:16 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-13 22:10 - 2014-11-21 16:20 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 22:10 - 2014-11-21 16:20 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-05 11:08 - 2015-05-14 08:44 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-03 08:43 - 2015-05-14 08:50 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-05-14 13:21 - 2015-05-14 13:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Dan Coombes\AppData\Local\Temp\bitool.dll
C:\Users\Dan Coombes\AppData\Local\Temp\Quarantine.exe
C:\Users\Dan Coombes\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-29 19:05

==================== End of log ============================
Danbryn16 is offline  
Old 07-30-2015, 11:15 AM   #5
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: 8.1 Pro



Addition File

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Dan Coombes (2015-07-30 1905)
Running from C:\Users\Dan Coombes\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1493809043-4046822524-1557692107-500 - Administrator - Disabled)
Dan Coombes (S-1-5-21-1493809043-4046822524-1557692107-1002 - Administrator - Enabled) => C:\Users\Dan Coombes
Guest (S-1-5-21-1493809043-4046822524-1557692107-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security 2015 (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.13.0 - Asmedia Technology)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6086 - AVG Technologies)
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
FireStorm version V1.0.45.000 (HKLM-x32\...\FireStorm_is1) (Version: V1.0.45.000 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel(R) Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
TP-LINK Archer T9E Driver (HKLM-x32\...\{59516745-D476-49FD-B281-371844FA1C21}) (Version: 1.3.1 - TP-LINK)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

14-05-2015 13:22:01 Intel® Network Connections
28-07-2015 14:18:00 Installed DirectX
29-07-2015 19:07:15 Removed Skype™ 7.3

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {049F4572-E52F-4F71-86DF-FDE819337BF3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {0F8C8C55-77A9-4A00-985C-F51100F96EC7} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-03-25] (ASUSTek Computer Inc.)
Task: {16CBF426-10E2-419B-91A6-D090ECD85B4B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {1B8D1DFB-B786-4B8A-A717-A860F1424F75} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {6C61A0C7-E55F-469B-B412-E5360A052928} - \Optimize Start Menu Cache Files-S-1-5-21-1493809043-4046822524-1557692107-1001 No Task File <==== ATTENTION
Task: {80497B79-EE14-4C80-9242-03C11932FD90} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {931CC79C-AF60-49EB-B408-EEA18EFD915A} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {93B46370-BDB2-4DD8-875C-F4A0C4524F17} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)
Task: {9B01E42F-66CD-4C49-89E9-C28923AE2DAB} - \WPD\SqmUpload_S-1-5-21-1493809043-4046822524-1557692107-1001 No Task File <==== ATTENTION
Task: {B67B8CE0-1E2D-4248-B1B4-D4D45FAAE04A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-07-28] ()
Task: {BFED713B-9FBA-4AAA-92D2-87A9C110CF6A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {D3EC06AE-B3F6-4A61-AD67-E5E11D9FC066} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {ED929083-8A47-4BCC-9C26-98463B4CEA47} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-28 14:17 - 2015-07-23 02:31 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-14 13:17 - 2014-01-28 04:16 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2015-05-14 13:19 - 2014-06-18 06:54 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2014-01-21 20:07 - 2014-01-21 20:07 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-05-14 13:17 - 2015-07-30 19:02 - 00030720 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-05-14 13:17 - 2014-01-28 04:16 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-01-23 07:55 - 2014-01-23 07:55 - 08878248 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-28 14:23 - 2015-07-24 05:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-07-28 14:04 - 2015-07-23 23:39 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libglesv2.dll
2015-07-28 14:04 - 2015-07-23 23:39 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.107\libegl.dll
2015-07-28 14:32 - 2014-09-28 17:59 - 00019872 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2014-03-20 11:43 - 2014-03-20 11:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1493809043-4046822524-1557692107-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "PowerDVD15Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{A87C22AC-41CB-4E27-9E81-59E3FBF7F3CA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2FAE96AC-0A84-4DAE-92C1-27511FE11101}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{8289A466-A734-4E29-8AB7-AE1F47F95328}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{13E57A4B-70FE-425C-9D1D-A6B08EBF503D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{41427F5E-FE93-40F5-B42C-52EE912E4BA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7993B005-E814-4B8A-B1A3-D1A5BDC75439}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{243773D2-4D00-4904-BDDE-32EED9E900E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F85C7E94-C696-489C-9509-21FEEBA3A78B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{63778F06-6880-4D5B-809D-E41E5888B4F2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A15BC6B5-64BE-4479-BDAB-FE9A945C2ABE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{689D7A10-267E-4A05-B751-79F3F89EEE58}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{291C8FEA-B8A2-4C08-B55C-663043354C86}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E37AEA22-9EF6-44D5-9792-CCD537EDF8A6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6F91BBBC-F611-41EF-93E2-E7070EDD09C4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5F4CFE54-F9B3-439B-B3AE-817353754629}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2953606A-97D5-4256-99DA-CAA45B8B1758}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D6FAF407-DF56-445B-AF25-AEC3957F87C8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7FCBCBE2-A2BE-424A-883C-83BED456AF09}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{4A9B5779-72F6-4E9D-8ABE-108AD3D6DD39}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{7BEC19DA-3B81-40A4-97FF-4F69EB27D236}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A6FB6A8B-99B5-4294-A9B0-D8F7F6D3F4E7}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0F4D3F31-1BEB-479A-A79D-59B01248556C}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{204199E2-1369-46E8-8063-1A947553012D}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DC023F01-B183-4AAA-A63D-62796BDBB093}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BC41321D-AF64-4878-A8D8-C54C28C8B5E3}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A972FA9E-C62A-4106-9C7C-927C4DDEE2F7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{D3027519-A428-46D9-B506-5C95402F3A8D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{1BD87DC9-3E3D-4D58-B5F6-B5827F9B2E64}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{A0C57BF0-8FBC-4F5B-860C-C832ED18834D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{7D077544-C2AD-445D-ADE1-6AC1776BC22F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{8421F507-BDC6-4031-91A4-B0FDE732769D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2015 06:57:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iPT Browser.exe, version: 1.0.0.0, time stamp: 0x5560925f
Faulting module name: awesomium.dll, version: 1.7.5.0, time stamp: 0x546a527c
Exception code: 0x4000001f
Fault offset: 0x0008eb00
Faulting process id: 0x1994
Faulting application start time: 0xiPT Browser.exe0
Faulting application path: iPT Browser.exe1
Faulting module path: iPT Browser.exe2
Report Id: iPT Browser.exe3
Faulting package full name: iPT Browser.exe4
Faulting package-relative application ID: iPT Browser.exe5

