1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Remove Adware

Discussion in 'Virus & Other Malware Removal' started by WendyM, Mar 1, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. WendyM

    WendyM Retired Trusted Advisor Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    4,042
    Hi all,
    askey127 recently helped me remove some malware from my computer (thanks again, it was a huge help). Everything's been fine since, until today. Now I have constant popups telling me that my popups are enabled, and I should call for support. Often if I try to follow a link, it will be hijacked to a fake support page, and I have ads by WorldWideWebCoupon on every page (including this one). Nothing's been installed since 2/10 other than a Java update. Can I please throw myself on the mercy of the forum and ask for help yet again?
     
  2. WendyM

    WendyM Retired Trusted Advisor Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    4,042
    Sorry, I realized I didn't post my System Info. It's almost impossible to do anything on my computer given the number of ads and popups, but I coerced it into at least doing this much. :) Thanks!

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
    Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz, Intel64 Family 6 Model 26 Stepping 5
    Processor Count: 8
    RAM: 6135 Mb
    Graphics Card: NVIDIA GeForce GTX 460, 1024 Mb
    Hard Drives: C: Total - 152524 MB, Free - 80539 MB; D: Total - 1907726 MB, Free - 1802712 MB;
    Motherboard: ASUSTeK Computer INC., P6T6 WS REVOLUTION
    Antivirus: Microsoft Security Essentials, Updated and Enabled
     
  3. WendyM

    WendyM Retired Trusted Advisor Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    4,042
    bump
     
  4. WendyM

    WendyM Retired Trusted Advisor Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    4,042
    bump
     
  5. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    Hello, WendyM. My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

    Before we get started, please keep these things in mind:
    • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
    • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
    • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
    • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
    • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
    • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
    • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
    • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
    • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
    • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.

    Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

    Let's get started :)


    I'm sorry you've been waiting for so long.

    First, I'd like to have a look at your system. Please, do the following:

    FRST Scan
    1. Download Farbar Recovery Scan Tool and save it to your Desktop.
    2. Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
    3. Make sure that Addition.txt is checked and press the Scan button.
    4. It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
    5. Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.



    Things that should appear in your next post:
    • FRST.txt log content
    • Addition.txt log content
     
  6. WendyM

    WendyM Retired Trusted Advisor Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    4,042
    Hi Nevan, thank you very much for your response.

