Solved Cloudscout/DNSUnlocker

And the adverts are back :(
I have barely been using the internet and haven't downloaded anything so I don't think I have been re-infected....

Disabling everything in Google Chromes Content Settings seems to prevent the adverts from showing up (have to, or else this site is pretty much unviewable) but that's not a proper solution.

Please help
 
Last edited:
If only Chrome browser is affected...

Reset Chrome...
Click on "Customize and control Google Chrome":
p22003758.gif

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/
  • Close all Chrome windows and tabs.
  • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  • Click Programs and Features.
  • Double-click Google Chrome.
  • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
Install fresh copy.
 
It is currently only Google Chrome, but Once it did appear in Internet Explorer.
Reset browser didn't work, Going to uninstall and then reinstall chrome now.

EDIT: Reinstalled Chrome and I currently do not have DNSunlocker adverts. No idea how long that will last though.

Oddly, while I did check also delete your browsing data, when I reinstalled Chrome I still had bookmarks (though they were old bookmarks, like from a few years ago)
 
Last edited:
Let's try to reset your router.

Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer.

NOTE. You may need to re-check your router security settings, as described HERE
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-09-2015
Ran by wills (administrator) on HOME (13-09-2015 10:55:44)
Running from C:\Users\wills\Desktop
Loaded Profiles: wills (Available Profiles: wills)
Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
Startup: C:\Users\wills\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-06-16]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{069099DC-4CBE-4446-9B56-194B1E558DDF}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1206E400-6297-4C54-831C-BA919F239804}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{AE87B87A-3F62-46C1-ACBA-6444E72AC939}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2015-06-09] ()
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKU\S-1-5-21-2328787975-3927773778-2076377496-1004 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()

FireFox:
========
FF ProfilePath: C:\Users\wills\AppData\Roaming\Mozilla\Firefox\Profiles\yhys6o5n.default-1441424448047
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPBDA15FF0-ECEC-4470-9164-64DA7E3C157D
CHR Profile: C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-11]
CHR Extension: (Google Drive) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-11]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-09-11]
CHR Extension: (YouTube) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-11]
CHR Extension: (Google Search) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-11]
CHR Extension: (Google Sheets) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-11]
CHR Extension: (Google Docs Offline) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-11]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-11]
CHR Extension: (Gmail) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-11]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-20] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-06] ()
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-13 10:55 - 2015-09-13 10:56 - 00010138 _____ C:\Users\wills\Desktop\FRST.txt
2015-09-13 10:55 - 2015-09-13 10:56 - 00000000 ____D C:\FRST
2015-09-13 10:54 - 2015-09-13 10:55 - 02190848 _____ (Farbar) C:\Users\wills\Desktop\FRST64.exe
2015-09-12 07:38 - 2015-09-12 07:38 - 00000316 _____ C:\WINDOWS\PFRO.log
2015-09-11 11:34 - 2015-09-11 11:34 - 00002239 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-11 11:34 - 2015-09-11 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-11 11:32 - 2015-09-13 10:37 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-11 11:32 - 2015-09-13 09:06 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-11 11:32 - 2015-09-11 11:32 - 00003878 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-11 11:32 - 2015-09-11 11:32 - 00003642 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-11 11:31 - 2015-09-11 11:31 - 00929360 _____ (Google Inc.) C:\Users\wills\Downloads\ChromeSetup.exe
2015-09-09 12:46 - 2015-09-09 12:46 - 00000000 ____D C:\Users\wills\AppData\Local\Secunia PSI
2015-09-09 12:46 - 2015-09-09 12:46 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-09-09 12:45 - 2015-09-09 12:45 - 01799392 _____ (Malwarebytes Corporation) C:\Users\wills\Desktop\JRT.exe
2015-09-09 12:44 - 2015-09-09 12:44 - 01660416 _____ C:\Users\wills\Desktop\adwcleaner_5.007.exe
2015-09-09 12:43 - 2015-09-09 12:43 - 00448512 _____ (OldTimer Tools) C:\Users\wills\Desktop\TFC.exe
2015-09-09 12:42 - 2015-09-09 12:42 - 05490752 _____ (Secunia) C:\Users\wills\Downloads\PSISetup.exe
2015-09-09 12:38 - 2015-09-09 12:38 - 00000000 ____D C:\Program Files\WOT
2015-09-09 12:38 - 2015-09-09 12:38 - 00000000 ____D C:\Program Files (x86)\WOT
2015-09-09 12:13 - 2015-09-03 12:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 12:13 - 2015-09-03 12:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 12:13 - 2015-09-03 04:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 12:13 - 2015-09-03 03:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 12:13 - 2015-08-23 04:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 12:13 - 2015-08-23 03:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 12:13 - 2015-08-23 03:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 12:13 - 2015-08-23 03:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 12:13 - 2015-08-23 03:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 12:13 - 2015-08-23 03:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 12:13 - 2015-08-23 02:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 12:13 - 2015-08-23 02:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 12:13 - 2015-08-23 02:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 12:13 - 2015-08-23 02:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 12:13 - 2015-08-23 02:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 12:13 - 2015-08-23 02:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 12:13 - 2015-08-23 02:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 12:13 - 2015-08-23 02:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 12:13 - 2015-08-23 02:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 12:13 - 2015-08-23 02:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 12:13 - 2015-08-23 02:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 12:13 - 2015-08-23 02:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 12:13 - 2015-08-23 01:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 12:13 - 2015-07-31 03:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 12:13 - 2015-07-31 02:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 12:12 - 2015-08-23 02:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 12:12 - 2015-08-23 02:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 12:12 - 2015-08-23 02:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 12:12 - 2015-08-23 02:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 12:12 - 2015-08-23 02:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 12:12 - 2015-08-23 02:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 12:12 - 2015-08-23 02:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 12:12 - 2015-08-23 02:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 12:12 - 2015-08-23 02:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 12:12 - 2015-08-23 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 12:11 - 2015-09-02 12:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 12:11 - 2015-09-02 12:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 12:11 - 2015-09-02 12:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 12:11 - 2015-09-02 12:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 12:11 - 2015-09-02 12:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 12:11 - 2015-08-04 07:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 12:11 - 2015-08-04 07:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 12:11 - 2015-08-02 00:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 12:11 - 2015-08-01 13:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 12:11 - 2015-08-01 13:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 12:11 - 2015-08-01 13:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 12:11 - 2015-08-01 13:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 12:11 - 2015-08-01 13:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 12:11 - 2015-07-23 00:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 12:11 - 2015-07-23 00:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 12:11 - 2015-07-23 00:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 12:11 - 2015-07-23 00:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 12:11 - 2015-07-19 04:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 12:11 - 2015-07-19 04:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 12:11 - 2015-07-19 04:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 12:11 - 2015-07-19 04:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 12:06 - 2015-09-09 12:06 - 00001391 _____ C:\DelFix.txt
2015-09-09 12:06 - 2015-09-09 12:06 - 00000000 ____D C:\WINDOWS\ERUNT
2015-09-08 14:25 - 2015-09-08 14:26 - 00000000 ____D C:\ProgramData\Sophos
2015-09-08 14:21 - 2015-09-08 14:21 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-09-08 14:21 - 2015-09-08 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-09-08 14:21 - 2015-09-08 14:21 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-09-08 13:59 - 2015-09-08 14:02 - 132672592 _____ (Sophos Limited) C:\Users\wills\Downloads\Sophos Virus Removal Tool.exe
2015-09-05 19:13 - 2015-09-06 10:18 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-05 19:13 - 2015-09-05 19:29 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-05 15:02 - 2015-09-12 07:50 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2328787975-3927773778-2076377496-1004
2015-09-05 14:57 - 2015-09-13 09:06 - 00001232 _____ C:\WINDOWS\setupact.log
2015-09-05 14:57 - 2015-09-05 14:57 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-05 14:53 - 2015-08-27 12:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-05 14:53 - 2015-08-27 04:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-05 14:53 - 2015-08-27 04:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-05 14:53 - 2015-08-27 04:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-05 14:53 - 2015-08-27 04:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-05 14:53 - 2015-08-27 00:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-05 14:53 - 2015-08-27 00:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-05 14:53 - 2015-08-27 00:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-05 14:53 - 2015-08-27 00:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-05 14:53 - 2015-08-27 00:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-05 14:53 - 2015-08-27 00:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-05 14:53 - 2015-08-27 00:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-05 14:51 - 2015-09-13 10:14 - 01111802 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-05 14:32 - 2015-09-05 14:32 - 00034324 _____ C:\Users\wills\Documents\2015 09 05 Registry Backup cc_20150905_143216.reg
2015-09-05 13:58 - 2015-09-05 13:59 - 06667640 _____ (Piriform Ltd) C:\Users\wills\Downloads\ccsetup509.exe
2015-09-05 11:51 - 2015-09-05 11:51 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\wills\Downloads\iExplore.exe
2015-09-03 13:11 - 2015-09-05 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-31 20:13 - 2015-08-31 20:13 - 00081904 _____ C:\Users\wills\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-26 16:24 - 2015-08-26 16:25 - 00000025 _____ C:\Users\wills\Documents\ebgames carrots.txt
2015-08-20 10:48 - 2015-07-23 00:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-08-20 10:48 - 2015-07-22 23:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-20 10:48 - 2015-07-18 00:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-08-20 10:48 - 2015-07-18 00:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-08-20 10:48 - 2015-07-04 07:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-20 10:48 - 2015-07-04 00:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-20 10:48 - 2015-06-27 21:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-08-20 10:47 - 2015-07-14 13:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-20 10:47 - 2015-07-14 05:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-20 10:47 - 2015-07-10 02:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-20 10:47 - 2015-06-20 03:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-19 16:51 - 2015-08-20 15:42 - 00000000 _____ C:\Users\wills\Documents\80 music videos.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-13 10:48 - 2013-03-03 11:49 - 00000562 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-09-13 10:08 - 2013-03-02 15:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-13 10:00 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-13 09:08 - 2014-05-16 20:15 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2A0A3BCF-EF48-4FA9-8CCA-9ACF99987F59}
2015-09-13 09:08 - 2014-05-16 18:58 - 00000000 __RDO C:\Users\wills\OneDrive
2015-09-13 09:06 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-13 03:30 - 2013-08-22 23:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-09-11 11:34 - 2013-03-03 15:14 - 00000000 ____D C:\Users\wills\AppData\Local\Google
2015-09-11 11:34 - 2013-03-03 15:14 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-11 11:12 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-10 18:39 - 2013-03-02 11:36 - 00000000 ____D C:\Users\wills\Documents\Games
2015-09-10 12:50 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-09 12:26 - 2013-08-23 00:44 - 00377600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-09 12:23 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 12:22 - 2013-03-02 16:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 12:21 - 2014-03-19 01:10 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 12:19 - 2013-07-15 12:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 12:10 - 2012-07-26 17:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-07 14:57 - 2014-03-19 01:25 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-06 11:21 - 2015-03-10 12:10 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-05 14:55 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-09-05 14:33 - 2014-07-25 20:31 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-05 14:33 - 2014-07-11 22:55 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-05 14:33 - 2013-03-03 15:08 - 00000000 ____D C:\Users\wills\AppData\Roaming\uTorrent
2015-09-05 14:18 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-05 14:00 - 2013-03-02 17:54 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-05 14:00 - 2013-03-02 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-05 14:00 - 2013-03-02 17:54 - 00000000 ____D C:\Program Files\CCleaner
2015-09-05 13:55 - 2013-03-02 14:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-05 11:47 - 2014-07-14 19:17 - 00000000 ____D C:\NeverwinterNights
2015-09-05 11:47 - 2013-03-02 08:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-03 19:47 - 2014-08-14 12:38 - 00705024 ___SH C:\Users\wills\Downloads\Thumbs.db
2015-09-03 11:12 - 2014-04-03 11:01 - 00000000 ____D C:\Users\wills\AppData\Roaming\vlc
2015-08-26 18:37 - 2013-03-02 11:14 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-20 10:49 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-08-15 11:59 - 2013-03-03 10:42 - 00000000 ____D C:\Users\wills\AppData\Local\Packages

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-13 09:40

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-09-2015
Ran by wills (2015-09-13 10:57:22)
Running from C:\Users\wills\Desktop
Windows 8.1 Pro (X64) (2014-05-15 00:21:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2328787975-3927773778-2076377496-500 - Administrator - Disabled)
Guest (S-1-5-21-2328787975-3927773778-2076377496-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2328787975-3927773778-2076377496-1006 - Limited - Enabled)
wills (S-1-5-21-2328787975-3927773778-2076377496-1004 - Administrator - Enabled) => C:\Users\wills

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A731A859-7426-DEB6-80A3-E6A2508DC85A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP)
DVDStyler v2.4.1 (HKLM-x32\...\DVDStyler_is1) (Version: - )
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Ideal DVD Copy V4.1.2 (HKLM-x32\...\Ideal DVD Copy_is1) (Version: - Ideal DVD Software, Inc.)
Ideal DVD to AVI Converter V2.0.7 (HKLM-x32\...\Ideal DVD to AVI Converter_is1) (Version: - Ideal DVD Software, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Memento Mori (HKLM-x32\...\Memento Mori_is1) (Version: - dtp entertainment)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Morris (Nine Men's Morris game) (HKLM-x32\...\Morris) (Version: - )
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
ON_OFF Charge B12.0308.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Optus 3G Modem HL (HKLM-x32\...\Optus 3G Modem HL) (Version: 22.001.26.03.74 - Huawei Technologies Co.,Ltd)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steam Content Server Limiter (HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\...\SteamLimiter) (Version: - Nigel Bree <nigel.bree@gmail.com>)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version: - inXile Entertainment)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 15.6.9.0 - WOT Services Oy)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

09-09-2015 12:06:11 End of disinfection

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2B7F9FAE-04C6-4F4A-9A5F-907A11BC20B3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {567ACFD8-3838-47BE-9F3E-9E0DD2546019} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {5726CF70-ED3A-4622-AB32-8D43C83E06C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {6558A759-C170-4F39-9A62-0B44A3B7641E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {671997E4-A22F-4836-96EF-0763502DC0A0} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {8D1D6B89-0B91-4955-87F7-FA99F4B6F0C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {A1CD2102-14FB-4067-9AFE-26CC11520593} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {C50AA1B0-8EDF-4C3D-958D-205E669361CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.)
Task: {E1423ADD-5241-449D-8B52-95EA805F2437} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {EC2F7081-CDC4-4402-A8B5-2972CEE0EBCC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {F2F12D7C-FC97-408E-BEE1-1E63AFE5F25B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.)
Task: {FBED7C98-68FF-47B5-8655-B28844C4BD32} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-05-12 19:49 - 2014-05-12 19:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-07-06 08:46 - 2014-08-20 17:27 - 00242256 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2015-07-03 20:38 - 2015-07-03 20:38 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\wills\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\wills\Pictures\Random\Black.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [UDP Query User{0E1F0A22-DFFE-4309-A3AC-7730DD77B3C9}C:\users\wills\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\wills\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8AE76131-67CE-4917-8A0F-6E24C417E014}C:\users\wills\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\wills\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{F1B4D82D-F00D-4EDB-A89E-44E17227724C}] => (Allow) C:\Users\wills\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C5F8673B-0A55-472D-A051-78FE07C735B5}] => (Allow) C:\Users\wills\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{94A0A191-DE8C-40E2-A199-D91766D454F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB0C2233-46AE-4C21-84DF-DD4F2534FC84}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5C26865E-3B50-46F3-8BB4-B41CEEF22E0A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8374066E-699D-410A-938A-66662705BB1B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{069548B3-FE0B-4E0C-9B77-36682C93FE28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wasteland 2\Build\WL2.exe
FirewallRules: [{04EC7FDB-F8E0-4C0E-867A-A35F0D203F7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wasteland 2\Build\WL2.exe
FirewallRules: [{A455EB6D-07C8-4EA9-947F-FC3E01D2AD88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D2F32611-458A-4C23-85F8-95F83547B84C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3F0E9BC4-B69B-4F61-9DF2-10F09368B58C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{36C554CF-89CC-4547-8EAA-9AA21524134C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{586AC503-191E-448D-8A42-4E0192539C20}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{0216B23D-DD72-4326-9A52-349181E7DC2D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2015 09:21:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/13/2015 03:24:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/13/2015 01:24:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2015 11:24:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2015 09:24:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2015 07:24:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2015 05:24:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2015 03:24:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2015 01:15:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2015 11:24:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (09/13/2015 10:55:22 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 10:53:07 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 10:51:06 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 10:48:55 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 10:46:22 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 10:44:07 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 10:39:59 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 10:37:45 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 10:35:35 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 10:29:16 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:


Microsoft Office:
=========================

CodeIntegrity:
===================================
Date: 2015-09-13 10:58:58.237
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:58:58.019
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:58:57.784
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:58:42.144
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:58:41.862
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:58:25.737
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:58:25.472
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:58:25.081
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:58:24.815
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:58:24.425
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 44%
Total physical RAM: 3580.15 MB
Available physical RAM: 1970.5 MB
Total Virtual: 4220.15 MB
Available Virtual: 2732.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:84.88 GB) NTFS
Drive j: (Sony_16GR) (Removable) (Total:14.65 GB) (Free:0.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A88F96C5)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.7 GB) - (Type=0C)

==================== End of Addition.txt ============================
 
It looks like you either incorrectly reset/reinstall Chrome or you got reinfected (Conduit):
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPBDA15FF0-ECEC-4470-9164-64DA7E3C157D

Reset Chrome...
Click on "Customize and control Google Chrome":
p22003758.gif

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/
  • Close all Chrome windows and tabs.
  • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  • Click Programs and Features.
  • Double-click Google Chrome.
  • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
Install fresh copy.
 
Followed your instructions on how to delete chrome to the letter last time and it didn't work. this time I'm taking a few more steps as found here: http://www.wintips.org/how-to-completely-uninstall-re-install-google-chrome/
Hopefully it will work better this time...

Also reset chrome sync just in case logging into chrome when I first started the re-installed copy caused me to get re-infected or something (I don't know, and at this point, I will try almost anything...)
 
Last edited:
Reinstalled Chrome and didn't Log in so I didn't get the old Bookmarks etc like I did last time.
re-ran frst64 and didn't see any mention of conduit, Will post the new frst and addition below.

So far no DNSUnlocker. Here's hoping it stays that way for good instead of for only a short period of time like before.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-09-2015
Ran by wills (administrator) on HOME (13-09-2015 13:16:57)
Running from C:\Users\wills\Desktop
Loaded Profiles: wills (Available Profiles: wills)
Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
Startup: C:\Users\wills\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-06-16]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{069099DC-4CBE-4446-9B56-194B1E558DDF}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1206E400-6297-4C54-831C-BA919F239804}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{AE87B87A-3F62-46C1-ACBA-6444E72AC939}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-au/?ocid=iehp
HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2015-06-09] ()
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKU\S-1-5-21-2328787975-3927773778-2076377496-1004 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()

FireFox:
========
FF ProfilePath: C:\Users\wills\AppData\Roaming\Mozilla\Firefox\Profiles\yhys6o5n.default-1441424448047
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-13] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-13]
CHR Extension: (Google Docs) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-13]
CHR Extension: (Google Drive) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-13]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-09-13]
CHR Extension: (YouTube) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-13]
CHR Extension: (Google Search) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-13]
CHR Extension: (Google Sheets) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-13]
CHR Extension: (Google Docs Offline) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-13]
CHR Extension: (Gmail) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-20] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-06] ()
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-13 13:16 - 2015-09-13 13:17 - 00010001 _____ C:\Users\wills\Desktop\FRST.txt
2015-09-13 13:11 - 2015-09-13 13:11 - 00002239 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-13 13:11 - 2015-09-13 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-13 13:09 - 2015-09-13 13:14 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-13 13:09 - 2015-09-13 13:14 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-13 13:09 - 2015-09-13 13:11 - 00000000 ____D C:\Users\wills\AppData\Local\Google
2015-09-13 13:09 - 2015-09-13 13:10 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-13 13:09 - 2015-09-13 13:09 - 00003878 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-13 13:09 - 2015-09-13 13:09 - 00003642 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-13 13:00 - 2015-09-13 13:00 - 00929360 _____ (Google Inc.) C:\Users\wills\Downloads\ChromeSetup.exe
2015-09-13 12:40 - 2015-09-13 13:06 - 00039910 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-13 12:40 - 2015-09-13 12:53 - 00000154 _____ C:\WINDOWS\setupact.log
2015-09-13 12:40 - 2015-09-13 12:40 - 00001542 _____ C:\WINDOWS\PFRO.log
2015-09-13 12:40 - 2015-09-13 12:40 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-13 12:31 - 2015-09-13 12:31 - 00020330 _____ C:\Users\wills\Documents\2015 09 03 Registry Backup cc.reg
2015-09-13 10:55 - 2015-09-13 13:16 - 00000000 ____D C:\FRST
2015-09-13 10:54 - 2015-09-13 10:55 - 02190848 _____ (Farbar) C:\Users\wills\Desktop\FRST64.exe
2015-09-09 12:46 - 2015-09-09 12:46 - 00000000 ____D C:\Users\wills\AppData\Local\Secunia PSI
2015-09-09 12:46 - 2015-09-09 12:46 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-09-09 12:45 - 2015-09-09 12:45 - 01799392 _____ (Malwarebytes Corporation) C:\Users\wills\Desktop\JRT.exe
2015-09-09 12:44 - 2015-09-09 12:44 - 01660416 _____ C:\Users\wills\Desktop\adwcleaner_5.007.exe
2015-09-09 12:43 - 2015-09-09 12:43 - 00448512 _____ (OldTimer Tools) C:\Users\wills\Desktop\TFC.exe
2015-09-09 12:42 - 2015-09-09 12:42 - 05490752 _____ (Secunia) C:\Users\wills\Downloads\PSISetup.exe
2015-09-09 12:38 - 2015-09-09 12:38 - 00000000 ____D C:\Program Files\WOT
2015-09-09 12:38 - 2015-09-09 12:38 - 00000000 ____D C:\Program Files (x86)\WOT
2015-09-09 12:13 - 2015-09-03 12:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 12:13 - 2015-09-03 12:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 12:13 - 2015-09-03 04:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 12:13 - 2015-09-03 03:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 12:13 - 2015-08-23 04:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 12:13 - 2015-08-23 03:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 12:13 - 2015-08-23 03:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 12:13 - 2015-08-23 03:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 12:13 - 2015-08-23 03:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 12:13 - 2015-08-23 03:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 12:13 - 2015-08-23 02:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 12:13 - 2015-08-23 02:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 12:13 - 2015-08-23 02:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 12:13 - 2015-08-23 02:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 12:13 - 2015-08-23 02:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 12:13 - 2015-08-23 02:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 12:13 - 2015-08-23 02:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 12:13 - 2015-08-23 02:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 12:13 - 2015-08-23 02:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 12:13 - 2015-08-23 02:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 12:13 - 2015-08-23 02:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 12:13 - 2015-08-23 02:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 12:13 - 2015-08-23 01:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 12:13 - 2015-07-31 03:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 12:13 - 2015-07-31 02:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 12:12 - 2015-08-23 02:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 12:12 - 2015-08-23 02:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 12:12 - 2015-08-23 02:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 12:12 - 2015-08-23 02:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 12:12 - 2015-08-23 02:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 12:12 - 2015-08-23 02:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 12:12 - 2015-08-23 02:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 12:12 - 2015-08-23 02:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 12:12 - 2015-08-23 02:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 12:12 - 2015-08-23 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 12:11 - 2015-09-02 12:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 12:11 - 2015-09-02 12:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 12:11 - 2015-09-02 12:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 12:11 - 2015-09-02 12:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 12:11 - 2015-09-02 12:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 12:11 - 2015-08-04 07:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 12:11 - 2015-08-04 07:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 12:11 - 2015-08-02 00:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 12:11 - 2015-08-01 13:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 12:11 - 2015-08-01 13:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 12:11 - 2015-08-01 13:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 12:11 - 2015-08-01 13:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 12:11 - 2015-08-01 13:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 12:11 - 2015-07-23 00:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 12:11 - 2015-07-23 00:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 12:11 - 2015-07-23 00:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 12:11 - 2015-07-23 00:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 12:11 - 2015-07-19 04:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 12:11 - 2015-07-19 04:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 12:11 - 2015-07-19 04:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 12:11 - 2015-07-19 04:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 12:06 - 2015-09-09 12:06 - 00001391 _____ C:\DelFix.txt
2015-09-09 12:06 - 2015-09-09 12:06 - 00000000 ____D C:\WINDOWS\ERUNT
2015-09-08 14:25 - 2015-09-08 14:26 - 00000000 ____D C:\ProgramData\Sophos
2015-09-08 14:21 - 2015-09-08 14:21 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-09-08 14:21 - 2015-09-08 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-09-08 14:21 - 2015-09-08 14:21 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-09-08 13:59 - 2015-09-08 14:02 - 132672592 _____ (Sophos Limited) C:\Users\wills\Downloads\Sophos Virus Removal Tool.exe
2015-09-05 19:13 - 2015-09-06 10:18 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-05 19:13 - 2015-09-05 19:29 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-05 15:02 - 2015-09-13 13:16 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2328787975-3927773778-2076377496-1004
2015-09-05 14:53 - 2015-08-27 12:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-05 14:53 - 2015-08-27 04:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-05 14:53 - 2015-08-27 04:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-05 14:53 - 2015-08-27 04:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-05 14:53 - 2015-08-27 04:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-05 14:53 - 2015-08-27 00:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-05 14:53 - 2015-08-27 00:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-05 14:53 - 2015-08-27 00:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-05 14:53 - 2015-08-27 00:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-05 14:53 - 2015-08-27 00:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-05 14:53 - 2015-08-27 00:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-05 14:53 - 2015-08-27 00:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-05 14:32 - 2015-09-05 14:32 - 00034324 _____ C:\Users\wills\Documents\2015 09 05 Registry Backup cc_20150905_143216.reg
2015-09-05 13:58 - 2015-09-13 12:28 - 06667640 _____ (Piriform Ltd) C:\Users\wills\Downloads\ccsetup509.exe
2015-09-05 11:51 - 2015-09-05 11:51 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\wills\Downloads\iExplore.exe
2015-09-03 13:11 - 2015-09-05 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-31 20:13 - 2015-08-31 20:13 - 00081904 _____ C:\Users\wills\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-26 16:24 - 2015-08-26 16:25 - 00000025 _____ C:\Users\wills\Documents\ebgames carrots.txt
2015-08-20 10:48 - 2015-07-23 00:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-08-20 10:48 - 2015-07-22 23:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-20 10:48 - 2015-07-18 00:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-08-20 10:48 - 2015-07-18 00:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-08-20 10:48 - 2015-07-04 07:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-20 10:48 - 2015-07-04 00:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-20 10:48 - 2015-06-27 21:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-08-20 10:47 - 2015-07-14 13:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-20 10:47 - 2015-07-14 05:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-20 10:47 - 2015-07-10 02:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-20 10:47 - 2015-06-20 03:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-19 16:51 - 2015-08-20 15:42 - 00000000 _____ C:\Users\wills\Documents\80 music videos.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-13 13:12 - 2013-03-03 11:49 - 00000562 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-09-13 13:08 - 2013-03-02 15:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-13 13:00 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-13 12:55 - 2014-05-16 18:58 - 00000000 __RDO C:\Users\wills\OneDrive
2015-09-13 12:53 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-13 12:39 - 2013-08-22 23:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-09-13 12:29 - 2013-03-02 17:54 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-13 12:28 - 2013-03-02 17:54 - 00000000 ____D C:\Program Files\CCleaner
2015-09-13 09:08 - 2014-05-16 20:15 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2A0A3BCF-EF48-4FA9-8CCA-9ACF99987F59}
2015-09-11 11:12 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-10 18:39 - 2013-03-02 11:36 - 00000000 ____D C:\Users\wills\Documents\Games
2015-09-10 12:50 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-09 12:26 - 2013-08-23 00:44 - 00377600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-09 12:23 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 12:22 - 2013-03-02 16:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 12:21 - 2014-03-19 01:10 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 12:19 - 2013-07-15 12:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 12:10 - 2012-07-26 17:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-07 14:57 - 2014-03-19 01:25 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-06 11:21 - 2015-03-10 12:10 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-05 14:55 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-09-05 14:33 - 2014-07-25 20:31 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-05 14:33 - 2014-07-11 22:55 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-05 14:33 - 2013-03-03 15:08 - 00000000 ____D C:\Users\wills\AppData\Roaming\uTorrent
2015-09-05 14:18 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-05 14:00 - 2013-03-02 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-05 13:55 - 2013-03-02 14:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-05 11:47 - 2014-07-14 19:17 - 00000000 ____D C:\NeverwinterNights
2015-09-05 11:47 - 2013-03-02 08:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-03 19:47 - 2014-08-14 12:38 - 00705024 ___SH C:\Users\wills\Downloads\Thumbs.db
2015-09-03 11:12 - 2014-04-03 11:01 - 00000000 ____D C:\Users\wills\AppData\Roaming\vlc
2015-08-26 18:37 - 2013-03-02 11:14 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-20 10:49 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-08-15 11:59 - 2013-03-03 10:42 - 00000000 ____D C:\Users\wills\AppData\Local\Packages

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-13 09:40

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-09-2015
Ran by wills (2015-09-13 13:17:43)
Running from C:\Users\wills\Desktop
Windows 8.1 Pro (X64) (2014-05-15 00:21:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2328787975-3927773778-2076377496-500 - Administrator - Disabled)
Guest (S-1-5-21-2328787975-3927773778-2076377496-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2328787975-3927773778-2076377496-1006 - Limited - Enabled)
wills (S-1-5-21-2328787975-3927773778-2076377496-1004 - Administrator - Enabled) => C:\Users\wills

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A731A859-7426-DEB6-80A3-E6A2508DC85A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP)
DVDStyler v2.4.1 (HKLM-x32\...\DVDStyler_is1) (Version: - )
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Ideal DVD Copy V4.1.2 (HKLM-x32\...\Ideal DVD Copy_is1) (Version: - Ideal DVD Software, Inc.)
Ideal DVD to AVI Converter V2.0.7 (HKLM-x32\...\Ideal DVD to AVI Converter_is1) (Version: - Ideal DVD Software, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Memento Mori (HKLM-x32\...\Memento Mori_is1) (Version: - dtp entertainment)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Morris (Nine Men's Morris game) (HKLM-x32\...\Morris) (Version: - )
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
ON_OFF Charge B12.0308.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Optus 3G Modem HL (HKLM-x32\...\Optus 3G Modem HL) (Version: 22.001.26.03.74 - Huawei Technologies Co.,Ltd)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steam Content Server Limiter (HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\...\SteamLimiter) (Version: - Nigel Bree <nigel.bree@gmail.com>)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version: - inXile Entertainment)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 15.6.9.0 - WOT Services Oy)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

09-09-2015 12:06:11 End of disinfection

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02850627-CC7E-4AA5-8E93-8549106A1514} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {567ACFD8-3838-47BE-9F3E-9E0DD2546019} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {5726CF70-ED3A-4622-AB32-8D43C83E06C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {6558A759-C170-4F39-9A62-0B44A3B7641E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {671997E4-A22F-4836-96EF-0763502DC0A0} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {6ECCF701-ADD1-4066-BDA4-552426CB11D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {8D1D6B89-0B91-4955-87F7-FA99F4B6F0C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {9C06978E-B9F2-43F2-9096-B25D45EE6A58} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-13] (Google Inc.)
Task: {A1CD2102-14FB-4067-9AFE-26CC11520593} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {E1423ADD-5241-449D-8B52-95EA805F2437} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {EC2F7081-CDC4-4402-A8B5-2972CEE0EBCC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {FBED7C98-68FF-47B5-8655-B28844C4BD32} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-06 08:46 - 2014-08-20 17:27 - 00242256 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2015-07-03 20:38 - 2015-07-03 20:38 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\wills\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\wills\Pictures\Random\Black.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [UDP Query User{0E1F0A22-DFFE-4309-A3AC-7730DD77B3C9}C:\users\wills\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\wills\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8AE76131-67CE-4917-8A0F-6E24C417E014}C:\users\wills\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\wills\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{F1B4D82D-F00D-4EDB-A89E-44E17227724C}] => (Allow) C:\Users\wills\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C5F8673B-0A55-472D-A051-78FE07C735B5}] => (Allow) C:\Users\wills\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{94A0A191-DE8C-40E2-A199-D91766D454F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB0C2233-46AE-4C21-84DF-DD4F2534FC84}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5C26865E-3B50-46F3-8BB4-B41CEEF22E0A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8374066E-699D-410A-938A-66662705BB1B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{069548B3-FE0B-4E0C-9B77-36682C93FE28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wasteland 2\Build\WL2.exe
FirewallRules: [{04EC7FDB-F8E0-4C0E-867A-A35F0D203F7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wasteland 2\Build\WL2.exe
FirewallRules: [{A455EB6D-07C8-4EA9-947F-FC3E01D2AD88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D2F32611-458A-4C23-85F8-95F83547B84C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3F0E9BC4-B69B-4F61-9DF2-10F09368B58C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{36C554CF-89CC-4547-8EAA-9AA21524134C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{586AC503-191E-448D-8A42-4E0192539C20}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{02ECB3A6-7915-490F-83A3-50B54569F933}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/13/2015 11:21:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/13/2015 09:21:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/13/2015 03:24:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/13/2015 01:24:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2015 11:24:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2015 09:24:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2015 07:24:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2015 05:24:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2015 03:24:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2015 01:15:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (09/13/2015 01:15:58 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 01:12:47 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 01:10:30 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 01:07:40 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 01:05:05 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 01:03:08 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 01:00:05 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 12:56:47 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 12:54:38 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/13/2015 12:54:20 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:


Microsoft Office:
=========================

CodeIntegrity:
===================================
Date: 2015-09-13 10:59:16.321
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:59:16.053
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:59:15.742
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:59:15.427
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:59:15.145
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:59:14.878
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:59:14.590
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:59:14.287
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:58:58.237
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-13 10:58:58.019
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 31%
Total physical RAM: 3580.15 MB
Available physical RAM: 2463.15 MB
Total Virtual: 4220.15 MB
Available Virtual: 3087.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:85.17 GB) NTFS
Drive j: (Sony_16GR) (Removable) (Total:14.65 GB) (Free:0.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A88F96C5)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.7 GB) - (Type=0C)

==================== End of Addition.txt ============================
 
Was looking at the logs, should I worry about any of the following?

Application errors:
==================
Error: (09/13/2015 11:21:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

As far as I know I don't use Bingnews (I generally don't bother with the news at all), nor would I want to. Why is it trying to run, and why is it failing?

System errors:
=============
Error: (09/13/2015 01:15:58 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

No idea what this means, but as its an error, it worries me.

Date: 2015-09-13 10:59:16.321
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Not meeting Animalware signing level requirements sounds bad when trying to stop malware...

All three issues seem to be occurring over and over again by the looks of the time stamps in the logs.
 
No. Every computer has some errors.
If it works fine there is no reason to look through Event Viewer.
 
Let's try one more time...

Reset Chrome...
Click on "Customize and control Google Chrome":
p22003758.gif

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/
  • Close all Chrome windows and tabs.
  • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  • Click Programs and Features.
  • Double-click Google Chrome.
  • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
Install fresh copy.
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
Nicki
Solved Must have picked up something... some COVID computer variant???
Replies
9
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back