Error: (07/30/2015 12:58:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iPT Browser.exe, version: 1.0.0.0, time stamp: 0x5560925f
Faulting module name: awesomium.dll, version: 1.7.5.0, time stamp: 0x546a527c
Exception code: 0x4000001f
Fault offset: 0x0008eb00
Faulting process id: 0x284
Faulting application start time: 0xiPT Browser.exe0
Faulting application path: iPT Browser.exe1
Faulting module path: iPT Browser.exe2
Report Id: iPT Browser.exe3
Faulting package full name: iPT Browser.exe4
Faulting package-relative application ID: iPT Browser.exe5

Error: (07/29/2015 09:12:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PowerDVD.exe, version: 15.0.30268.5110, time stamp: 0x54feec10
Faulting module name: EvoParser.dll_unloaded, version: 1.2.0.7319, time stamp: 0x54bcb900
Exception code: 0xc00001a5
Fault offset: 0x00022cae
Faulting process id: 0x364
Faulting application start time: 0xPowerDVD.exe0
Faulting application path: PowerDVD.exe1
Faulting module path: PowerDVD.exe2
Report Id: PowerDVD.exe3
Faulting package full name: PowerDVD.exe4
Faulting package-relative application ID: PowerDVD.exe5

Error: (07/29/2015 09:03:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fm.exe, version: 15.1.3.0, time stamp: 0x545f6b97
Faulting module name: steam_api.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000142
Fault offset: 0x0009d4f2
Faulting process id: 0x18bc
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3
Faulting package full name: fm.exe4
Faulting package-relative application ID: fm.exe5

Error: (07/29/2015 09:03:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fm.exe, version: 15.1.3.0, time stamp: 0x545f6b97
Faulting module name: steam_api.dll, version: 6.3.9600.17736, time stamp: 0x550f42c2
Exception code: 0xc0000142
Fault offset: 0x0009d4f2
Faulting process id: 0xaf8
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report Id: fm.exe3
Faulting package full name: fm.exe4
Faulting package-relative application ID: fm.exe5