    FRST.txt:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2015 01
    Ran by Wendy (administrator) on 10-03-2015 18:10:29
    Running from C:\Users\Wendy\Desktop
    Loaded Profiles: Wendy (Available profiles: Wendy & UpdatusUser & Landon)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    (DeviceVM) C:\ASUS.SYS\config\DVMExportService.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (ASUSTeK Computer Inc.) C:\Program Files\ASUS\Six Engine\SixEngine.exe
    (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
    (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
    (Apple Inc.) D:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    (ASUSTeK Computer Inc.) C:\Program Files\ASUS\TurboV\TurboV.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
    HKLM\...\Run: [SoundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
    HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-24] (CANON INC.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => D:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
    HKLM-x32\...\Run: [TurboV] => C:\Program Files\ASUS\TurboV\TurboV.exe [5665280 2009-11-19] (ASUSTeK Computer Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
    HKU\S-1-5-21-2245909474-2214454975-146711961-1001\...\MountPoints2: {096d79b6-b27f-11e2-b5c9-bcaec54497a8} - H:\LaunchU3.exe
    HKU\S-1-5-21-2245909474-2214454975-146711961-1001\...\MountPoints2: {96ccee42-97ee-11e1-aed0-bcaec54497a8} - G:\TL-Bootstrap.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-2245909474-2214454975-146711961-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
    HKU\S-1-5-21-2245909474-2214454975-146711961-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
    BHO: saverabox -> {0e7ca7c4-3ef7-4451-b029-0915c426d09e} -> C:\Program Files (x86)\saverabox\HGKgIhfKPneCxK.x64.dll [2015-03-01] ()
    BHO: dEAlsater -> {b200619f-49ae-4389-91f6-6e5fcc2d5dce} -> C:\Program Files (x86)\dEAlsater\ckycVdhr74Mnj8.x64.dll [2015-03-01] ()
    BHO-x32: saverabox -> {0e7ca7c4-3ef7-4451-b029-0915c426d09e} -> C:\Program Files (x86)\saverabox\HGKgIhfKPneCxK.dll [2015-03-01] ()
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-19] (Oracle Corporation)
    BHO-x32: dEAlsater -> {b200619f-49ae-4389-91f6-6e5fcc2d5dce} -> C:\Program Files (x86)\dEAlsater\ckycVdhr74Mnj8.dll [2015-03-01] ()
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-19] (Oracle Corporation)
    Toolbar: HKU\S-1-5-21-2245909474-2214454975-146711961-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://webvpn.treasurer.ca.gov/+CSCOL+/csvrloader32.cab
    DPF: HKLM-x32 {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} https://webvpn.treasurer.ca.gov/CACHE/sdesktop/install/binaries/instweb.cab
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\g3ulx7ao.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-04-05] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-19] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-19] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-01-18] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-01-18] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\g3ulx7ao.default\user.js [2015-02-08]
    FF SearchPlugin: C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\g3ulx7ao.default\searchplugins\Taplika.xml [2015-02-08]
    FF Extension: Adblock Plus - C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\g3ulx7ao.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-04-07]
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR Profile: C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-17]
    CHR Extension: (Google Drive) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-17]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
    CHR Extension: (YouTube) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-17]
    CHR Extension: (Google Search) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-17]
    CHR Extension: (iSlide) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\goicaghfpnaogbpejmaodednkiilckfo [2015-03-01]
    CHR Extension: (Google Wallet) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]
    CHR Extension: (Gmail) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-17]
    CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-2245909474-2214454975-146711961-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-08-19] (ASUSTeK Computer Inc.) [File not signed]
    R2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [294912 2009-04-10] (DeviceVM) [File not signed]
    R2 ed331a23; c:\Program Files (x86)\LighterProc\LighterProc.dll [1598464 2015-03-01] () [File not signed]
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
    R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [179752 2009-08-05] (Marvell Semiconductor, Inc.)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-10 18:11 - 2015-03-10 18:10 - 00000000 ____D () C:\FRST
    2015-03-10 18:10 - 2015-03-10 18:10 - 02095104 _____ (Farbar) C:\Users\Wendy\Downloads\FRST64.exe
    2015-03-10 18:10 - 2015-03-10 18:10 - 02095104 _____ (Farbar) C:\Users\Wendy\Desktop\FRST64.exe
    2015-03-10 18:10 - 2015-03-10 18:10 - 00509440 _____ (Tech Support Guy System) C:\Users\Wendy\Downloads\SysInfo (2).exe
    2015-03-10 18:10 - 2015-03-10 18:10 - 00012981 _____ () C:\Users\Wendy\Desktop\FRST.txt
    2015-03-03 21:16 - 2015-03-03 21:16 - 00509440 _____ (Tech Support Guy System) C:\Users\Wendy\Downloads\SysInfo (1).exe
    2015-03-01 18:08 - 2015-03-01 18:08 - 00000000 ____D () C:\ProgramData\5693610827653076964
    2015-03-01 18:08 - 2015-03-01 18:08 - 00000000 ____D () C:\Program Files (x86)\saverabox
    2015-03-01 18:08 - 2015-03-01 18:08 - 00000000 ____D () C:\Program Files (x86)\iSlide
    2015-03-01 18:08 - 2015-03-01 18:08 - 00000000 ____D () C:\Program Files (x86)\dEAlsater
    2015-03-01 18:08 - 2015-03-01 18:08 - 00000000 ____D () C:\Program Files (x86)\dEal2DDealIIt
    2015-03-01 08:48 - 2015-03-10 18:08 - 00000020 _____ () C:\Users\Wendy\AppData\Roaming\appdataFr3.bin
    2015-03-01 08:48 - 2015-03-01 08:48 - 00000000 ____D () C:\ProgramData\GetTheDiscount
    2015-03-01 08:38 - 2015-03-01 08:38 - 00116359 _____ () C:\Users\Wendy\Downloads\food (20).xlsx
    2015-03-01 08:38 - 2015-03-01 08:38 - 00064286 _____ () C:\Users\Wendy\Downloads\money (18).xlsx
    2015-03-01 08:27 - 2015-03-01 08:27 - 00000000 ____D () C:\Program Files (x86)\LighterProc
    2015-02-27 08:38 - 2015-02-27 08:38 - 00064286 _____ () C:\Users\Wendy\Downloads\money (17).xlsx
    2015-02-27 08:34 - 2015-02-27 08:34 - 00032436 _____ () C:\Users\Wendy\Downloads\stuff (28).xlsx
    2015-02-21 08:21 - 2015-02-21 08:21 - 00116484 _____ () C:\Users\Wendy\Downloads\food (19).xlsx
    2015-02-20 19:03 - 2015-02-20 19:03 - 00032036 _____ () C:\Users\Wendy\Downloads\stuff (27).xlsx
    2015-02-19 19:19 - 2015-02-19 19:19 - 00639400 _____ (Oracle Corporation) C:\Users\Wendy\Downloads\chromeinstall-8u31.exe
    2015-02-19 19:19 - 2015-02-19 19:19 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2015-02-19 19:19 - 2015-02-19 19:19 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-19 19:19 - 2015-02-19 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-02-13 08:43 - 2015-02-13 08:43 - 00032035 _____ () C:\Users\Wendy\Downloads\stuff (26).xlsx
    2015-02-10 22:42 - 2015-02-10 22:42 - 00003138 _____ () C:\Windows\System32\Tasks\{369608B0-754B-4A9E-A697-745E13BE4E4A}
    2015-02-10 22:33 - 2015-02-10 22:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Wendy\Downloads\HijackThis (1).exe
    2015-02-10 22:21 - 2013-05-09 22:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-02-10 22:21 - 2013-05-09 22:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-02-10 22:21 - 2013-05-09 21:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2015-02-10 22:21 - 2013-05-09 21:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2015-02-10 22:20 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
    2015-02-10 22:20 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2015-02-10 22:20 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2015-02-10 22:20 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
    2015-02-10 22:20 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
    2015-02-10 22:20 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2015-02-10 22:20 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
    2015-02-10 22:20 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-02-10 22:20 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
    2015-02-10 22:20 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
    2015-02-10 22:20 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-02-10 22:20 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2015-02-10 22:20 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2015-02-10 22:20 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2015-02-10 22:20 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2015-02-10 22:20 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2015-02-10 22:20 - 2013-10-01 13:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-02-10 22:20 - 2013-10-01 13:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-02-10 22:15 - 2012-08-23 07:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
    2015-02-10 22:15 - 2012-08-23 07:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
    2015-02-10 22:15 - 2012-08-23 07:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
    2015-02-10 22:15 - 2012-08-23 06:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-02-10 22:15 - 2012-08-23 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
    2015-02-10 22:15 - 2012-08-23 03:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
    2015-02-10 22:15 - 2012-08-23 02:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-02-10 22:14 - 2014-10-17 19:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-02-10 22:14 - 2014-10-17 18:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2015-02-10 22:14 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-02-10 22:14 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-02-10 22:14 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-02-10 22:14 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-02-10 22:14 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2015-02-10 22:14 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2015-02-10 22:14 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2015-02-10 22:14 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2015-02-10 22:13 - 2012-07-25 20:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
    2015-02-10 22:13 - 2012-07-25 20:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
    2015-02-10 22:13 - 2012-07-25 20:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
    2015-02-10 22:13 - 2012-07-25 20:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
    2015-02-10 22:13 - 2012-07-25 20:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
    2015-02-10 22:13 - 2012-07-25 19:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
    2015-02-10 22:13 - 2012-07-25 19:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
