Solved Cloudscout/DNSUnlocker

SpinelesS · Sep 16, 2015

Yes I disabled Sync, I removed User data, even deleted the google folder in C:\Users\wills\AppData\Local before reinstalling.

SpinelesS · Sep 16, 2015

Frst:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by wills (administrator) on HOME (17-09-2015 10:45:18)
Running from C:\Users\wills\Desktop
Loaded Profiles: wills (Available Profiles: wills)
Platform: Windows 8.1 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
Startup: C:\Users\wills\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-06-16]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{069099DC-4CBE-4446-9B56-194B1E558DDF}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1206E400-6297-4C54-831C-BA919F239804}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{AE87B87A-3F62-46C1-ACBA-6444E72AC939}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2015-06-09] ()
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()
Toolbar: HKU\S-1-5-21-2328787975-3927773778-2076377496-1004 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2015-06-09] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2015-06-09] ()

FireFox:
========
FF ProfilePath: C:\Users\wills\AppData\Roaming\Mozilla\Firefox\Profiles\yhys6o5n.default-1441424448047
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-17]
CHR Extension: (Google Docs) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-17]
CHR Extension: (Google Drive) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-17]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-09-17]
CHR Extension: (YouTube) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-17]
CHR Extension: (Google Search) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-17]
CHR Extension: (Google Sheets) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-17]
CHR Extension: (Google Docs Offline) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-17]
CHR Extension: (Gmail) - C:\Users\wills\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-06] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242256 2014-08-20] ()
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-20] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22128 2012-03-08] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-09-06] ()
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2015-04-25] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-17 10:45 - 2015-09-17 10:45 - 00010193 _____ C:\Users\wills\Desktop\FRST.txt
2015-09-17 10:30 - 2015-09-17 10:30 - 00000077 _____ C:\WINDOWS\setupact.log
2015-09-17 10:30 - 2015-09-17 10:30 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-17 10:29 - 2015-09-17 10:29 - 00001046 _____ C:\WINDOWS\PFRO.log
2015-09-17 10:21 - 2015-08-11 04:15 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-09-17 10:21 - 2015-08-11 04:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-09-17 10:21 - 2015-08-11 04:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-09-17 10:21 - 2015-08-11 03:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-09-17 10:21 - 2015-08-11 02:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-09-17 10:21 - 2015-08-11 02:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-09-17 10:21 - 2015-08-07 05:15 - 01658544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-09-17 10:21 - 2015-08-07 05:15 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-09-17 10:21 - 2015-08-07 05:15 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-09-17 10:21 - 2015-08-07 05:15 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-09-17 10:21 - 2015-08-07 02:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-09-17 10:21 - 2015-08-07 02:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-09-17 10:20 - 2015-08-08 07:41 - 07460168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-17 10:20 - 2015-08-08 07:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-09-17 10:20 - 2015-08-08 07:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-09-17 10:20 - 2015-08-08 07:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-09-17 10:20 - 2015-08-08 07:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-09-17 10:20 - 2015-08-08 07:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-09-17 10:20 - 2015-08-08 00:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-09-17 10:20 - 2015-08-07 03:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-09-17 10:20 - 2015-08-07 02:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-09-17 10:20 - 2015-07-17 04:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-17 10:19 - 2015-08-22 23:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-17 10:12 - 2015-09-17 10:45 - 00201205 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-17 10:12 - 2015-09-17 10:12 - 00002239 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-17 10:12 - 2015-09-17 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-17 10:10 - 2015-09-17 10:31 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-17 10:10 - 2015-09-17 10:15 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-17 10:10 - 2015-09-17 10:12 - 00000000 ____D C:\Users\wills\AppData\Local\Google
2015-09-17 10:10 - 2015-09-17 10:10 - 00003878 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 10:10 - 2015-09-17 10:10 - 00003642 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-13 13:09 - 2015-09-17 10:11 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-13 13:00 - 2015-09-17 10:10 - 00929872 _____ (Google Inc.) C:\Users\wills\Downloads\ChromeSetup.exe
2015-09-13 12:31 - 2015-09-13 12:31 - 00020330 _____ C:\Users\wills\Documents\2015 09 03 Registry Backup cc.reg
2015-09-13 10:55 - 2015-09-17 10:45 - 00000000 ____D C:\FRST