Error: (07/29/2015 08:59:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DTShellHlp.exe, version: 6.1.0.484, time stamp: 0x54f09b29
Faulting module name: DTShellHlp.exe, version: 6.1.0.484, time stamp: 0x54f09b29
Exception code: 0xc0000005
Fault offset: 0x0000000000008621
Faulting process id: 0x2b8
Faulting application start time: 0xDTShellHlp.exe0
Faulting application path: DTShellHlp.exe1
Faulting module path: DTShellHlp.exe2
Report Id: DTShellHlp.exe3
Faulting package full name: DTShellHlp.exe4
Faulting package-relative application ID: DTShellHlp.exe5

Error: (07/29/2015 08:54:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iPT Browser.exe, version: 1.0.0.0, time stamp: 0x5560925f
Faulting module name: awesomium.dll, version: 1.7.5.0, time stamp: 0x546a527c
Exception code: 0x4000001f
Fault offset: 0x0008eb00
Faulting process id: 0x1fc4
Faulting application start time: 0xiPT Browser.exe0
Faulting application path: iPT Browser.exe1
Faulting module path: iPT Browser.exe2
Report Id: iPT Browser.exe3
Faulting package full name: iPT Browser.exe4
Faulting package-relative application ID: iPT Browser.exe5

Error: (07/29/2015 08:52:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iPT Browser.exe, version: 1.0.0.0, time stamp: 0x5560925f
Faulting module name: awesomium.dll, version: 1.7.5.0, time stamp: 0x546a527c
Exception code: 0x4000001f
Fault offset: 0x0008eb00
Faulting process id: 0x1ec4
Faulting application start time: 0xiPT Browser.exe0
Faulting application path: iPT Browser.exe1
Faulting module path: iPT Browser.exe2
Report Id: iPT Browser.exe3
Faulting package full name: iPT Browser.exe4
Faulting package-relative application ID: iPT Browser.exe5

Error: (07/29/2015 07:43:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iPT Browser.exe, version: 1.0.0.0, time stamp: 0x5560925f
Faulting module name: awesomium.dll, version: 1.7.5.0, time stamp: 0x546a527c
Exception code: 0x4000001f
Fault offset: 0x0008eb00
Faulting process id: 0x1d70
Faulting application start time: 0xiPT Browser.exe0
Faulting application path: iPT Browser.exe1
Faulting module path: iPT Browser.exe2
Report Id: iPT Browser.exe3
Faulting package full name: iPT Browser.exe4
Faulting package-relative application ID: iPT Browser.exe5

Error: (07/29/2015 07:07:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (07/30/2015 07:02:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (07/30/2015 07:02:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (07/30/2015 07:02:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (07/30/2015 07:02:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/30/2015 07:02:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (07/30/2015 07:02:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/30/2015 07:02:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/30/2015 07:02:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/30/2015 07:02:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/30/2015 07:02:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================
Error: (07/30/2015 06:57:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iPT Browser.exe1.0.0.05560925fawesomium.dll1.7.5.0546a527c4000001f0008eb00199401d0caf0e393ca31C:\Program Files (x86)\iPT Browser\iPT Browser.exeC:\Program Files (x86)\iPT Browser\awesomium.dll80d116ff-36e4-11e5-8261-1c872c742cb8

Error: (07/30/2015 12:58:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iPT Browser.exe1.0.0.05560925fawesomium.dll1.7.5.0546a527c4000001f0008eb0028401d0cabe7d765555C:\Program Files (x86)\iPT Browser\iPT Browser.exeC:\Program Files (x86)\iPT Browser\awesomium.dll53dc60fd-36b2-11e5-825f-1c872c742cb8

Error: (07/29/2015 09:12:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PowerDVD.exe15.0.30268.511054feec10EvoParser.dll_unloaded1.2.0.731954bcb900c00001a500022cae36401d0ca3ae7f26bf6C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exeEvoParser.dll26306c0c-362e-11e5-825e-1c872c742cb8

Error: (07/29/2015 09:03:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe15.1.3.0545f6b97steam_api.dll6.3.9600.17736550f42c2c00001420009d4f218bc01d0ca399e36864dC:\Program Files (x86)\Football Manager 2015\fm.exesteam_api.dlldd2fa16c-362c-11e5-825e-1c872c742cb8