    2015-02-10 22:13 - 2012-06-02 07:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2015-02-10 22:12 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2015-02-10 22:12 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2015-02-10 22:11 - 2015-01-08 20:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
    2015-02-10 22:11 - 2015-01-08 20:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
    2015-02-10 22:11 - 2015-01-08 20:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
    2015-02-10 22:11 - 2015-01-08 19:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
    2015-02-10 22:11 - 2014-12-11 22:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-02-10 22:11 - 2014-12-11 22:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2015-02-10 22:11 - 2014-11-25 20:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-10 22:11 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2015-02-10 22:11 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-02-10 22:11 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-02-10 22:11 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2015-02-10 22:11 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2015-02-10 22:11 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2015-02-10 22:11 - 2014-10-13 19:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-02-10 22:11 - 2014-10-13 18:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2015-02-10 22:11 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2015-02-10 22:11 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2015-02-10 22:11 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2015-02-10 22:11 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2015-02-10 22:11 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2015-02-10 22:11 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2015-02-10 22:11 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2015-02-10 22:11 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2015-02-10 22:11 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2015-02-10 22:11 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2015-02-10 22:11 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-02-10 22:11 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2015-02-10 22:11 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2015-02-10 22:11 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2015-02-10 22:11 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2015-02-10 22:11 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2015-02-10 22:11 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2015-02-10 22:11 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2015-02-10 22:11 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2015-02-10 22:11 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2015-02-10 22:11 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2015-02-10 22:11 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2015-02-10 22:11 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2015-02-10 22:11 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2015-02-10 22:11 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
    2015-02-10 22:11 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
    2015-02-10 22:11 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-02-10 22:11 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-02-10 22:11 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2015-02-10 22:11 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2015-02-10 22:11 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-02-10 22:11 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-02-10 22:11 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-02-10 22:11 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-02-10 22:11 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
    2015-02-10 22:11 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2015-02-10 22:11 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
    2015-02-10 22:11 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
    2015-02-10 22:11 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
    2015-02-10 22:11 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
    2015-02-10 22:11 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2015-02-10 22:11 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
    2015-02-10 22:11 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
    2015-02-10 22:11 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
    2015-02-10 22:11 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
    2015-02-10 22:11 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
    2015-02-10 22:11 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
    2015-02-10 22:11 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
    2015-02-10 22:11 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
    2015-02-10 22:11 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
    2015-02-10 22:11 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
    2015-02-10 22:11 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
    2015-02-10 22:11 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
    2015-02-10 22:11 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
    2015-02-10 22:11 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
    2015-02-10 22:11 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
    2015-02-10 22:11 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
    2015-02-10 22:11 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
    2015-02-10 22:11 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
    2015-02-10 22:11 - 2013-11-23 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2015-02-10 22:11 - 2013-11-23 10:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-02-10 22:11 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
    2015-02-10 22:11 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
    2015-02-10 22:11 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
    2015-02-10 22:11 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
    2015-02-10 22:11 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
    2015-02-10 22:11 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
    2015-02-10 22:11 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2015-02-10 22:11 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
    2015-02-10 22:11 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2015-02-10 22:11 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2015-02-10 22:11 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2015-02-10 22:11 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2015-02-10 22:11 - 2013-05-09 22:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
    2015-02-10 22:11 - 2013-05-09 20:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
    2015-02-10 22:11 - 2013-03-18 22:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
    2015-02-10 22:11 - 2013-01-23 23:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
    2015-02-10 22:11 - 2012-12-07 06:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
    2015-02-10 22:11 - 2012-12-07 06:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
    2015-02-10 22:11 - 2012-12-07 05:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
    2015-02-10 22:11 - 2012-12-07 05:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
    2015-02-10 22:11 - 2012-12-07 04:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
    2015-02-10 22:11 - 2012-12-07 04:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
    2015-02-10 22:11 - 2012-12-07 04:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
    2015-02-10 22:11 - 2012-12-07 04:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
    2015-02-10 22:11 - 2012-12-07 04:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
    2015-02-10 22:11 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
    2015-02-10 22:11 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
    2015-02-10 22:11 - 2012-12-07 04:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
    2015-02-10 22:11 - 2012-12-07 04:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
    2015-02-10 22:11 - 2012-12-07 04:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
    2015-02-10 22:11 - 2012-12-07 04:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
    2015-02-10 22:11 - 2012-12-07 04:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
    2015-02-10 22:11 - 2012-12-07 04:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
    2015-02-10 22:11 - 2012-12-07 04:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
    2015-02-10 22:11 - 2012-12-07 03:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
    2015-02-10 22:11 - 2012-10-09 11:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
    2015-02-10 22:11 - 2012-10-09 11:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
    2015-02-10 22:11 - 2012-10-09 10:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2015-02-10 22:11 - 2012-10-09 10:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2015-02-10 22:11 - 2012-10-03 10:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
    2015-02-10 22:11 - 2012-10-03 10:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
    2015-02-10 22:11 - 2012-10-03 10:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
    2015-02-10 22:11 - 2012-10-03 09:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
    2015-02-10 22:11 - 2012-10-03 09:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
    2015-02-10 22:11 - 2012-10-03 09:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
    2015-02-10 22:11 - 2012-08-22 11:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-02-10 22:11 - 2012-08-21 14:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
    2015-02-10 22:11 - 2012-07-04 13:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
    2015-02-10 19:14 - 2015-01-13 22:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-02-10 19:14 - 2015-01-13 22:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-02-10 19:14 - 2015-01-11 20:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-10 19:14 - 2015-01-11 20:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-10 19:14 - 2015-01-11 20:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-02-10 19:14 - 2015-01-11 19:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-02-10 19:14 - 2015-01-11 19:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-10 19:14 - 2015-01-11 19:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-10 19:14 - 2015-01-11 19:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-02-10 19:14 - 2015-01-11 19:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-02-10 19:14 - 2015-01-11 19:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-10 19:14 - 2015-01-11 19:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-02-10 19:14 - 2015-01-11 19:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-10 19:14 - 2015-01-11 19:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-10 19:14 - 2015-01-11 19:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-02-10 19:14 - 2015-01-11 19:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-02-10 19:14 - 2015-01-11 19:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-10 19:14 - 2015-01-11 19:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-02-10 19:14 - 2015-01-11 19:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-02-10 19:14 - 2015-01-11 19:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-02-10 19:14 - 2015-01-11 19:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-10 19:14 - 2015-01-11 19:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-02-10 19:14 - 2015-01-11 19:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-02-10 19:14 - 2015-01-11 19:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-02-10 19:14 - 2015-01-11 19:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-10 19:14 - 2015-01-11 19:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-02-10 19:14 - 2015-01-11 19:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-02-10 19:14 - 2015-01-11 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-02-10 19:14 - 2015-01-11 19:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-10 19:14 - 2015-01-11 19:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-02-10 19:14 - 2015-01-11 19:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-02-10 19:14 - 2015-01-11 18:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-02-10 19:14 - 2015-01-11 18:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-02-10 19:14 - 2015-01-11 18:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-02-10 19:14 - 2015-01-11 18:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-02-10 19:14 - 2015-01-11 18:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-10 19:14 - 2015-01-11 18:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-02-10 19:14 - 2015-01-11 18:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-10 19:14 - 2015-01-11 18:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-02-10 19:14 - 2015-01-11 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-02-10 19:14 - 2015-01-11 18:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-10 19:14 - 2015-01-11 18:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-02-10 19:14 - 2015-01-11 18:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-02-10 19:14 - 2015-01-11 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-02-10 19:14 - 2015-01-11 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-02-10 19:14 - 2015-01-11 18:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-02-10 19:14 - 2015-01-11 18:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-10 19:14 - 2015-01-11 18:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-02-10 19:14 - 2015-01-11 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-02-10 19:14 - 2015-01-11 18:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-02-10 19:14 - 2015-01-11 18:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-02-10 19:14 - 2015-01-11 18:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-10 19:14 - 2015-01-11 18:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-02-10 19:14 - 2015-01-11 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-02-10 19:14 - 2015-01-11 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-02-10 19:14 - 2015-01-11 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-02-10 19:13 - 2015-01-15 01:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-02-10 19:13 - 2015-01-15 01:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-10 19:13 - 2015-01-15 01:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-02-10 19:13 - 2015-01-15 01:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-02-10 19:13 - 2015-01-15 01:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-02-10 19:13 - 2015-01-15 01:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-02-10 19:13 - 2015-01-15 01:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-02-10 19:13 - 2015-01-15 01:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-02-10 19:13 - 2015-01-15 01:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-02-10 19:13 - 2015-01-15 01:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-02-10 19:13 - 2015-01-15 01:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-02-10 19:13 - 2015-01-15 00:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-02-10 19:13 - 2015-01-15 00:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-02-10 19:13 - 2015-01-15 00:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-02-10 19:13 - 2015-01-15 00:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-02-10 19:13 - 2015-01-15 00:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-02-10 19:13 - 2015-01-15 00:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-02-10 19:13 - 2015-01-14 21:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-02-10 19:13 - 2015-01-13 23:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-02-10 19:13 - 2015-01-13 23:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-02-10 19:13 - 2015-01-13 23:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-02-10 19:13 - 2015-01-13 23:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-02-10 19:13 - 2015-01-13 22:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-02-10 19:13 - 2015-01-13 22:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-02-10 19:13 - 2015-01-13 22:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-02-10 19:13 - 2015-01-12 20:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-10 19:13 - 2015-01-12 19:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2015-02-10 19:13 - 2015-01-09 23:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-02-10 19:13 - 2015-01-09 23:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-02-10 19:13 - 2015-01-09 23:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-02-10 19:13 - 2015-01-09 23:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-02-10 19:13 - 2015-01-09 23:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-02-10 19:13 - 2015-01-09 23:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-02-10 19:13 - 2015-01-09 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-02-10 19:13 - 2015-01-09 23:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-02-10 19:13 - 2015-01-09 23:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-02-10 19:13 - 2015-01-09 23:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-02-10 19:13 - 2015-01-09 23:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-02-10 19:13 - 2015-01-09 23:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-02-10 19:13 - 2015-01-09 23:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-02-10 19:13 - 2015-01-09 23:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-02-10 19:13 - 2015-01-08 19:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-10 19:13 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-10 19:13 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
    2015-02-10 07:09 - 2015-02-10 07:09 - 00003700 _____ () C:\Users\Wendy\Downloads\Fixlist.txt
    2015-02-09 19:47 - 2015-02-09 19:47 - 00096256 _____ () C:\Users\Wendy\Downloads\SystemLook_x64.exe
    2015-02-09 19:47 - 2015-02-09 19:47 - 00096256 _____ () C:\Users\Wendy\Downloads\SystemLook_x64 (1).exe
    2015-02-09 19:47 - 2015-02-09 19:47 - 00096256 _____ () C:\Users\Wendy\Desktop\SystemLook_x64.exe
    2015-02-09 15:10 - 2015-02-09 15:10 - 00018618 _____ () C:\Users\Wendy\Desktop\Addition.txt
    2015-02-08 11:24 - 2015-02-10 22:42 - 00009759 _____ () C:\Users\Wendy\Downloads\hijackthis.log
    2015-02-08 11:23 - 2015-02-08 11:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\Wendy\Downloads\HijackThis.exe
    2015-02-08 11:10 - 2015-02-08 11:10 - 00509440 _____ (Tech Support Guy System) C:\Users\Wendy\Downloads\SysInfo.exe
    2015-02-08 11:08 - 2015-02-09 20:40 - 00000065 _____ () C:\Users\Wendy\AppData\Roaming\WB.CFG
    2015-02-08 10:20 - 2015-02-08 10:20 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\KeePass
    2015-02-08 10:12 - 2015-02-08 10:13 - 01942105 _____ (Dominik Reichl ) C:\Users\Wendy\Downloads\KeePass-1.28-Setup.exe
    2015-02-08 10:10 - 2015-03-01 08:28 - 00000000 ____D () C:\ProgramData\c6c8997c00002766
    2015-02-08 10:08 - 2015-02-08 10:08 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\DigitalSites
    2015-02-08 10:07 - 2015-02-08 10:07 - 00783834 _____ (%VENDOR%) C:\Users\Wendy\Downloads\FileOpenerSetup.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-10 18:11 - 2012-04-06 22:42 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-10 18:09 - 2012-04-06 18:46 - 01311042 _____ () C:\Windows\WindowsUpdate.log
    2015-03-10 18:08 - 2014-01-17 09:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-03-10 18:07 - 2012-04-06 20:11 - 00000000 ____D () C:\ProgramData\NVIDIA
    2015-03-10 18:07 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-10 18:07 - 2009-07-13 21:51 - 00109775 _____ () C:\Windows\setupact.log
    2015-03-03 21:17 - 2012-09-18 19:21 - 00000177 ____H () C:\dvmexp.idx
    2015-03-03 21:15 - 2014-01-17 09:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-03-01 15:40 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-01 12:20 - 2009-07-13 21:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-01 12:20 - 2009-07-13 21:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-01 12:01 - 2012-04-06 20:56 - 00070872 _____ () C:\Users\Wendy\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-03-01 10:44 - 2009-07-13 21:45 - 00314912 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-03-01 10:43 - 2013-08-02 08:34 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
    2015-03-01 10:43 - 2012-04-06 22:50 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2015-03-01 10:41 - 2012-06-17 20:02 - 00062602 _____ () C:\Users\Wendy\Desktop\money.xlsx
    2015-02-20 17:52 - 2014-01-17 09:21 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-19 19:19 - 2013-08-02 09:11 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-02-11 07:46 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
    2015-02-10 22:33 - 2012-05-06 19:37 - 00000000 ___RD () C:\Users\Wendy\Podcasts
    2015-02-10 22:33 - 2012-04-06 18:46 - 00000000 ____D () C:\Users\Wendy\AppData\Local\VirtualStore
    2015-02-10 22:33 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2015-02-10 22:24 - 2010-11-20 20:47 - 00154910 _____ () C:\Windows\PFRO.log
    2015-02-10 22:24 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-02-10 22:22 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
    2015-02-10 22:22 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2015-02-10 22:22 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
    2015-02-10 22:22 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2015-02-10 22:18 - 2012-04-06 22:11 - 00771088 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-02-10 19:18 - 2012-04-06 23:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2015-02-10 19:17 - 2013-11-18 07:37 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-10 19:17 - 2012-06-25 23:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
    2015-02-10 19:17 - 2012-04-06 22:11 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-02-10 19:17 - 2012-04-06 22:11 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-02-10 19:17 - 2012-04-06 22:11 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-10 19:15 - 2012-04-06 19:39 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-02-08 10:11 - 2012-10-21 20:07 - 00113148 _____ () C:\Users\Wendy\Desktop\food.xlsx
    2015-02-08 10:11 - 2012-04-07 09:40 - 00029788 _____ () C:\Users\Wendy\Desktop\stuff.xlsx