2015-09-13 10:54 - 2015-09-17 09:33 - 02191360 _____ (Farbar) C:\Users\wills\Desktop\FRST64.exe
2015-09-09 12:46 - 2015-09-09 12:46 - 00000000 ____D C:\Users\wills\AppData\Local\Secunia PSI
2015-09-09 12:46 - 2015-09-09 12:46 - 00000000 ____D C:\Program Files (x86)\Secunia
2015-09-09 12:45 - 2015-09-09 12:45 - 01799392 _____ (Malwarebytes Corporation) C:\Users\wills\Desktop\JRT.exe
2015-09-09 12:44 - 2015-09-09 12:44 - 01660416 _____ C:\Users\wills\Desktop\adwcleaner_5.007.exe
2015-09-09 12:43 - 2015-09-09 12:43 - 00448512 _____ (OldTimer Tools) C:\Users\wills\Desktop\TFC.exe
2015-09-09 12:42 - 2015-09-09 12:42 - 05490752 _____ (Secunia) C:\Users\wills\Downloads\PSISetup.exe
2015-09-09 12:38 - 2015-09-09 12:38 - 00000000 ____D C:\Program Files\WOT
2015-09-09 12:38 - 2015-09-09 12:38 - 00000000 ____D C:\Program Files (x86)\WOT
2015-09-09 12:13 - 2015-09-03 12:18 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 12:13 - 2015-09-03 12:17 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 12:13 - 2015-09-03 04:48 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 12:13 - 2015-09-03 03:09 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 12:13 - 2015-08-23 04:19 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 12:13 - 2015-08-23 03:35 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 12:13 - 2015-08-23 03:34 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 12:13 - 2015-08-23 03:22 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 12:13 - 2015-08-23 03:21 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 12:13 - 2015-08-23 03:20 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 12:13 - 2015-08-23 02:55 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 12:13 - 2015-08-23 02:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 12:13 - 2015-08-23 02:45 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 12:13 - 2015-08-23 02:41 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 12:13 - 2015-08-23 02:41 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 12:13 - 2015-08-23 02:41 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 12:13 - 2015-08-23 02:39 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 12:13 - 2015-08-23 02:28 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 12:13 - 2015-08-23 02:26 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 12:13 - 2015-08-23 02:22 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 12:13 - 2015-08-23 02:14 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 12:13 - 2015-08-23 02:00 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 12:13 - 2015-08-23 01:56 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 12:13 - 2015-07-31 03:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 12:13 - 2015-07-31 02:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 12:12 - 2015-08-23 02:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 12:12 - 2015-08-23 02:44 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 12:12 - 2015-08-23 02:41 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 12:12 - 2015-08-23 02:23 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 12:12 - 2015-08-23 02:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 12:12 - 2015-08-23 02:18 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 12:12 - 2015-08-23 02:18 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 12:12 - 2015-08-23 02:18 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 12:12 - 2015-08-23 02:01 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 12:12 - 2015-08-23 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 12:11 - 2015-09-02 12:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 12:11 - 2015-09-02 12:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 12:11 - 2015-09-02 12:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 12:11 - 2015-09-02 12:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 12:11 - 2015-09-02 12:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 12:11 - 2015-08-04 07:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 12:11 - 2015-08-04 07:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 12:11 - 2015-08-02 00:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 12:11 - 2015-08-01 13:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 12:11 - 2015-08-01 13:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 12:11 - 2015-08-01 13:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 12:11 - 2015-08-01 13:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 12:11 - 2015-08-01 13:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 12:11 - 2015-07-23 00:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 12:11 - 2015-07-23 00:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 12:11 - 2015-07-23 00:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 12:11 - 2015-07-23 00:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 12:11 - 2015-07-19 04:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 12:11 - 2015-07-19 04:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 12:11 - 2015-07-19 04:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 12:11 - 2015-07-19 04:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 12:06 - 2015-09-09 12:06 - 00001391 _____ C:\DelFix.txt
2015-09-09 12:06 - 2015-09-09 12:06 - 00000000 ____D C:\WINDOWS\ERUNT
2015-09-08 14:25 - 2015-09-08 14:26 - 00000000 ____D C:\ProgramData\Sophos
2015-09-08 14:21 - 2015-09-08 14:21 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-09-08 14:21 - 2015-09-08 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-09-08 14:21 - 2015-09-08 14:21 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-09-08 13:59 - 2015-09-08 14:02 - 132672592 _____ (Sophos Limited) C:\Users\wills\Downloads\Sophos Virus Removal Tool.exe