Error: (07/29/2015 09:03:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: fm.exe15.1.3.0545f6b97steam_api.dll6.3.9600.17736550f42c2c00001420009d4f2af801d0ca3992b87b31C:\Program Files (x86)\Football Manager 2015\fm.exesteam_api.dlld4fc269d-362c-11e5-825e-1c872c742cb8

Error: (07/29/2015 08:59:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DTShellHlp.exe6.1.0.48454f09b29DTShellHlp.exe6.1.0.48454f09b29c000000500000000000086212b801d0ca38dba436b9C:\Program Files\DAEMON Tools Pro\DTShellHlp.exeC:\Program Files\DAEMON Tools Pro\DTShellHlp.exe42a542c8-362c-11e5-825e-1c872c742cb8

Error: (07/29/2015 08:54:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iPT Browser.exe1.0.0.05560925fawesomium.dll1.7.5.0546a527c4000001f0008eb001fc401d0ca3859746836C:\Program Files (x86)\iPT Browser\iPT Browser.exeC:\Program Files (x86)\iPT Browser\awesomium.dllaaa209ff-362b-11e5-825e-1c872c742cb8

Error: (07/29/2015 08:52:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iPT Browser.exe1.0.0.05560925fawesomium.dll1.7.5.0546a527c4000001f0008eb001ec401d0ca37d0424f7fC:\Program Files (x86)\iPT Browser\iPT Browser.exeC:\Program Files (x86)\iPT Browser\awesomium.dll482ad490-362b-11e5-825e-1c872c742cb8

Error: (07/29/2015 07:43:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iPT Browser.exe1.0.0.05560925fawesomium.dll1.7.5.0546a527c4000001f0008eb001d7001d0ca2e263cac0eC:\Program Files (x86)\iPT Browser\iPT Browser.exeC:\Program Files (x86)\iPT Browser\awesomium.dlla4603495-3621-11e5-825e-1c872c742cb8

Error: (07/29/2015 07:07:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.


CodeIntegrity:
===================================
Date: 2015-07-28 17:03:08.624
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-28 17:03:08.545
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-28 17:03:08.483
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-28 17:03:06.464
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-28 17:03:06.395
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-28 17:03:06.180
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-28 17:03:06.129
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-28 17:03:05.894
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-28 17:03:05.832
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-07-28 17:03:05.626
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
Percentage of memory in use: 12%
Total physical RAM: 16322.07 MB
Available physical RAM: 14259.67 MB
Total Virtual: 18754.07 MB
Available Virtual: 16519.96 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931 GB) (Free:880.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 35CDE6E8)

Partition: GPT Partition Type.

==================== End of log ============================
Danbryn16 is offline  
Old 07-30-2015, 05:44 PM   #6
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Danbryn16. Are you using a legal copy of Office?

Check for additional security risks:
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-31-2015, 01:00 AM   #7
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: 8.1 Pro



Thank you for your fast reply

Yeah my Office is legal my son sorted it for me,

Here is the ckfiles.txt

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz\file_id.diz
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz\tcx5309a.zip
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz\tcx5309b.zip
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz\tcx5309c.zip
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz\tcx5309d.zip
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz\tcx5309e.zip
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz\tcx5309f.zip
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz\tcx5309g.zip
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz\tcx5309h.zip
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz\tcx5309i.zip
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz\tcx5309j.zip
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz\tsz.nfo
scanner sequence 3.EH.11.TTAAI0
----- EOF -----
Danbryn16 is offline  
Old 07-31-2015, 03:22 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Danbryn16.

Quote:
Yeah my Office is legal my son sorted it for me
Could you explain that? You have a file used for cracking Office on your machine, along with this crack for convertxtodvd, right on your desktop:

Quote:
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 07-31-2015, 03:56 PM   #9
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: 8.1 Pro



No i cant explain that,
I trust him to get me office.
I will uninstall it now i think :)
Would thay be causing the debug file to appear?
Danbryn16 is offline  
Old 08-01-2015, 01:14 PM   #10
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: 8.1 Pro



Quote:
Originally Posted by chemist View Post
Hello again, Danbryn16.