    ==================== Files in the root of some directories =======

    2015-03-01 08:48 - 2015-03-10 18:08 - 0000020 _____ () C:\Users\Wendy\AppData\Roaming\appdataFr3.bin
    2015-02-08 11:08 - 2015-02-09 20:40 - 0000065 _____ () C:\Users\Wendy\AppData\Roaming\WB.CFG
    2012-09-19 10:20 - 2013-02-02 14:15 - 0004096 _____ () C:\Users\Wendy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-04-07 01:17 - 2012-04-07 01:17 - 0007605 _____ () C:\Users\Wendy\AppData\Local\Resmon.ResmonCfg
    2014-02-02 10:10 - 2014-02-02 10:10 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    Some content of TEMP:
    ====================
    C:\Users\Wendy\AppData\Local\Temp\CSDJavaInstaller.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-26 20:59

    ==================== End Of Log ============================

    ADDITION.txt:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2015 01
    Ran by Wendy at 2015-03-10 18:11:04
    Running from C:\Users\Wendy\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Apple Application Support (HKLM-x32\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}) (Version: 5.2.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
    Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
    Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
    Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
    CoH Subscriber Beta (HKU\S-1-5-21-2245909474-2214454975-146711961-1001\...\NCsoft-CoHBeta) (Version: - NCsoft)
    CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
    EPU-6 Engine (HKLM-x32\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.03.02 - )
    Express Gate (HKLM-x32\...\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}) (Version: 1.4.10.3 - DeviceVM, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version: - )
    iTunes (HKLM\...\{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}) (Version: 10.6.3.25 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    LighterProc (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ed331a23}) (Version: - Software Publisher) <==== ATTENTION
    marvell 61xx (HKLM-x32\...\mv61xxDriver) (Version: 1.2.0.7100 - Marvell)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    NVIDIA 3D Vision Controller Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
    NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
    NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
    Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.9.12.19242 - Grinding Gear Games)
    Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
    SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices)
    TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
    TurboV (HKLM-x32\...\{A31951C5-DCD8-4DFE-A525-CFC701F54792}) (Version: 1.02.02 - )
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    10-02-2015 19:14:27 Windows Update
    10-02-2015 22:12:10 Windows Update
    16-02-2015 18:00:26 Windows Update
    19-02-2015 19:20:58 Windows Update
    23-02-2015 18:07:56 Windows Update
    27-02-2015 08:38:57 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {01CA898F-1CC1-463B-8274-75C640BC61FC} - System32\Tasks\CohNoUac => D:\Program Files\NCSoft\Launcher\NCLauncher.exe [2015-03-01] (NCSOFT)
    Task: {07F93A40-114A-4A39-8294-B390862ADC69} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {365C209A-7068-4220-8320-D71BF42CE6A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {4E06F925-D66C-4594-9E9E-1093F44838E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-17] (Google Inc.)
    Task: {979A6B1D-F713-40E5-83F6-4BF1C0325F3D} - System32\Tasks\CohBetaNoUac => D:\Program Files\NCSoft\Launcher\NCLauncher.exe [2015-03-01] (NCSOFT)
    Task: {B0716E53-DF8A-42FE-B306-17919FFE5616} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\Six Engine\SixEngine.exe [2009-11-27] (ASUSTeK Computer Inc.)
    Task: {E4B7CBD4-B099-4385-BBB8-E8FC5EDD7CA3} - System32\Tasks\{369608B0-754B-4A9E-A697-745E13BE4E4A} => pcalua.exe -a "C:\Users\Wendy\Downloads\HijackThis (1).exe" -d C:\Users\Wendy\Downloads
    Task: {F1EF18E2-048E-4BF2-848E-BED481C0EBD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-17] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2012-04-06 20:45 - 2013-01-18 08:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2012-11-07 18:48 - 2012-10-04 20:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
    2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-03-01 08:27 - 2015-03-01 08:27 - 01598464 _____ () c:\Program Files (x86)\LighterProc\LighterProc.dll
    2012-09-18 18:53 - 2009-04-22 20:20 - 00179712 _____ () C:\Program Files\ASUS\Six Engine\ASUSSERVICE.DLL
    2012-09-18 18:53 - 2009-08-27 19:41 - 00565248 _____ () C:\Program Files\ASUS\Six Engine\pngio.dll
    2012-09-18 18:53 - 2009-08-27 19:41 - 00053248 _____ () C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll
    2012-09-18 18:53 - 2008-12-10 20:27 - 00565248 _____ () C:\Program Files\ASUS\TurboV\pngio.dll
    2012-09-18 18:53 - 2009-10-26 14:52 - 00135680 _____ () C:\Program Files\ASUS\TurboV\TVOCLIB.DLL
    2015-02-20 17:52 - 2015-02-17 15:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
    2015-02-20 17:52 - 2015-02-17 15:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
    2015-02-20 17:52 - 2015-02-17 15:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
    2015-02-20 17:52 - 2015-02-17 15:44 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2245909474-2214454975-146711961-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 75.75.75.75 - 75.75.76.76

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2245909474-2214454975-146711961-500 - Administrator - Disabled)
    Guest (S-1-5-21-2245909474-2214454975-146711961-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2245909474-2214454975-146711961-1002 - Limited - Enabled)
    Landon (S-1-5-21-2245909474-2214454975-146711961-1004 - Limited - Enabled) => C:\Users\Landon
    UpdatusUser (S-1-5-21-2245909474-2214454975-146711961-1003 - Limited - Enabled) => C:\Users\UpdatusUser
    Wendy (S-1-5-21-2245909474-2214454975-146711961-1001 - Administrator - Enabled) => C:\Users\Wendy

    ==================== Faulty Device Manager Devices =============

    Name: RAID Controller
    Description: RAID Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/10/2015 06:09:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/01/2015 08:53:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17631 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: b04