2015-09-05 19:13 - 2015-09-06 10:18 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-09-05 19:13 - 2015-09-05 19:29 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-05 15:02 - 2015-09-17 10:41 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2328787975-3927773778-2076377496-1004
2015-09-05 14:53 - 2015-08-27 12:48 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-05 14:53 - 2015-08-27 04:00 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-05 14:53 - 2015-08-27 04:00 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-05 14:53 - 2015-08-27 04:00 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-05 14:53 - 2015-08-27 04:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-05 14:53 - 2015-08-27 00:46 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-05 14:53 - 2015-08-27 00:29 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-05 14:53 - 2015-08-27 00:27 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-05 14:53 - 2015-08-27 00:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-05 14:53 - 2015-08-27 00:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-05 14:53 - 2015-08-27 00:26 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-05 14:53 - 2015-08-27 00:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-05 14:32 - 2015-09-05 14:32 - 00034324 _____ C:\Users\wills\Documents\2015 09 05 Registry Backup cc_20150905_143216.reg
2015-09-05 13:58 - 2015-09-13 12:28 - 06667640 _____ (Piriform Ltd) C:\Users\wills\Downloads\ccsetup509.exe
2015-09-05 11:51 - 2015-09-05 11:51 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\wills\Downloads\iExplore.exe
2015-09-03 13:11 - 2015-09-05 13:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-31 20:13 - 2015-08-31 20:13 - 00081904 _____ C:\Users\wills\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-26 16:24 - 2015-08-26 16:25 - 00000025 _____ C:\Users\wills\Documents\ebgames carrots.txt
2015-08-20 10:48 - 2015-07-23 00:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-08-20 10:48 - 2015-07-22 23:52 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-20 10:48 - 2015-07-18 00:15 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-08-20 10:48 - 2015-07-18 00:10 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-08-20 10:48 - 2015-07-04 07:51 - 01380056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-20 10:48 - 2015-07-04 00:00 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-20 10:48 - 2015-06-27 21:47 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-08-20 10:47 - 2015-07-14 13:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-08-20 10:47 - 2015-07-14 05:10 - 00411455 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-20 10:47 - 2015-07-10 02:14 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-08-20 10:47 - 2015-06-20 03:07 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-08-19 16:51 - 2015-08-20 15:42 - 00000000 _____ C:\Users\wills\Documents\80 music videos.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-17 10:35 - 2014-03-19 01:25 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-17 10:31 - 2014-05-16 18:58 - 00000000 ___DO C:\Users\wills\OneDrive
2015-09-17 10:30 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-17 10:30 - 2013-03-03 11:49 - 00000562 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-09-17 10:19 - 2012-07-26 17:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-17 10:08 - 2013-03-02 15:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-17 10:02 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-17 09:25 - 2014-05-16 20:15 - 00003910 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2A0A3BCF-EF48-4FA9-8CCA-9ACF99987F59}
2015-09-17 03:12 - 2013-08-22 23:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-09-15 20:50 - 2015-03-10 12:10 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-14 17:09 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-13 12:29 - 2013-03-02 17:54 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-13 12:28 - 2013-03-02 17:54 - 00000000 ____D C:\Program Files\CCleaner
2015-09-10 18:39 - 2013-03-02 11:36 - 00000000 ____D C:\Users\wills\Documents\Games
2015-09-10 12:50 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-09 12:26 - 2013-08-23 00:44 - 00377600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-09 12:23 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 12:22 - 2013-03-02 16:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 12:21 - 2014-03-19 01:10 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 12:19 - 2013-07-15 12:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-05 14:55 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-09-05 14:33 - 2014-07-25 20:31 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-05 14:33 - 2014-07-11 22:55 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-05 14:33 - 2013-03-03 15:08 - 00000000 ____D C:\Users\wills\AppData\Roaming\uTorrent
2015-09-05 14:18 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-05 14:00 - 2013-03-02 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-05 13:55 - 2013-03-02 14:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-05 11:47 - 2014-07-14 19:17 - 00000000 ____D C:\NeverwinterNights
2015-09-05 11:47 - 2013-03-02 08:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-03 19:47 - 2014-08-14 12:38 - 00705024 ___SH C:\Users\wills\Downloads\Thumbs.db
2015-09-03 11:12 - 2014-04-03 11:01 - 00000000 ____D C:\Users\wills\AppData\Roaming\vlc
2015-08-26 18:37 - 2013-03-02 11:14 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-20 10:49 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-17 10:41

==================== End of FRST.txt ============================

SpinelesS · Sep 16, 2015

Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by wills (2015-09-17 10:46:00)
Running from C:\Users\wills\Desktop
Windows 8.1 Pro (X64) (2014-05-15 00:21:46)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2328787975-3927773778-2076377496-500 - Administrator - Disabled)
Guest (S-1-5-21-2328787975-3927773778-2076377496-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2328787975-3927773778-2076377496-1006 - Limited - Enabled)
wills (S-1-5-21-2328787975-3927773778-2076377496-1004 - Administrator - Enabled) => C:\Users\wills

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{A731A859-7426-DEB6-80A3-E6A2508DC85A}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP)
DVDStyler v2.4.1 (HKLM-x32\...\DVDStyler_is1) (Version: - )
FormatFactory 3.1.1 (HKLM-x32\...\FormatFactory) (Version: 3.1.1 - Free Time)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Ideal DVD Copy V4.1.2 (HKLM-x32\...\Ideal DVD Copy_is1) (Version: - Ideal DVD Software, Inc.)
Ideal DVD to AVI Converter V2.0.7 (HKLM-x32\...\Ideal DVD to AVI Converter_is1) (Version: - Ideal DVD Software, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Memento Mori (HKLM-x32\...\Memento Mori_is1) (Version: - dtp entertainment)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Morris (Nine Men's Morris game) (HKLM-x32\...\Morris) (Version: - )
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
ON_OFF Charge B12.0308.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Optus 3G Modem HL (HKLM-x32\...\Optus 3G Modem HL) (Version: 22.001.26.03.74 - Huawei Technologies Co.,Ltd)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.12 - ProtectDisc Software GmbH)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steam Content Server Limiter (HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\...\SteamLimiter) (Version: - Nigel Bree <nigel.bree@gmail.com>)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wasteland 2 (HKLM-x32\...\Steam App 240760) (Version: - inXile Entertainment)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 15.6.9.0 - WOT Services Oy)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

09-09-2015 12:06:11 End of disinfection
17-09-2015 10:25:23 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {41E8ABFA-3BD2-42C3-8363-457E8E772207} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {567ACFD8-3838-47BE-9F3E-9E0DD2546019} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {5726CF70-ED3A-4622-AB32-8D43C83E06C6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-20] (Piriform Ltd)
Task: {6558A759-C170-4F39-9A62-0B44A3B7641E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {671997E4-A22F-4836-96EF-0763502DC0A0} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {690971E1-9A64-468F-A9FF-74FB2AE54CD0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {8D1D6B89-0B91-4955-87F7-FA99F4B6F0C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {A1CD2102-14FB-4067-9AFE-26CC11520593} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {BE115BA1-E026-44A8-ACFD-B594EFA3E7DF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-17] (Google Inc.)
Task: {E1423ADD-5241-449D-8B52-95EA805F2437} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {EC2F7081-CDC4-4402-A8B5-2972CEE0EBCC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {FBED7C98-68FF-47B5-8655-B28844C4BD32} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-06 08:46 - 2014-08-20 17:27 - 00242256 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2015-07-03 20:38 - 2015-07-03 20:38 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\wills\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\wills\Pictures\Random\Black.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2328787975-3927773778-2076377496-1004\...\StartupApproved\StartupFolder: => "OneNote 2007 Screen Clipper and Launcher.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{0E1F0A22-DFFE-4309-A3AC-7730DD77B3C9}C:\users\wills\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\wills\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{8AE76131-67CE-4917-8A0F-6E24C417E014}C:\users\wills\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\wills\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{F1B4D82D-F00D-4EDB-A89E-44E17227724C}] => (Allow) C:\Users\wills\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C5F8673B-0A55-472D-A051-78FE07C735B5}] => (Allow) C:\Users\wills\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{94A0A191-DE8C-40E2-A199-D91766D454F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB0C2233-46AE-4C21-84DF-DD4F2534FC84}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5C26865E-3B50-46F3-8BB4-B41CEEF22E0A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8374066E-699D-410A-938A-66662705BB1B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{069548B3-FE0B-4E0C-9B77-36682C93FE28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wasteland 2\Build\WL2.exe
FirewallRules: [{04EC7FDB-F8E0-4C0E-867A-A35F0D203F7C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Wasteland 2\Build\WL2.exe
FirewallRules: [{A455EB6D-07C8-4EA9-947F-FC3E01D2AD88}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D2F32611-458A-4C23-85F8-95F83547B84C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{3F0E9BC4-B69B-4F61-9DF2-10F09368B58C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{36C554CF-89CC-4547-8EAA-9AA21524134C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{586AC503-191E-448D-8A42-4E0192539C20}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{B752CC21-A571-4B20-BDDD-D9395CC54C8D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/17/2015 10:25:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/17/2015 09:36:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/17/2015 01:14:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2015 11:13:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2015 09:14:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2015 07:14:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2015 05:14:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2015 03:14:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2015 01:14:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/16/2015 11:14:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HOME)
Description: Activation of application Microsoft.BingNews_8wekyb3d8bbwe!AppexNews failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (09/17/2015 03:06:43 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/17/2015 03:06:37 AM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/17/2015 03:06:37 AM) (Source: DCOM) (EventID: 10010) (User: HOME)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/17/2015 03:04:12 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/17/2015 03:02:00 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/17/2015 02:59:51 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/17/2015 02:53:33 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/17/2015 02:51:19 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/17/2015 02:45:02 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (09/17/2015 02:42:47 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

CodeIntegrity:
===================================
Date: 2015-09-17 10:43:33.874
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-16 08:43:04.076
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 19:52:27.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 19:52:27.437
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 19:52:27.202
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 19:52:25.468
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 19:52:24.437
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 18:28:35.456
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-15 10:53:41.917
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-09-14 10:12:00.717
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 38%
Total physical RAM: 3580.15 MB
Available physical RAM: 2188.19 MB
Total Virtual: 4220.15 MB
Available Virtual: 2761.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.42 GB) (Free:88.68 GB) NTFS
Drive j: (Sony_16GR) (Removable) (Total:14.65 GB) (Free:0.68 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A88F96C5)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.7 GB) - (Type=0C)

==================== End of Addition.txt ============================

Broni · Sep 16, 2015

All looks clean.

Back to the way you connect to the internet...

Is it possible to visit a library or a friend, connect to their network without your Optus device and see if same issue happens?

SpinelesS · Sep 16, 2015

I have connected to the internet via wifi (USB tethering with my phone) and I still get the adverts.
Often when I reboot my computer they go away for a while, but they always come back.

Broni · Sep 16, 2015

Re-run MBAM, AdwCleaner and JRT.

SpinelesS · Sep 16, 2015

Beginning Scans.
Just noticed an advert for Malwarebytes anti-exploit. (https://www.malwarebytes.org/antiexploit/?x-source=ae_freedsf)
Do you know if its any good or not? or worth an install?

SpinelesS · Sep 16, 2015

Mbam:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/09/2015
Scan Time: 11:25 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.16.06
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: wills

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 565625
Time Elapsed: 1 hr, 35 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

SpinelesS · Sep 16, 2015

ADW:
# AdwCleaner v5.007 - Logfile created 17/09/2015 at 13:14:13
# Updated 08/09/2015 by Xplode
# Database : 2015-09-15.1 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : wills - HOME
# Running from : C:\Users\wills\Desktop\adwcleaner_5.007.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [602 bytes] ##########

Broni · Sep 16, 2015

Just noticed an advert for Malwarebytes anti-exploit. (https://www.malwarebytes.org/antiexploit/?x-source=ae_freedsf)
Do you know if its any good or not? or worth an install?

Good program.

SpinelesS · Sep 16, 2015

JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 8.1 Pro x64
Ran by wills on Thu 17/09/2015 at 13:18:20.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Chrome

[C:\Users\wills\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\wills\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\wills\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\wills\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 17/09/2015 at 13:20:37.00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Sep 16, 2015

Only JRT deleted couple of things.
Same issue?

SpinelesS · Sep 16, 2015

It says Extensions deleted, but then lists nothing. and I still have my extensions... (the 4 that come by default when you install chrome, and WOT)

Broni · Sep 16, 2015

It didn't delete any extensions. It only did reset your default search provider.

SpinelesS · Sep 16, 2015

Currently not seeing the adverts, but that often happens. (I scan and find nothing, reboot my computer and the adverts are gone for a while)

Broni · Sep 16, 2015

If it happens again make sure to take a screenshot.
I'd like to see how the issue looks like.

SpinelesS · Sep 17, 2015

Will do, though the adverts are often different depending on the website.
For example, on http://www.xboxachievements.com/forum/ its usually a second ad banner above the normal 1, sometimes with random words in the forum turned green and underlined as links.
On Techspot.com its often a large floating banner down the right side of the screen.

The worlds "ads by DNSUnlocker" or "Ads by Cloudscout" appears somewhere within the adverts, my computer starts getting laggy as if something is using up a lot of processing power and I'm redirected to another website.

Broni · Sep 17, 2015

Do you any ad blocker?

SpinelesS · Sep 17, 2015

Heres a pic of what it looks like when I visit this site in Chrome when the adverts are showing up. I don't have any ad blocker programs. (though I do use both chrome and IE's built in popup blockers)

Broni · Sep 17, 2015

Your picture didn't work.
Are these ads visible on pages or popups?

SpinelesS · Sep 17, 2015

Converted the pic to .jpg

The pictures are not popup, they are inserted into the webpage.

Broni · Sep 17, 2015

Your picture still doesn't work.
In any case you need an ad blocker: https://chrome.google.com/webstore/detail/adblock-plus/cfhdojbkjhnklbpkdaibdccddilifddb?hl=en-US

SpinelesS · Sep 17, 2015

I can see the picture fine...
heres the link to it: http://s28.postimg.org/x0ig85pl7/adverts2.jpg
Installed the ad blocker and its blocking normal adverts, but its not blocking the DNSUnlocker adverts

Broni · Sep 17, 2015

Can you post another screenshot after installing Adblock Plus?

SpinelesS · Sep 17, 2015

So the link to the image worked?

Just reset chrome and re-enabled the ad blocker. the DNSUnlocker adverts are currently gone, but when they appear again I will post another screenshot. (would not be surprised if it takes less than 24 hrs for them to re-appear)

Also Chrome is no longer my default browser (no idea if that matters or not when it comes to what browser keeps getting infected)

Solved Cloudscout/DNSUnlocker

Posts: 55 +0

Posts: 55 +0

Posts: 55 +0

Posts: 56,041 +516

Posts: 55 +0

Posts: 56,041 +516

Posts: 55 +0

Posts: 55 +0

Posts: 55 +0

Posts: 56,041 +516

Posts: 55 +0

Posts: 56,041 +516

Posts: 55 +0

Posts: 56,041 +516

Posts: 55 +0

Posts: 56,041 +516

Posts: 55 +0

Posts: 56,041 +516

Posts: 55 +0

Posts: 56,041 +516

Posts: 55 +0

Posts: 56,041 +516

Posts: 55 +0

Posts: 56,041 +516

Posts: 55 +0

Similar threads