Could you explain that? You have a file used for cracking Office on your machine, along with this crack for convertxtodvd, right on your desktop:



------------------------------------------------------
If i uninstall office, would that be the cause to Debug to appear ?
Danbryn16 is offline  
Old 08-01-2015, 03:56 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Danbryn16. Yes, you will have to uninstall Microsoft Office Professional Plus 2013. Make sure it is uninstalled before running the fix below.

No, the Debug.log didn't come from that.

It appears you attempted to install Awesomium SDK:

Quote:
2015-07-30 18:55 - 2015-07-30 18:57 - 00000495 _____ C:\Users\Dan Coombes\Desktop\debug.log
2015-07-30 16:55 - 2015-07-30 19:05 - 00072407 _____ C:\Windows\WindowsUpdate.log
2015-07-30 15:44 - 2015-07-30 19:02 - 00001044 _____ C:\Windows\setupact.log
2015-07-30 15:44 - 2015-07-30 15:44 - 00000000 _____ C:\Windows\setuperr.log
2015-07-30 15:37 - 2015-07-30 15:37 - 00000000 ____D C:\Users\Public\Documents\Awesomium SDK Samples
2015-07-30 13:29 - 2015-07-30 13:29 - 00000000 ____D C:\ProgramData\Caphyon
2015-07-30 13:13 - 2015-07-30 13:29 - 00000000 ____D C:\Users\Dan Coombes\AppData\Roaming\Awesomium Technologies LLC
2015-07-30 13:06 - 2015-07-30 13:07 - 71471328 _____ (Awesomium Technologies LLC) C:\Users\Dan Coombes\Downloads\awesomium_1_7_5_1_sdk_win.exe
That would be where the Debug.log came from.

Maybe the internet connection was disconnected before the install was completed?

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
    AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden
    ask: {049F4572-E52F-4F71-86DF-FDE819337BF3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
    C:\Program Files\Common Files\Microsoft Shared\Office15
    Task: {16CBF426-10E2-419B-91A6-D090ECD85B4B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
    C:\Program Files\Microsoft Office
    Task: {9B01E42F-66CD-4C49-89E9-C28923AE2DAB} - \WPD\SqmUpload_S-1-5-21-1493809043-4046822524-1557692107-1001 No Task File <==== ATTENTION
    Task: {B67B8CE0-1E2D-4248-B1B4-D4D45FAAE04A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-07-28] ()
    Task: {D3EC06AE-B3F6-4A61-AD67-E5E11D9FC066} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
    C:\Program Files (x86)\Microsoft Office
    FirewallRules: [{6F91BBBC-F611-41EF-93E2-E7070EDD09C4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
    FirewallRules: [{5F4CFE54-F9B3-439B-B3AE-817353754629}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
    FirewallRules: [{2953606A-97D5-4256-99DA-CAA45B8B1758}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{D6FAF407-DF56-445B-AF25-AEC3957F87C8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{7BEC19DA-3B81-40A4-97FF-4F69EB27D236}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{A6FB6A8B-99B5-4294-A9B0-D8F7F6D3F4E7}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{0F4D3F31-1BEB-479A-A79D-59B01248556C}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{204199E2-1369-46E8-8063-1A947553012D}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{DC023F01-B183-4AAA-A63D-62796BDBB093}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{BC41321D-AF64-4878-A8D8-C54C28C8B5E3}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Users\Dan Coombes\AppData\Roaming\uTorrent
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    2015-07-28 17:13 - 2015-07-30 19:03 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
    2015-07-28 17:13 - 2015-07-28 21:13 - 00000000 ____D C:\Windows\AutoKMS
    c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    2015-07-28 17:13 - 2015-07-28 17:13 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
    2015-07-28 17:11 - 2015-07-28 17:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2015-07-28 17:09 - 2015-07-28 17:09 - 00000000 __RHD C:\MSOCache
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

-----------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-02-2015, 03:47 AM   #12
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: 8.1 Pro



Thank you, i have uninstalled office and i saved the code in the same file location as the FRST64.EXE

i Ran the program and pressed fix, it updated and i pressed fix again, my pc has restarted and i have copy and pasted the log below


Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015
Ran by Dan Coombes (2015-08-02 11:43:05) Run:1
Running from C:\Users\Dan Coombes\Downloads
Loaded Profiles: Dan Coombes (Available Profiles: Dan Coombes)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
AVG 2015 (Version: 15.0.4392 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6086 - AVG Technologies) Hidden
ask: {049F4572-E52F-4F71-86DF-FDE819337BF3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
C:\Program Files\Common Files\Microsoft Shared\Office15
Task: {16CBF426-10E2-419B-91A6-D090ECD85B4B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
C:\Program Files\Microsoft Office
Task: {9B01E42F-66CD-4C49-89E9-C28923AE2DAB} - \WPD\SqmUpload_S-1-5-21-1493809043-4046822524-1557692107-1001 No Task File <==== ATTENTION
Task: {B67B8CE0-1E2D-4248-B1B4-D4D45FAAE04A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-07-28] ()
Task: {D3EC06AE-B3F6-4A61-AD67-E5E11D9FC066} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
C:\Program Files (x86)\Microsoft Office
FirewallRules: [{6F91BBBC-F611-41EF-93E2-E7070EDD09C4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5F4CFE54-F9B3-439B-B3AE-817353754629}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2953606A-97D5-4256-99DA-CAA45B8B1758}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D6FAF407-DF56-445B-AF25-AEC3957F87C8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7BEC19DA-3B81-40A4-97FF-4F69EB27D236}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A6FB6A8B-99B5-4294-A9B0-D8F7F6D3F4E7}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0F4D3F31-1BEB-479A-A79D-59B01248556C}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{204199E2-1369-46E8-8063-1A947553012D}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DC023F01-B183-4AAA-A63D-62796BDBB093}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BC41321D-AF64-4878-A8D8-C54C28C8B5E3}] => (Allow) C:\Users\Dan Coombes\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\Dan Coombes\AppData\Roaming\uTorrent
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-07-28 17:13 - 2015-07-30 19:03 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-07-28 17:13 - 2015-07-28 21:13 - 00000000 ____D C:\Windows\AutoKMS
c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
2015-07-28 17:13 - 2015-07-28 17:13 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-07-28 17:11 - 2015-07-28 17:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-28 17:09 - 2015-07-28 17:09 - 00000000 __RHD C:\MSOCache
EmptyTemp:
end
*****************

Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG\\SystemComponent => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG\\SystemComponent => value not found.
ask: {049F4572-E52F-4F71-86DF-FDE819337BF3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe => Error: No automatic fix found for this entry.
"C:\Program Files\Common Files\Microsoft Shared\Office15" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16CBF426-10E2-419B-91A6-D090ECD85B4B} => key not found.
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn => key not found.
"C:\Program Files\Microsoft Office" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B01E42F-66CD-4C49-89E9-C28923AE2DAB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B01E42F-66CD-4C49-89E9-C28923AE2DAB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1493809043-4046822524-1557692107-1001" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B67B8CE0-1E2D-4248-B1B4-D4D45FAAE04A} => key not found.
C:\Windows\System32\Tasks\AutoKMS => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3EC06AE-B3F6-4A61-AD67-E5E11D9FC066} => key not found.
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack => key not found.
C:\Program Files (x86)\Microsoft Office => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F91BBBC-F611-41EF-93E2-E7070EDD09C4} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5F4CFE54-F9B3-439B-B3AE-817353754629} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2953606A-97D5-4256-99DA-CAA45B8B1758} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6FAF407-DF56-445B-AF25-AEC3957F87C8} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BEC19DA-3B81-40A4-97FF-4F69EB27D236} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6FB6A8B-99B5-4294-A9B0-D8F7F6D3F4E7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0F4D3F31-1BEB-479A-A79D-59B01248556C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{204199E2-1369-46E8-8063-1A947553012D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DC023F01-B183-4AAA-A63D-62796BDBB093} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC41321D-AF64-4878-A8D8-C54C28C8B5E3} => value removed successfully
C:\Users\Dan Coombes\AppData\Roaming\uTorrent => moved successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"C:\Windows\System32\Tasks\AutoKMS" => File/Folder not found.
C:\Windows\AutoKMS => moved successfully.
"c:\users\dan coombes\desktop\vso.convertxtodvd.v5.3.0.9.multilingual.incl.keygen.and.patch-tsz" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key not found.
HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => key not found.
"HKCR\Wow6432Node\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key not found.
HKCR\Wow6432Node\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0 => key not found.
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) not found.
C:\ProgramData\Microsoft Toolkit => moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013" => File/Folder not found.
"C:\MSOCache" => File/Folder not found.
EmptyTemp: => 557.5 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 11:43:14 ====
Danbryn16 is offline  
Old 08-02-2015, 12:21 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Danbryn16. You're very welcome. Any remaining problems?