    Start Time: 01d0549c3187a203

    Termination Time: 10

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (03/01/2015 04:27:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4992

    Error: (03/01/2015 04:27:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4992

    Error: (03/01/2015 04:27:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/01/2015 04:27:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3994

    Error: (03/01/2015 04:27:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3994

    Error: (03/01/2015 04:27:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/01/2015 04:27:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2996

    Error: (03/01/2015 04:27:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2996


    System errors:
    =============
    Error: (03/10/2015 06:10:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
    %%1069

    Error: (03/10/2015 06:10:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
    %%1330

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (03/01/2015 00:15:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
    %%1069

    Error: (03/01/2015 00:15:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
    %%1330

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (03/01/2015 10:47:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
    %%1069

    Error: (03/01/2015 10:47:02 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
    %%1330

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (02/11/2015 07:14:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
    %%1069

    Error: (02/11/2015 07:14:35 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
    Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
    %%1330

    To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

    Error: (02/10/2015 10:34:26 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
    %%5

    Error: (02/10/2015 10:34:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
    Description: The ScRegSetValueExW call failed for Start with the following error:
    %%5


    Microsoft Office Sessions:
    =========================
    Error: (01/31/2015 05:14:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 110623 seconds with 240 seconds of active time. This session ended with a crash.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz
    Percentage of memory in use: 38%
    Total physical RAM: 6135.12 MB
    Available physical RAM: 3772.55 MB
    Total Pagefile: 12268.42 MB
    Available Pagefile: 9611.08 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.81 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:148.95 GB) (Free:78.53 GB) NTFS
    Drive d: (DataDrive) (Fixed) (Total:1863.01 GB) (Free:1760.46 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 5867890F)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 9DACBE37)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  7. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    Hello again, WendyM.

    Are you currently aware of your Google Chrome being in Dev build? If you're not, please, uninstall it, as it has probably been modified by malware. In that case it leaves you vulnerable to further infections.
    We will reinstall it later.

    Let's take care of the popups.

    Please tell me if the following instructions fix the problem.

    Step #1
    Uninstalling programs

    Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove the following programs:

    • LighterProc


    Step #2
    FRST Fix

    1. Download attached fixlist.txt file to your desktop.
      >> fixlist.txt <<
      NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    2. Right click FRST64.exe on your desktop and click Run as administrator.
    3. Press the Fix button just once and wait.
      NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
    4. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    5. When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.


    Things that should appear in your next post:

    • Fixlog.txt log content
    • Please tell me if you still have any problems with your computer
     

    Attached Files:

  8. WendyM

    WendyM Retired Trusted Advisor Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    4,042
    Hi Nevan,
    I use the developer tools in Chrome occasionally, but was not intentionally using the Dev build. I have uninstalled Chrome and LighterProc and run the fixlist. When I opened IE (since Chrome is gone) there was a notice from Microsoft Security Essentials saying it had removed from software, but it didn't give details. IE appears to be working just fine now. No popups, and no hijacking of links.

    FIXLOG.txt:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
    Ran by Wendy at 2015-03-12 06:13:46 Run:1
    Running from C:\Users\Wendy\Desktop
    Loaded Profiles: Wendy (Available profiles: Wendy & UpdatusUser & Landon)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    HKU\S-1-5-21-2245909474-2214454975-146711961-1001\...\MountPoints2: {096d79b6-b27f-11e2-b5c9-bcaec54497a8} - H:\LaunchU3.exe
    HKU\S-1-5-21-2245909474-2214454975-146711961-1001\...\MountPoints2: {96ccee42-97ee-11e1-aed0-bcaec54497a8} - G:\TL-Bootstrap.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL =
    BHO: saverabox -> {0e7ca7c4-3ef7-4451-b029-0915c426d09e} -> C:\Program Files (x86)\saverabox\HGKgIhfKPneCxK.x64.dll [2015-03-01] ()
    BHO: dEAlsater -> {b200619f-49ae-4389-91f6-6e5fcc2d5dce} -> C:\Program Files (x86)\dEAlsater\ckycVdhr74Mnj8.x64.dll [2015-03-01] ()
    BHO-x32: saverabox -> {0e7ca7c4-3ef7-4451-b029-0915c426d09e} -> C:\Program Files (x86)\saverabox\HGKgIhfKPneCxK.dll [2015-03-01] ()
    BHO-x32: dEAlsater -> {b200619f-49ae-4389-91f6-6e5fcc2d5dce} -> C:\Program Files (x86)\dEAlsater\ckycVdhr74Mnj8.dll [2015-03-01] ()
    Toolbar: HKU\S-1-5-21-2245909474-2214454975-146711961-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    FF user.js: detected! => C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\g3ulx7ao.default\us er.js [2015-02-08]
    FF SearchPlugin: C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\g3ulx7ao.default\se archplugins\Taplika.xml [2015-02-08]
    R2 ed331a23; c:\Program Files (x86)\LighterProc\LighterProc.dll [1598464 2015-03-01] () [File not signed]
    CHR Extension: (iSlide) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\goicaghfpnaogbpejmaodednkiilckfo [2015-03-01]
    2015-03-01 18:08 - 2015-03-01 18:08 - 00000000 ____D () C:\ProgramData\5693610827653076964
    2015-03-01 18:08 - 2015-03-01 18:08 - 00000000 ____D () C:\Program Files (x86)\saverabox
    2015-03-01 18:08 - 2015-03-01 18:08 - 00000000 ____D () C:\Program Files (x86)\iSlide
    2015-03-01 18:08 - 2015-03-01 18:08 - 00000000 ____D () C:\Program Files (x86)\dEAlsater
    2015-03-01 18:08 - 2015-03-01 18:08 - 00000000 ____D () C:\Program Files (x86)\dEal2DDealIIt
    2015-03-01 08:48 - 2015-03-10 18:08 - 00000020 _____ () C:\Users\Wendy\AppData\Roaming\appdataFr3.bin
    2015-03-01 08:48 - 2015-03-01 08:48 - 00000000 ____D () C:\ProgramData\GetTheDiscount
    2015-03-01 08:27 - 2015-03-01 08:27 - 00000000 ____D () C:\Program Files (x86)\LighterProc
    2015-02-10 22:42 - 2015-02-10 22:42 - 00003138 _____ () C:\Windows\System32\Tasks\{369608B0-754B-4A9E-A697-745E13BE4E4A}
    2015-02-08 10:10 - 2015-03-01 08:28 - 00000000 ____D () C:\ProgramData\c6c8997c00002766
    2015-02-08 10:08 - 2015-02-08 10:08 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\DigitalSites
    2015-02-08 10:07 - 2015-02-08 10:07 - 00783834 _____ (%VENDOR%) C:\Users\Wendy\Downloads\FileOpenerSetup.exe
    Task: {E4B7CBD4-B099-4385-BBB8-E8FC5EDD7CA3} - System32\Tasks\{369608B0-754B-4A9E-A697-745E13BE4E4A} => pcalua.exe -a "C:\Users\Wendy\Downloads\HijackThis (1).exe" -d C:\Users\Wendy\Downloads
    Hosts:
    EmptyTemp:
    CMD: bitsadmin /reset /allusers
    cmd: netsh advfirewall reset
    cmd: netsh advfirewall set allprofiles state on
    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKU\S-1-5-21-2245909474-2214454975-146711961-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{096d79b6-b27f-11e2-b5c9-bcaec54497a8}" => Key deleted successfully.
    HKCR\CLSID\{096d79b6-b27f-11e2-b5c9-bcaec54497a8} => Key not found.
    "HKU\S-1-5-21-2245909474-2214454975-146711961-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96ccee42-97ee-11e1-aed0-bcaec54497a8}" => Key deleted successfully.
    HKCR\CLSID\{96ccee42-97ee-11e1-aed0-bcaec54497a8} => Key not found.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}" => Key deleted successfully.
    HKCR\CLSID\{589B893E-773C-4941-88C2-0DCC718E621C} => Key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e7ca7c4-3ef7-4451-b029-0915c426d09e} => Key not found.
    "HKCR\CLSID\{0e7ca7c4-3ef7-4451-b029-0915c426d09e}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b200619f-49ae-4389-91f6-6e5fcc2d5dce} => Key not found.
    "HKCR\CLSID\{b200619f-49ae-4389-91f6-6e5fcc2d5dce}" => Key deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0e7ca7c4-3ef7-4451-b029-0915c426d09e} => Key not found.
    HKCR\Wow6432Node\CLSID\{0e7ca7c4-3ef7-4451-b029-0915c426d09e} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b200619f-49ae-4389-91f6-6e5fcc2d5dce} => Key not found.
    HKCR\Wow6432Node\CLSID\{b200619f-49ae-4389-91f6-6e5fcc2d5dce} => Key not found.
    HKU\S-1-5-21-2245909474-2214454975-146711961-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
    C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\g3ulx7ao.default\us er.js not found.
    "C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\g3ulx7ao.default\se archplugins\Taplika.xml" => not found.
    ed331a23 => Service not found.
    C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\goicaghfpnaogbpejmaodednkiilckfo => Moved successfully.
    C:\ProgramData\5693610827653076964 => Moved successfully.
    C:\Program Files (x86)\saverabox => Moved successfully.
    C:\Program Files (x86)\iSlide => Moved successfully.
    C:\Program Files (x86)\dEAlsater => Moved successfully.
    C:\Program Files (x86)\dEal2DDealIIt => Moved successfully.
    C:\Users\Wendy\AppData\Roaming\appdataFr3.bin => Moved successfully.
    C:\ProgramData\GetTheDiscount => Moved successfully.
    "C:\Program Files (x86)\LighterProc" => File/Directory not found.
    C:\Windows\System32\Tasks\{369608B0-754B-4A9E-A697-745E13BE4E4A} => Moved successfully.
    C:\ProgramData\c6c8997c00002766 => Moved successfully.
    C:\Users\Wendy\AppData\Roaming\DigitalSites => Moved successfully.
    C:\Users\Wendy\Downloads\FileOpenerSetup.exe => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4B7CBD4-B099-4385-BBB8-E8FC5EDD7CA3}" => Key Deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4B7CBD4-B099-4385-BBB8-E8FC5EDD7CA3}" => Key Deleted successfully.
    C:\Windows\System32\Tasks\{369608B0-754B-4A9E-A697-745E13BE4E4A} not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{369608B0-754B-4A9E-A697-745E13BE4E4A}" => Key Deleted successfully.
    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    {EEF06CB4-0B6E-43CF-A7D1-9231D4744450} canceled.
    1 out of 1 jobs canceled.

    ========= End of CMD: =========


    ========= netsh advfirewall reset =========

    Ok.


    ========= End of CMD: =========


    ========= netsh advfirewall set allprofiles state on =========

    Ok.


    ========= End of CMD: =========

    EmptyTemp: => Removed 2.1 GB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 06:14:03 ====
     
  9. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    I'm glad to hear that it looks alright.

    Let's move forward.

    Step #1
    Junkware Removal Tool
    1. Download Junkware Removal Tool to your Desktop
    2. Close any open windows
    3. Disable your Antivirus program (click here if you don't know how to do this)
    4. Double click JRT.exe on your desktop to run it
    5. Click any button to start the scan
    6. Wait for Junkware Removal Tool to finish the scan
    7. When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
    8. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.


    Step #2
    AdwCleaner
    1. Download AdwCleaner to your Desktop.
    2. Close any open windows
    3. Double click AdwCleaner.exe on your desktop to run it
    4. Click the [​IMG] button
    5. Wait for AdwCleaner to finish the scan
    6. When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click [​IMG] button.
    7. When the cleaning is finished, the program will ask you to reboot the system. Please do so.
    8. Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[S0].txt.
    9. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
    Remember to enable your Antivirus program once you're done!



    Things that should appear in your next post:
    • JRT.txt log content
    • AdwCleaner[S0].txt log content
     
  10. WendyM

    WendyM Retired Trusted Advisor Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    4,042
    Thanks Nevan, I disabled the AV, ran the software, then re-enabled it.

    JRT.txt:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.3 (03.01.2015:1)
    OS: Windows 7 Professional x64
    Ran by Wendy on Thu 03/12/2015 at 18:07:59.80
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\Wendy\AppData\Roaming\mozilla\firefox\profiles\g3ulx7ao.default\user.js
    Successfully deleted: [Folder] C:\Users\Wendy\AppData\Roaming\mozilla\firefox\profiles\g3ulx7ao.default\extensions\staged
    Emptied folder: C:\Users\Wendy\AppData\Roaming\mozilla\firefox\profiles\g3ulx7ao.default\minidumps [18 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 03/12/2015 at 18:09:37.35
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    AdwCleaner[S0].txt:

    # AdwCleaner v4.112 - Logfile created 12/03/2015 at 18:13:38
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-05.1 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : Wendy
    # Running from : C:\Users\Wendy\Desktop\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\78c67cd60000202c
    File Deleted : C:\Users\Wendy\AppData\Roaming\Mozilla\Firefox\Profiles\g3ulx7ao.default\searchplugins\Taplika.xml

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\DeviceVM
    Key Deleted : HKLM\SOFTWARE\PIP
    Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
    Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99AD9D6D-A456-49EE-8360-F22EE7AA1272}
    Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17631


    -\\ Mozilla Firefox v30.0 (en-US)


    -\\ Google Chrome v

    [C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tlk_ggfc_15_06_ch&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyEyEzyyB0AzzyCtBtA0CtN0D0Tzu0StCtCtAyEtN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDzy0F0F0DtGyD0Czy0BtG0BtB0E0DtGyDzz0AtDtGtAtD0DtDtA0EtAtA0CtAyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0E0B0FtCtD0EzztGzy0F0CtCtGyEyCtCzytGzz0EzztAtG0CtDtDtAtB0DzyyEzzyD0AtD2Q&cr=1560535032&ir=
    [C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tlk_ggfc_15_06_ch&cd=2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDyEyEzyyB0AzzyCtBtA0CtN0D0Tzu0StCtCtAyEtN1L2XzutAtFyBtFtBtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDzy0F0F0DtGyD0Czy0BtG0BtB0E0DtGyDzz0AtDtGtAtD0DtDtA0EtAtA0CtAyB0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0E0B0FtCtD0EzztGzy0F0CtCtGyEyCtCzytGzz0EzztAtG0CtDtDtAtB0DzyyEzzyD0AtD2Q&cr=1560535032&ir=

    *************************

    AdwCleaner[R0].txt - [3462 bytes] - [12/03/2015 18:11:59]
    AdwCleaner[S0].txt - [3335 bytes] - [12/03/2015 18:13:38]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3394 bytes] ##########
     
  11. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    Hello again, WendyM.

    Let's continue the cleaning process.

    Step #1
    Malwarebytes Anti-Malware

    1. Download Malwarebytes Anti-Malware to your Desktop
    2. Double click the file to open it. Install the program.
    3. Before you click Finish, make sure that:
      • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
      • Launch Malwarebytes Anti-Malware is checked
    4. In Database version section, click Update Now
    5. Once the update is done, click Settings>Detection and Protection
    6. Make sure that all three boxes under Detection Options are checked
      [​IMG]
    7. Go back to Dashboard and click the big, green Scan Now button.
    8. Wait for Malwarebytes Anti-Malware to finish the scan
    9. If the program will detect anything, click the [​IMG] button. The program might want to reboot the system. Allow it it wants to.
    10. Once the deletion is done (or after reboot), go to History and double click the last Scan Log.
    11. Click the [​IMG] button.
    12. Paste (CTRL+V) the log into your next reply.



    Step #2
    ESET Online Scanner

    • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox

    1. Disable your Antivirus program (click here if you don't know how to do this).
    2. Visit ESET site
    3. Click [​IMG]
    4. When using:
      • Internet Explorer:
        • Accept the Terms of Use and click Start
        • Allow the running of add-on
      • Other browsers:
        • Download esetsmartinstaller_enu.exe that you'll be given link to
        • Double click esetsmartinstaller_enu.exe
        • Allow the Terms of Use and click Start

    5. Make sure that:
      • Enable detection of potentially unwanted applications is checked
      • In Advanced Settings: Remove found threats is unchecked. Scan archives, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked

      [​IMG]
    6. Click Start
    7. The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
    8. When completed, the program will begin to scan. This may take several hours. Please, be patient.
    9. Do not do anything on your machine as it may interrupt the scan
    10. When the scan is done, click Finish
    11. A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
    12. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

    Remember to enable your Antivirus program once you're done!



    Things that should appear in your next post:

    • Malwarebytes Anti-Malware log content
    • ESET Online Scanner log content
     
  12. WendyM

    WendyM Retired Trusted Advisor Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    4,042
    MalwareBytes:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 3/13/2015
    Scan Time: 7:51:17 AM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.03.13.06
    Rootkit Database: v2015.02.25.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Wendy

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 428768
    Time Elapsed: 5 min, 49 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.Trovi.A, HKU\S-1-5-21-2245909474-2214454975-146711961-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, Quarantined, [218878aafd8d54e29b9fc951e81bc23e],
    PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{372ab9f0}, Quarantined, [8821d949ff8bd4620665d600689b8e72],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    ESET said it found four threats, but this is all that was in the log:

    [email protected] as CAB hook log:
    OnlineScanner64.ocx - registred OK
    OnlineScanner.ocx - registred OK
     
  13. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    Hello again, WendyM.

    I'm sorry but in this case you'll have to run ESET again. Use the previous instructions to do that.

    Before running it again, however, use TFC first:

    1. Download TFC.exe to your Desktop, right-click it and run it as Administrator.
    2. In the window that appears, click Start. Please be aware that all opened applications will be closed.
    3. Once the scan is finished, you may be asked to do a reboot. Do it if this happens.
    When you're done, run the ESET scan and post the results.
     
  14. WendyM

    WendyM Retired Trusted Advisor Thread Starter

    Joined:
    Jun 27, 2003
    Messages:
    4,042
    Hi Nevan,
    I ran TFC.exe and then re-ran ESET and clicked Finish. The log on my C: drive is exactly the same as it was yesterday and the properties show it's still yesterday's file. However, before I closed it, I exported the log with the threat files in case it's helpful:

    C:\FRST\Quarantine\C\Program Files (x86)\dEAlsater\ckycVdhr74Mnj8.x64.dll a variant of Win64/Adware.MultiPlug.F application
    C:\FRST\Quarantine\C\Program Files (x86)\saverabox\HGKgIhfKPneCxK.x64.dll a variant of Win64/Adware.MultiPlug.F application
    C:\FRST\Quarantine\C\Users\Wendy\Downloads\FileOpenerSetup.exe.xBAD a variant of Win32/InstallCore.WQ potentially unwanted application
    C:\Users\Wendy\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
     
  15. Nevan

    Nevan

    Joined:
    Jan 26, 2015
    Messages:
    216
    Smart move :)

    Please go to C:\Users\Wendy\Downloads, click CuteWriter.exe, then press Shift+Delete combination on your keyboard and remove that file.

    Let's do some final checks.

    Step #1
    FRST Scan

    1. Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
    2. Make sure that Addition.txt is checked and press the Scan button.
    3. It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
    4. Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.


    Step #2
    Security Check

    Download Security Check from here or here.

    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.



    Things that should appear in your next post:

    • FRST.txt log content
    • Addition.txt log content
    • Checkup.txt log content
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1144022

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice