Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wow64cpu.dll Is this a Virus?


  • Please log in to reply
8 replies to this topic

#1 timipz

timipz

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 07 August 2015 - 03:21 PM

I have ran autoruns and Wow64cpu.dll has been found I read another post claiming that this was a virus of some kind could anybody help clarify my query please.

Thank you Tim



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:57 PM

Posted 08 August 2015 - 08:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Go to this site and submit the Wow64cpu.dll file for a scan.
https://www.virustotal.com/

Post the logs.

If anything shows malware please run the following tool and post the logs for my review.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#3 timipz

timipz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 08 August 2015 - 11:48 AM

Thank you for reply my friend I shall follow your instructions now



#4 timipz

timipz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 08 August 2015 - 12:01 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-08-2015 01
Ran by Tim Wells (administrator) on TIMSPC (08-08-2015 17:49:51)
Running from C:\Users\Tim Wells\Downloads\Programs
Loaded Profiles: Tim Wells (Available Profiles: Tim Wells)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Piriform Ltd) C:\Program Files\Defraggler\Defraggler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-08] (AVAST Software)
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-08-08] ()
Startup: C:\Users\Tim Wells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-08-08] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-08-08] (AVAST Software)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-607496446-2550010929-3498398815-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gfe_rd=cr&ei=Tmt7VZjvHvOq8wec_oHoDA&gws_rd=ssl
HKU\S-1-5-21-607496446-2550010929-3498398815-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKU\S-1-5-21-607496446-2550010929-3498398815-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-607496446-2550010929-3498398815-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-607496446-2550010929-3498398815-1001 -> {0BF3BDDA-212C-4FF6-A36B-E19A539AE6E0} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-08] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-08] (AVAST Software)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
Tcpip\Parameters: [DhcpNameServer] 91.218.114.31 8.8.8.8
Tcpip\..\Interfaces\{CC1F6605-BD1D-43B2-9F58-044942EA57DE}: [DhcpNameServer] 91.218.114.31 8.8.8.8
Tcpip\..\Interfaces\{F2BF2319-AB44-4AF0-8C04-C6077B68D523}: [DhcpNameServer] 91.218.114.31 8.8.8.8

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-24] ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-24] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-09]
FF HKU\S-1-5-21-607496446-2550010929-3498398815-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Tim Wells\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Tim Wells\AppData\Roaming\IDM\idmmzcc5 [2015-08-08]

Chrome:
=======
CHR Profile: C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-16]
CHR Extension: (Google Docs) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-16]
CHR Extension: (Google Drive) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-16]
CHR Extension: (WOT) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-06-16]
CHR Extension: (YouTube) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-16]
CHR Extension: (Adblock Plus) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-16]
CHR Extension: (Google Search) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-16]
CHR Extension: (Avast SafePrice) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-06-16]
CHR Extension: (Google Sheets) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-16]
CHR Extension: (Avast Online Security) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-16]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2015-06-16]
CHR Extension: (Google Play) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-06-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-16]
CHR Extension: (IDM Integration Module) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-07-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-16]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2015-06-16]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-06-17]
CHR Extension: (Gmail) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-16]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-06-19] (ASUS)
R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-08] (AVAST Software)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-22] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-04-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-04-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-08-08] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-08-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-08-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-08-08] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-08-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-08-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-08-08] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-08-08] (AVAST Software)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-04-24] (Advanced Micro Devices)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70416 2013-09-23] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-04-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 17:49 - 2015-08-08 17:49 - 00000000 ____D C:\FRST
2015-08-08 15:13 - 2015-08-08 15:13 - 00001354 _____ C:\WINDOWS\PFRO.log
2015-08-08 15:13 - 2015-08-08 15:13 - 00000077 _____ C:\WINDOWS\setupact.log
2015-08-08 15:13 - 2015-08-08 15:13 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-08 14:14 - 2015-08-08 17:48 - 00142345 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-08 02:34 - 2015-08-08 02:34 - 03254338 _____ C:\Users\Tim Wells\Downloads\TIMSPC-2.arn
2015-08-08 02:32 - 2015-08-08 02:35 - 07302860 _____ C:\Users\Tim Wells\Documents\TIMSPC-2.arn
2015-08-08 02:18 - 2015-08-08 02:18 - 00889500 _____ C:\Users\Tim Wells\Documents\TIMSPC-1.arn
2015-08-08 00:34 - 2015-08-08 00:34 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-08-08 00:33 - 2015-08-08 00:33 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-08-07 18:10 - 2015-08-07 17:22 - 07116260 _____ C:\Users\Tim Wells\Downloads\TIMSPC.arn
2015-08-07 17:16 - 2015-08-07 17:22 - 07116260 _____ C:\Users\Tim Wells\Documents\TIMSPC.arn
2015-08-07 17:01 - 2015-08-07 17:01 - 00593693 _____ C:\Users\Tim Wells\Documents\Autoruns.zip
2015-08-07 16:11 - 2015-08-07 16:11 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-08-07 12:45 - 2015-08-07 12:45 - 00000000 ____D C:\Users\Tim Wells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-07 12:42 - 2015-08-08 02:21 - 00000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-607496446-2550010929-3498398815-1001UA.job
2015-08-07 12:42 - 2015-08-08 02:21 - 00000896 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-607496446-2550010929-3498398815-1001Core.job
2015-08-07 12:42 - 2015-08-08 00:55 - 00003904 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-607496446-2550010929-3498398815-1001UA
2015-08-07 12:42 - 2015-08-08 00:55 - 00003524 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-607496446-2550010929-3498398815-1001Core
2015-08-07 12:42 - 2015-08-07 12:42 - 00000000 ____D C:\Users\Tim Wells\AppData\Local\Dropbox
2015-08-07 12:42 - 2015-08-07 12:42 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-25 18:46 - 2015-08-08 17:49 - 00000000 ____D C:\Users\Tim Wells\AppData\Roaming\IDM
2015-07-25 18:46 - 2015-08-08 02:57 - 00000000 ____D C:\Users\Tim Wells\AppData\Roaming\DMCache
2015-07-25 18:46 - 2015-08-08 02:19 - 00000000 ____D C:\Users\Tim Wells\Downloads\Compressed
2015-07-25 18:46 - 2015-07-25 18:47 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2015-07-25 18:46 - 2015-07-25 18:46 - 00001023 _____ C:\Users\Tim Wells\Desktop\Internet Download Manager.lnk
2015-07-25 18:46 - 2015-07-25 18:46 - 00000000 ____D C:\Users\Tim Wells\Downloads\Video
2015-07-25 18:46 - 2015-07-25 18:46 - 00000000 ____D C:\Users\Tim Wells\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-07-25 18:46 - 2015-07-25 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-07-25 18:46 - 2015-07-25 18:46 - 00000000 ____D C:\ProgramData\IDM
2015-07-24 16:09 - 2015-07-24 16:09 - 00007605 _____ C:\Users\Tim Wells\AppData\Local\Resmon.ResmonCfg
2015-07-24 13:58 - 2015-08-08 01:07 - 00003888 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-24 11:09 - 2015-06-15 23:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-07-24 11:09 - 2015-06-15 23:38 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-07-24 11:09 - 2015-06-15 23:26 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-07-24 11:09 - 2015-06-15 23:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-07-24 11:09 - 2015-06-15 22:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-07-24 11:09 - 2015-06-15 22:57 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-07-24 11:09 - 2015-06-15 22:38 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-07-24 11:09 - 2015-06-15 22:36 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-07-24 11:09 - 2015-06-15 22:17 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-24 11:09 - 2015-06-15 22:16 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-24 11:09 - 2015-06-15 22:15 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-07-24 11:09 - 2015-06-15 22:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-07-24 11:09 - 2015-06-15 22:04 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-07-24 11:09 - 2015-06-15 21:52 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-07-24 11:09 - 2015-06-15 21:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-07-24 11:09 - 2015-06-15 21:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-07-24 11:09 - 2015-06-15 21:41 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-07-24 11:09 - 2015-06-15 21:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-07-24 11:09 - 2015-06-15 21:31 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-07-24 11:09 - 2015-06-15 21:30 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-07-24 11:09 - 2015-06-15 21:17 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-24 11:09 - 2015-06-15 21:07 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-24 11:09 - 2015-06-15 21:02 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-07-24 11:08 - 2015-06-28 06:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-07-24 11:08 - 2015-06-28 06:07 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-07-24 11:08 - 2015-06-28 06:06 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-07-24 11:08 - 2015-06-28 06:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-07-24 11:08 - 2015-06-27 17:42 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-07-24 11:08 - 2015-06-27 04:13 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-07-24 11:08 - 2015-06-27 04:12 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-07-24 11:08 - 2015-06-27 04:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-07-24 11:08 - 2015-06-27 03:40 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-07-24 11:08 - 2015-06-27 03:05 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-24 11:08 - 2015-06-27 03:00 - 00989184 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-07-24 11:08 - 2015-06-27 02:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-07-24 11:08 - 2015-06-27 02:26 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-07-24 11:08 - 2015-06-25 03:31 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-07-24 11:08 - 2015-06-16 06:36 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-07-24 11:08 - 2015-06-16 06:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-07-24 11:08 - 2015-06-15 23:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-24 11:08 - 2015-06-15 23:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-24 11:08 - 2015-06-15 23:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-07-24 11:08 - 2015-06-15 22:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-07-24 11:08 - 2015-06-15 22:55 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-07-24 11:08 - 2015-06-15 22:49 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-07-24 11:08 - 2015-06-15 22:41 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-07-24 11:08 - 2015-06-15 22:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-24 11:08 - 2015-06-15 22:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-24 11:08 - 2015-06-15 22:03 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-07-24 11:08 - 2015-06-15 21:50 - 02774528 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-07-24 11:08 - 2015-06-15 21:43 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-07-24 11:08 - 2015-06-15 21:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-07-24 11:08 - 2015-06-15 21:32 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-07-24 11:08 - 2015-06-15 21:30 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-07-24 11:08 - 2015-06-15 20:57 - 02460160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-07-24 11:08 - 2015-06-11 04:49 - 01380600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-24 11:08 - 2015-06-10 17:13 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-24 11:07 - 2015-07-09 20:51 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-07-24 11:07 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-07-24 11:07 - 2015-07-09 17:03 - 03701760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-24 11:07 - 2015-07-09 16:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-07-24 11:07 - 2015-07-09 16:53 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-07-24 11:07 - 2015-07-09 16:50 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-07-24 11:07 - 2015-07-09 16:50 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-07-24 11:07 - 2015-07-09 16:48 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-24 11:07 - 2015-07-09 16:46 - 02229248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-07-24 11:07 - 2015-07-09 16:38 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-07-24 11:07 - 2015-07-09 16:37 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-07-24 11:07 - 2015-07-09 16:35 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-07-24 11:07 - 2015-07-09 16:34 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-24 11:07 - 2015-07-01 23:08 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-24 11:07 - 2015-07-01 22:14 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-24 11:07 - 2015-05-30 22:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-07-24 11:07 - 2015-05-30 20:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-07-24 11:07 - 2015-05-30 20:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-24 11:06 - 2015-07-02 22:21 - 19877376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-07-24 11:06 - 2015-07-02 21:49 - 25193984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-07-24 11:04 - 2015-07-02 21:50 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-07-24 11:04 - 2015-07-02 21:23 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-07-24 11:04 - 2015-07-02 21:19 - 12855296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-07-24 11:04 - 2015-07-02 20:55 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-24 11:04 - 2015-07-02 20:20 - 14453248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-07-24 11:04 - 2015-07-02 19:59 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-24 10:46 - 2015-07-14 15:14 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-07-24 10:46 - 2015-07-14 15:14 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-07-24 10:46 - 2015-07-14 15:14 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-24 10:46 - 2015-07-14 15:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-15 00:21 - 2015-07-15 00:21 - 00002015 _____ C:\Users\Public\Desktop\ExtremeCopy Pro.lnk
2015-07-15 00:21 - 2015-07-15 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExtremeCopy
2015-07-15 00:21 - 2015-07-15 00:21 - 00000000 ____D C:\Program Files\Easersoft
2015-07-14 23:46 - 2015-07-14 23:46 - 00000000 ____D C:\Users\Tim Wells\AppData\Roaming\ExtremeCopy
2015-07-14 23:15 - 2015-07-14 23:21 - 00000000 ____D C:\Users\Tim Wells\AppData\Roaming\TeraCopy
2015-07-11 17:06 - 2015-07-11 17:06 - 00447679 _____ C:\Users\Tim Wells\AppData\Local\census.cache
2015-07-11 17:06 - 2015-07-11 17:06 - 00165482 _____ C:\Users\Tim Wells\AppData\Local\ars.cache
2015-07-11 16:59 - 2015-07-11 16:59 - 00000010 _____ C:\Users\Tim Wells\AppData\Local\sponge.last.runtime.cache
2015-07-11 16:49 - 2015-07-11 16:49 - 00000036 _____ C:\Users\Tim Wells\AppData\Local\housecall.guid.cache
2015-07-11 16:49 - 2013-09-28 03:56 - 00285208 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-07-11 16:25 - 2015-06-29 23:43 - 00026288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-11 16:25 - 2015-06-29 16:07 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-07-11 16:25 - 2015-06-29 16:07 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-07-11 16:25 - 2015-06-29 16:07 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-07-11 16:25 - 2015-06-29 16:07 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-07-11 16:25 - 2015-06-29 16:07 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-07-11 16:25 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-07-11 16:25 - 2015-06-27 04:08 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-07-11 16:25 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-07-11 16:25 - 2015-06-27 00:21 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-07-11 16:25 - 2015-06-27 00:21 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-07-10 17:49 - 2015-08-07 15:15 - 00000000 ___HD C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 17:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-08 15:19 - 2015-02-06 20:30 - 00000074 _____ C:\Users\Tim Wells\AppData\Roaming\sp_data.sys
2015-08-08 15:17 - 2013-11-23 12:59 - 00003260 _____ C:\WINDOWS\System32\Tasks\ASUS Patch for Touch Panel
2015-08-08 15:17 - 2013-11-23 12:46 - 00003004 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU
2015-08-08 15:17 - 2013-11-23 12:46 - 00002988 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2015-08-08 15:17 - 2013-11-23 12:45 - 00003268 _____ C:\WINDOWS\System32\Tasks\AsusVibeSchedule
2015-08-08 15:17 - 2013-11-23 12:45 - 00003028 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2015-08-08 15:17 - 2013-11-23 12:44 - 00003056 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2015-08-08 15:17 - 2013-11-23 12:38 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2015-08-08 15:13 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-08 15:12 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\System
2015-08-08 14:56 - 2014-11-22 02:01 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-08 14:39 - 2015-06-26 16:40 - 00002796 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-08-08 14:30 - 2015-05-16 22:48 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-08 02:21 - 2015-06-16 19:25 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-08 02:01 - 2015-05-16 12:53 - 00003476 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2015-08-08 02:01 - 2015-05-16 12:53 - 00003466 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2015-08-08 01:07 - 2015-06-16 19:25 - 00003720 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-08 00:34 - 2015-06-09 10:07 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-08-08 00:34 - 2015-06-09 10:06 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-08-08 00:34 - 2015-06-09 10:06 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-08-08 00:34 - 2015-06-09 10:06 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-08-08 00:34 - 2015-06-09 10:06 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-08-08 00:34 - 2015-06-09 10:06 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-08-08 00:34 - 2015-06-09 10:06 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-08-08 00:34 - 2015-06-09 10:06 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-08-08 00:33 - 2015-06-09 10:06 - 01048856 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-08-07 23:37 - 2015-06-16 14:28 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-07 23:37 - 2015-06-16 14:28 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-07 22:30 - 2015-02-06 23:28 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-607496446-2550010929-3498398815-1001
2015-08-07 22:23 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-07 22:08 - 2015-06-16 14:28 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-07 22:08 - 2015-06-16 14:28 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-07 19:51 - 2015-06-16 19:25 - 00004432 _____ C:\WINDOWS\System32\Tasks\SaferUpdateTaskSCUD
2015-08-07 19:37 - 2015-06-16 14:30 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-07 13:45 - 2015-04-18 19:44 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-07 13:24 - 2015-04-17 22:04 - 00000000 ___RD C:\Users\Tim Wells\Dropbox
2015-08-07 12:46 - 2015-04-17 21:58 - 00000000 ____D C:\Users\Tim Wells\AppData\Roaming\Dropbox
2015-08-07 11:48 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-07 11:47 - 2015-02-06 20:25 - 00000000 ____D C:\Users\Tim Wells\AppData\Local\Packages
2015-08-07 11:36 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\schemas
2015-08-07 11:35 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-25 20:23 - 2015-04-18 19:32 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-07-25 18:24 - 2015-06-26 21:28 - 00000000 ____D C:\Users\Tim Wells\AppData\Roaming\Free Download Manager
2015-07-25 18:22 - 2015-06-26 16:39 - 00000836 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-07-25 18:22 - 2015-06-26 16:39 - 00000000 ____D C:\Program Files\CCleaner
2015-07-24 21:11 - 2015-06-16 19:06 - 00025600 ___SH C:\Users\Tim Wells\Desktop\Thumbs.db
2015-07-24 21:07 - 2015-04-18 19:03 - 00000000 ____D C:\Users\Tim Wells
2015-07-24 14:00 - 2013-04-26 00:15 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-07-24 12:34 - 2013-08-22 15:44 - 00337808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-07-24 11:22 - 2015-02-20 13:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-14 23:42 - 2015-06-12 12:33 - 00000000 ____D C:\Users\Tim Wells\AppData\Local\WinZip
2015-07-14 23:41 - 2015-04-22 15:06 - 00000000 ____D C:\ProgramData\WinZip
2015-07-13 22:10 - 2014-11-22 06:29 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-07-13 22:10 - 2014-11-22 06:29 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-13 20:19 - 2015-04-17 14:28 - 00000000 ____D C:\Users\Tim Wells\AppData\Roaming\Spotify
2015-07-13 20:19 - 2015-04-17 14:28 - 00000000 ____D C:\Users\Tim Wells\AppData\Local\Spotify
2015-07-13 15:34 - 2015-04-17 15:56 - 00000000 ____D C:\Users\Tim Wells\AppData\Roaming\Azureus
2015-07-12 23:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-07-11 16:37 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-07-11 16:27 - 2015-04-20 18:22 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-07-11 16:27 - 2014-11-22 06:25 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-07-11 16:26 - 2015-04-18 19:32 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-07-10 12:20 - 2015-05-29 18:30 - 00000000 ____D C:\Users\Tim Wells\AppData\Roaming\QuickScan
2015-07-10 11:49 - 2013-08-22 16:36 - 00000000 __RSD C:\WINDOWS\Media
2015-07-10 11:48 - 2015-05-16 12:47 - 00000000 ____D C:\ProgramData\Browser

==================== Files in the root of some directories =======

2015-06-26 16:17 - 2015-06-26 16:17 - 0099384 _____ () C:\Users\Tim Wells\AppData\Roaming\inst.exe
2015-06-26 16:17 - 2015-06-26 16:17 - 0007859 _____ () C:\Users\Tim Wells\AppData\Roaming\pcouffin.cat
2015-06-26 16:17 - 2015-06-26 16:17 - 0001167 _____ () C:\Users\Tim Wells\AppData\Roaming\pcouffin.inf
2015-06-26 16:17 - 2015-06-26 16:17 - 0000055 _____ () C:\Users\Tim Wells\AppData\Roaming\pcouffin.log
2015-06-26 16:17 - 2015-06-26 16:17 - 0082816 _____ (VSO Software) C:\Users\Tim Wells\AppData\Roaming\pcouffin.sys
2015-02-06 20:30 - 2015-08-08 15:19 - 0000074 _____ () C:\Users\Tim Wells\AppData\Roaming\sp_data.sys
2015-06-09 20:31 - 2015-06-12 22:24 - 0001057 _____ () C:\Users\Tim Wells\AppData\Roaming\vso_ts_preview.xml
2015-07-11 17:06 - 2015-07-11 17:06 - 0165482 _____ () C:\Users\Tim Wells\AppData\Local\ars.cache
2015-07-11 17:06 - 2015-07-11 17:06 - 0447679 _____ () C:\Users\Tim Wells\AppData\Local\census.cache
2015-07-11 16:49 - 2015-07-11 16:49 - 0000036 _____ () C:\Users\Tim Wells\AppData\Local\housecall.guid.cache
2015-07-24 16:09 - 2015-07-24 16:09 - 0007605 _____ () C:\Users\Tim Wells\AppData\Local\Resmon.ResmonCfg
2015-07-11 16:59 - 2015-07-11 16:59 - 0000010 _____ () C:\Users\Tim Wells\AppData\Local\sponge.last.runtime.cache
2015-05-20 04:15 - 2015-05-20 04:15 - 0000000 _____ () C:\Users\Tim Wells\AppData\Local\Temp.dat
2015-06-01 00:27 - 2015-06-01 00:27 - 0209249 _____ () C:\ProgramData\1433114645.bdinstall.bin
2015-06-09 09:56 - 2015-06-09 09:56 - 0037670 _____ () C:\ProgramData\1433840189.bdinstall.bin
2015-06-09 09:59 - 2015-06-09 09:59 - 0098710 _____ () C:\ProgramData\1433840195.bdinstall.bin
2015-04-18 18:49 - 2015-04-18 18:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-05-20 07:47 - 2015-05-20 09:39 - 0000112 _____ () C:\ProgramData\o7SQbh6Lx.dat
2013-04-26 00:15 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 00:15 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 00:15 - 2012-09-07 12:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
2015-02-06 23:33 - 2015-02-06 23:36 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2015-02-06 23:32 - 2015-02-06 23:33 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Files to move or delete:
====================
C:\ProgramData\o7SQbh6Lx.dat
C:\ProgramData\SetStretch.VBS

Some files in TEMP:
====================
C:\Users\Tim Wells\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprjciff.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-07 22:15

==================== End of log

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-08-2015 01
Ran by Tim Wells (2015-08-08 17:53:04)
Running from C:\Users\Tim Wells\Downloads\Programs
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-607496446-2550010929-3498398815-500 - Administrator - Disabled)
Guest (S-1-5-21-607496446-2550010929-3498398815-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-607496446-2550010929-3498398815-1004 - Limited - Enabled)
Tim Wells (S-1-5-21-607496446-2550010929-3498398815-1001 - Administrator - Enabled) => C:\Users\Tim Wells

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E101C6C9-15CB-DC31-8D25-60509C9987E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0010 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.4 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dropbox (HKU\S-1-5-21-607496446-2550010929-3498398815-1001\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
ExtremeCopy (HKLM\...\{2F54AF03-8D65-4FE0-8C1B-8D97236FC4AD}) (Version: 2.3.4 - Easersoft)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Peggle (x32 Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safer Updater (x32 Version: 1.1.0.6 - Safer Technologies, Inc.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spotify (HKU\S-1-5-21-607496446-2550010929-3498398815-1001\...\Spotify) (Version: 1.0.5.186.ga9c24d6a - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.0.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (09/17/2013 1.0.0.186) (HKLM\...\D9E691DCEE7D3B9B7C62A7F5C2EAABBB9335DC9A) (Version: 09/17/2013 1.0.0.186 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-607496446-2550010929-3498398815-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-607496446-2550010929-3498398815-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-607496446-2550010929-3498398815-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-607496446-2550010929-3498398815-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-607496446-2550010929-3498398815-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-607496446-2550010929-3498398815-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-607496446-2550010929-3498398815-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-607496446-2550010929-3498398815-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-607496446-2550010929-3498398815-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-607496446-2550010929-3498398815-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-607496446-2550010929-3498398815-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

07-08-2015 17:10:04 Revo Uninstaller's restore point - µTorrent

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0834B7ED-A5AE-4464-9CD1-DC8E8B52C9F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-16] (Google Inc.)
Task: {10398922-29DE-4220-8093-F7B6237EB90B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-06-19] (ASUS)
Task: {1F65B23C-A5E8-41F1-BF3A-BF9B0CBF81ED} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {1FBBF8A9-A731-4156-B1ED-FE782F82467A} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {27460674-F3C6-453A-BBE6-81691D496959} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {30F1243F-1767-4177-93AE-50387597E22B} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {3E141757-85BA-4B75-B39D-F35688BF43EA} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {63A270EC-75DF-4950-ABDA-542DEFE9EA5C} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {65291945-494D-4136-B60F-8EEA32E715E7} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-07-09] (ASUSTek Computer Inc.)
Task: {67A4795B-FCCF-4542-ADCF-69BAC2F75A3F} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-06-03] (ASUSTeK Computer Inc.)
Task: {88BBA801-4BBA-4FFC-BDE5-5C3650E9B291} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-16] (Google Inc.)
Task: {8FC93ECB-882D-4D8D-8863-E5D723A92470} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {9C64DDBF-975B-4243-A57B-DFDB53D857ED} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {9D2AAA14-0E3F-44E2-9B57-D0D7344C6061} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-09-23] (AsusTek)
Task: {A0C03B79-D0A7-4D4F-9777-DB1AE962826B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-06-03] (ASUS)
Task: {A470CF5E-2D76-4AFB-975D-CDCC9CA89913} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-08] (AVAST Software)
Task: {A4797132-77C1-4AC1-818A-76066F420E86} - System32\Tasks\SaferUpdateTaskSCUD => C:\Program Files (x86)\Safer Technologies\Updater\SaferUpdater.exe [2015-05-18] (Safer Technologies, Inc.)
Task: {A501EE02-9C95-48AE-A052-F022C6133474} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-607496446-2550010929-3498398815-1001UA => C:\Users\Tim Wells\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-07] (Dropbox, Inc.)
Task: {A5DA2A61-5480-4FEA-91EE-B11015E877CB} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {B2B3F1A2-7C42-4E88-8941-8C0513499206} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {CC39FA72-B990-4B52-B8FC-33E30ABD8BCE} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {D2A1620B-9FE8-459C-9251-03AC966616E6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-24] (Adobe Systems Incorporated)
Task: {D569FF2B-D8D9-4F33-ACEE-97325E76E4D2} - \NetEngine -> No File <==== ATTENTION
Task: {DA0B72BF-D2D8-4918-B387-E98AB9BDFE15} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-607496446-2550010929-3498398815-1001Core => C:\Users\Tim Wells\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-08-07] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-607496446-2550010929-3498398815-1001Core.job => C:\Users\Tim Wells\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-607496446-2550010929-3498398815-1001UA.job => C:\Users\Tim Wells\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-07-04 21:33 - 2014-07-04 21:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-12-19 07:10 - 2012-12-19 07:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-06-19 21:49 - 2013-06-19 21:49 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2015-08-08 00:33 - 2015-08-08 00:33 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-08 00:33 - 2015-08-08 00:33 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-08-08 00:32 - 2015-08-08 00:32 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080702\algo.dll
2015-08-08 17:25 - 2015-08-08 17:25 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15080800\algo.dll
2015-06-09 10:06 - 2015-06-09 10:06 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-04-29 15:17 - 2013-04-29 15:17 - 00587264 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-607496446-2550010929-3498398815-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tim Wells\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 91.218.114.31 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-607496446-2550010929-3498398815-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-607496446-2550010929-3498398815-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-607496446-2550010929-3498398815-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-607496446-2550010929-3498398815-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-607496446-2550010929-3498398815-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_4ED4B47CB638D65B5F4720B31539717E"
HKU\S-1-5-21-607496446-2550010929-3498398815-1001\...\StartupApproved\Run: => "SaferBrowserIsDefault"
HKU\S-1-5-21-607496446-2550010929-3498398815-1001\...\StartupApproved\Run: => "Temp"
HKU\S-1-5-21-607496446-2550010929-3498398815-1001\...\StartupApproved\Run: => "Dropbox Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F592F072-F49C-4F86-8A2D-13103E2FF7AE}] => (Allow) C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B54DC6F5-7BEB-4749-AC9D-6292227ED049}] => (Allow) C:\Users\Tim Wells\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{97B28DD6-3D3A-4944-BF0F-674445B551EA}C:\users\tim wells\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tim wells\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{FE05A604-8C40-4AC3-8EF1-0151A2694D1F}C:\users\tim wells\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tim wells\appdata\roaming\spotify\spotify.exe
FirewallRules: [{08DF9207-336B-4D4F-B1FD-122BC45D324B}] => (Allow) LPort=1900
FirewallRules: [{CACDB418-5466-44CB-97EB-234638B11E8D}] => (Allow) LPort=2869
FirewallRules: [{8F742722-EB63-4B60-8280-435B83C49A8F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{4E24416D-0518-4448-A0D8-7F2220D1C9BB}C:\users\tim wells\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tim wells\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7681A479-AB24-4529-BF40-FF27809661FF}C:\users\tim wells\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tim wells\appdata\roaming\spotify\spotify.exe
FirewallRules: [{878561A4-3ED0-4E2B-866D-BFFACC25250A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2015 02:47:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Autoruns.exe, version: 13.40.0.0, time stamp: 0x556228a1
Faulting module name: Autoruns.exe, version: 13.40.0.0, time stamp: 0x556228a1
Exception code: 0xc0000005
Fault offset: 0x000152f4
Faulting process ID: 0xe8
Faulting application start time: 0xAutoruns.exe0
Faulting application path: Autoruns.exe1
Faulting module path: Autoruns.exe2
Report ID: Autoruns.exe3
Faulting package full name: Autoruns.exe4
Faulting package-relative application ID: Autoruns.exe5

Error: (08/08/2015 02:45:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Autoruns.exe, version: 13.40.0.0, time stamp: 0x556228a1
Faulting module name: Autoruns.exe, version: 13.40.0.0, time stamp: 0x556228a1
Exception code: 0xc0000005
Fault offset: 0x000152f4
Faulting process ID: 0x9bc
Faulting application start time: 0xAutoruns.exe0
Faulting application path: Autoruns.exe1
Faulting module path: Autoruns.exe2
Report ID: Autoruns.exe3
Faulting package full name: Autoruns.exe4
Faulting package-relative application ID: Autoruns.exe5

Error: (08/08/2015 02:18:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Autoruns.exe version 13.40.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ec4

Start Time: 01d0d16b8f49672d

Termination Time: 93

Application Path: C:\Users\Tim Wells\AppData\Local\Temp\wz19c9\Autoruns.exe

Report Id: 5ca32efd-3d6b-11e5-becc-bcee7bb88a70

Faulting package full name:

Faulting package-relative application ID:

Error: (08/07/2015 09:43:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a74

Start Time: 01d0d13c071b3eb0

Termination Time: 239

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: e7865849-3d44-11e5-beca-bcee7bb88a70

Faulting package full name:

Faulting package-relative application ID:

Error: (07/26/2015 08:46:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1110

Start Time: 01d0c7d7a29c320b

Termination Time: 390

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: f3832aba-33ce-11e5-bec7-bcee7bb88a70

Faulting package full name:

Faulting package-relative application ID:

Error: (07/26/2015 05:54:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/25/2015 08:55:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2b8

Start Time: 01d0c70ef2fc48df

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: ad7351c6-3306-11e5-bec4-bcee7bb88a70

Faulting package full name:

Faulting package-relative application ID:

Error: (07/25/2015 08:54:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ffc

Start Time: 01d0c71370caa61e

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: e4ff4540-3306-11e5-bec4-bcee7bb88a70

Faulting package full name:

Faulting package-relative application ID:

Error: (07/25/2015 08:44:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: cd0

Start Time: 01d0c70f721a084c

Termination Time: 296

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 7a828f8c-3305-11e5-bec4-bcee7bb88a70

Faulting package full name:

Faulting package-relative application ID:

Error: (07/25/2015 06:26:09 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

System errors:
=============
Error: (08/08/2015 05:38:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/08/2015 03:12:26 PM) (Source: DCOM) (EventID: 10010) (User: TimsPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (08/08/2015 02:25:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/08/2015 02:20:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (08/07/2015 10:16:25 PM) (Source: DCOM) (EventID: 10010) (User: TimsPC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/07/2015 10:15:55 PM) (Source: DCOM) (EventID: 10010) (User: TimsPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/27/2015 12:46:14 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/24/2015 01:21:50 PM) (Source: DCOM) (EventID: 10010) (User: TimsPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/24/2015 01:21:20 PM) (Source: DCOM) (EventID: 10010) (User: TimsPC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/24/2015 10:43:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Microsoft Office:
=========================
Error: (08/08/2015 02:47:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Autoruns.exe13.40.0.0556228a1Autoruns.exe13.40.0.0556228a1c0000005000152f4e801d0d1e0a853a675C:\Users\Tim Wells\AppData\Local\Temp\wz3f46\Autoruns.exeC:\Users\Tim Wells\AppData\Local\Temp\wz3f46\Autoruns.exefd494021-3dd3-11e5-becd-bcee7bb88a70

Error: (08/08/2015 02:45:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Autoruns.exe13.40.0.0556228a1Autoruns.exe13.40.0.0556228a1c0000005000152f49bc01d0d1df62cfce8bC:\Users\Tim Wells\AppData\Local\Temp\wzc692\Autoruns.exeC:\Users\Tim Wells\AppData\Local\Temp\wzc692\Autoruns.exeb37592fa-3dd3-11e5-becd-bcee7bb88a70

Error: (08/08/2015 02:18:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Autoruns.exe13.40.0.0ec401d0d16b8f49672d93C:\Users\Tim Wells\AppData\Local\Temp\wz19c9\Autoruns.exe5ca32efd-3d6b-11e5-becc-bcee7bb88a70

Error: (08/07/2015 09:43:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17840a7401d0d13c071b3eb0239C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEe7865849-3d44-11e5-beca-bcee7bb88a70

Error: (07/26/2015 08:46:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17840111001d0c7d7a29c320b390C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEf3832aba-33ce-11e5-bec7-bcee7bb88a70

Error: (07/26/2015 05:54:00 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (07/25/2015 08:55:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.176672b801d0c70ef2fc48df0C:\WINDOWS\Explorer.EXEad7351c6-3306-11e5-bec4-bcee7bb88a70

Error: (07/25/2015 08:54:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.3.9600.17667ffc01d0c71370caa61e0C:\Windows\explorer.exee4ff4540-3306-11e5-bec4-bcee7bb88a70

Error: (07/25/2015 08:44:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17840cd001d0c70f721a084c296C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE7a828f8c-3305-11e5-bec4-bcee7bb88a70

Error: (07/25/2015 06:26:09 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

==================== Memory info ===========================

Processor: AMD A4-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 39%
Total physical RAM: 3524.5 MB
Available physical RAM: 2143.68 MB
Total Virtual: 7108.5 MB
Available Virtual: 5530.98 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.86 GB) (Free:129.03 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:257.91 GB) NTFS
Drive e: (TIMS 32G) (Removable) (Total:29.57 GB) (Free:11.72 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0FE4DC0A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log

 

I followed the instructions I hope you have all you need and thank you in advance for looking at this and helping me out im a pretty low level experience pc user and don't understand all the pc jargon.

 

Thank you Tim



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:57 PM

Posted 08 August 2015 - 12:42 PM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open your Notepad. Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-18\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-607496446-2550010929-3498398815-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gfe_rd=cr&ei=Tmt7VZjvHvOq8wec_oHoDA&gws_rd=ssl
CHR Extension: (Avast SafePrice) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-06-16]
CHR Extension: (Avast Online Security) - C:\Users\Tim Wells\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-06-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-09]
Task: {1FBBF8A9-A731-4156-B1ED-FE782F82467A} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {A5DA2A61-5480-4FEA-91EE-B11015E877CB} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {B2B3F1A2-7C42-4E88-8941-8C0513499206} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {D569FF2B-D8D9-4F33-ACEE-97325E76E4D2} - \NetEngine -> No File <==== ATTENTION

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

I take it that NO malware was found at VirusTotal.

How is the computer running now?

#6 timipz

timipz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 08 August 2015 - 12:58 PM

Let me get this right,,copy the above txt into a notepad then save that into the folder that has the 2 logs and the FRST64  in it?

I cant find which 3rd line has a location am I looking at the wrong log...sorry im confusing myself I will find it..it might just take me a little while...sorry



#7 timipz

timipz
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:57 AM

Posted 08 August 2015 - 01:12 PM

When I try to save the copied txt it only gives me the option to save it as a txt file not fixlist txt..im going wrong somewhere



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:57 PM

Posted 09 August 2015 - 07:01 AM

Download the Fixlist.txt file I have attached.

Place it in the same folder as the FRST tool and run the fix option.

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:57 PM

Posted 15 August 2015 - 08:40 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users