It is not necessary to quote my previous instructions in your replies. Thanks.

------------------------------------------------------

It appears that you have two antivirus programs installed and running, AVG and Windows Defender.

While this may seem like better protection, they can actually conflict with one another and cause system instability or even system hangs.

Windows Defender has been upgraded to an antivirus for Windows 8. You do not need to install another antivirus.

Windows Defender in Windows 8 resembles Microsoft Security Essentials and uses the same virus definitions:

https://en.wikipedia.org/wiki/Windows_Defender

Please uninstall AVG via Programs and Features in your Control Panel.

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-03-2015, 09:21 AM   #14
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: 8.1 Pro



sorry about the quoting,

does this mean the debug file can be deleted and it will not re appear ?

Here is the Log From Malwarebytes' Anti-Malware

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 03/08/2015
Scan Time: 17:14
Logfile: file.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.03.04
Rootkit Database: v2015.08.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Dan Coombes

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338606
Time Elapsed: 4 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-1493809043-4046822524-1557692107-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://uk.search.yahoo.com/?type=20...=spigot-yhp-ie, Good: (Google), Bad: (https://uk.search.yahoo.com/?type=20...p-ie),Replaced,[442c3dc72b608da96a0b310b55b0f20e]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Danbryn16 is offline  
Old 08-03-2015, 11:22 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Danbryn16. You shouldn't see the log again. Yes, you can delete it.

If there are no remaining problems...

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • Select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • Select your hard drive(usually C:\) then click 'OK'.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the Delete button in the confirm deletion window.
This will remove all but the most recent Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

Make sure you backup your system, so possible reformatting in the future isn't necessary:

What happened to Backup and Restore? - Windows Help

Backup and Recovery of Windows 8 & Windows 8.1 - Tip-of-the-Day - KeithMayer.com - Site Home - TechNet Blogs

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide for Windows 8 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 08-04-2015, 12:47 PM   #16
Registered Member
 
Join Date: Jul 2015
Posts: 10
OS: 8.1 Pro



Thank you for all your help.

I have followed all your final steps,

1 issue i had was when i ran "cmd /c rd /s /q "C:\FRST" no dos box appeared,
BUT... It may have come up and gone quickly

Solved,,
Thank you again
Danbryn16 is offline  
Old 08-04-2015, 01:15 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Danbryn16! Glad to have helped.

If it still exists, right-click and delete this folder > C:\FRST
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Games crashing to desktop, random BSOD's
Hi! I recently bought this PC used (Acer Predator G3610). Got it so cheap I couldn't refuse haha. Specs: MSI Geforce GTX 770 Twin Frozr OC (Replaced the default 560Ti) Intel Core i7-2600 3,4Ghz 16gb RAM 1,5tb HDD space Acer Predator G3610 motherboard
Jezpukka BSOD, App Crashes And Hangs 1 04-03-2014 04:30 PM
In computers, are random numbers really random?
In computers, are random numbers really random? | Malwarebytes Unpacked
JMH3143 Computer Security News 1 09-30-2013 10:28 PM
remote desktop not working from outside of network
So i'm trying to set up remote desktop connection for my desktop at (xp pro, sp2). I've went through all the steps: - allowed users to connect remotely (system properties) - added to firewall exceptions - opened up port 3389 I've disabled firewall and virus protection for now as well to...
dckster Networking Support 10 07-07-2012 10:27 AM
[SOLVED] Desktop Computer Disco's while laptop is on internet...
Ok weird situation but Im hoping all you smart guys out there can help me lol I have a Desktop computer running Windows XP. 2 Weeks ago I bought a laptop that has windows 7 on it and changed my router from the one I was running to a Belkin n150 wireless router so I could be free to roam...
Book1985 Networking Support 33 01-27-2011 04:27 PM
Random "desktop" notepad things appearing on my desktop?!
Random notepads named "desktops" have appeared on my desktop, and if I try to delete them, it says that it might affect how my comp. works.. Also, in my documents, random folders that WERE NOT THERE PREVIOUSLY have appeared, but which I have no access to. HELP!?
sheeparethebest Windows 7 , Windows Vista Support 3 01-06-2011 04:22 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:05 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts