Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016 Ran by Caroline (administrator) on CLARKIE (17-04-2016 22:21:35) Running from C:\Users\Caroline\Desktop Loaded Profiles: Caroline (Available Profiles: Caroline) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files\BitTorrent\BitTorrent.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe () C:\ProgramData\sulpnar\sulpnar.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe Failed to access process -> Wacom_TouchUser.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\WerFault.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Spotify Ltd) C:\Users\Caroline\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe () C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe () C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40791.0_x64__8wekyb3d8bbwe\HxTsr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-20] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated) HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3928264 2015-05-27] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-08-07] (cyberlink) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [152896 2012-06-25] (Intel Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] () HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Caroline\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\Run: [Spotify Web Helper] => C:\Users\Caroline\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-07] (Spotify Ltd) HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\Run: [GoogleChromeAutoLaunch_5052852F0B4629A281C1BF6F1469CA88] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.) HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\Run: [Spybot-S&D Cleaning] => "E:\SpybotPortable\App\Spybot\SDCleaner.exe" /autoclean HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\RunOnce: [Uninstall C:\Users\Caroline\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Caroline\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" HKU\S-1-5-21-219877153-197691950-3609309316-1001\...\RunOnce: [Uninstall C:\Users\Caroline\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Caroline\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64" AppInit_DLLs: C:\ProgramData\sulpnar\Greendax.dll => C:\ProgramData\sulpnar\Greendax.dll [361984 2016-04-17] () AppInit_DLLs-x32: C:\ProgramData\sulpnar\Faxex.dll => C:\ProgramData\sulpnar\Faxex.dll [257536 2016-04-17] () ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] () ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2012-02-07] (Autodesk, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2015 Fast Start.lnk [2016-03-10] ShortcutTarget: SOLIDWORKS 2015 Fast Start.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS Background Downloader.lnk [2015-12-06] ShortcutTarget: SOLIDWORKS Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.) GroupPolicy: Restriction - Chrome <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{2600d5c3-6654-4e17-b209-5a1ff7b0cfa3}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{9c052ac2-8b95-4e54-8320-44ef1126e19f}: [DhcpNameServer] 127.0.0.1 Internet Explorer: ================== HKU\S-1-5-21-219877153-197691950-3609309316-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?pc=UE01&ocid=UE01DHP SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKU\S-1-5-21-219877153-197691950-3609309316-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKU\S-1-5-21-219877153-197691950-3609309316-1001 -> {D0341D0F-AC4B-4531-9F35-CB744F211C59} URL = hxxp://rover.ebay.com/rover/1/710-42480-16445-33/4?mpre=hxxp://shop.ebay.co.uk/?oemInLn=ieSrch-Q312&_nkw={searchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-27] (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-13] (Qualcomm Atheros Commnucations) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-27] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-27] (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-27] (Oracle Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2014-06-27] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-27] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll [2014-09-18] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-08-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-08-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\SysWOW64\npDeployJava1.dll [2014-06-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.0 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-27] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-12] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom) FF Plugin HKU\S-1-5-21-219877153-197691950-3609309316-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-08-14] () Chrome: ======= CHR DefaultSearchURL: Default -> hxxp://feed.wiki-search.me/?st=ds&query={searchTerms} CHR DefaultSearchKeyword: Default -> Wiki Search.me CHR Profile: C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Chrome Web Store Payments) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.) R2 BitTorrent; C:\Program Files\BitTorrent\BitTorrent.exe [383488 2016-04-14] () [File not signed] S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [243728 2012-06-29] (CyberLink) R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] () R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-08-06] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-08-06] (Intel Corporation) S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.) R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-10] (DotC United Inc) S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation) S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-20] (Electronic Arts) R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation) R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [238848 2015-11-10] (Mentor Graphics Corporation) S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-11-17] (SolidWorks) [File not signed] R2 sulpnar; C:\ProgramData\\sulpnar\\sulpnar.exe [693248 2016-04-15] () [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] () S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2012-08-08] (Sony Corporation) R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-07-31] (Sony Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.) R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-12-21] (Wacom Technology, Corp.) R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-13] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices) R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2016-04-10] () R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation) R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2014-12-08] (CSR plc.) R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-10] (DotC United Inc) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [29352 2016-01-10] () S3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2015-08-13] () R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated) R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-11] (Sony Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-17 22:18 - 2016-04-17 22:18 - 00001798 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk 2016-04-17 22:18 - 2016-04-17 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC 2016-04-17 22:17 - 2016-04-17 22:17 - 00001074 _____ C:\Users\Public\Desktop\Get Random Viral.lnk 2016-04-17 22:17 - 2016-04-17 22:17 - 00001074 _____ C:\Users\Caroline\Desktop\Get Random Viral.lnk 2016-04-17 22:17 - 2016-04-17 22:17 - 00001050 _____ C:\Users\Public\Desktop\Google Search.lnk 2016-04-17 22:17 - 2016-04-17 22:17 - 00001050 _____ C:\Users\Caroline\Desktop\Google Search.lnk 2016-04-17 22:10 - 2016-04-17 22:13 - 00000000 ____D C:\AdwCleaner 2016-04-17 22:10 - 2016-04-17 22:10 - 03683904 _____ C:\Users\Caroline\Desktop\AdwCleaner.exe 2016-04-17 21:54 - 2016-04-17 22:08 - 00077315 _____ C:\Users\Caroline\Desktop\Fixlog.txt 2016-04-17 21:53 - 2016-04-17 21:48 - 00033154 _____ C:\Users\Caroline\Desktop\fixlist.txt 2016-04-15 19:16 - 2016-04-17 22:20 - 00000000 ____D C:\ProgramData\sulpnar 2016-04-15 19:16 - 2016-04-17 22:17 - 00001074 _____ C:\Users\Default\Desktop\Get Random Viral.lnk 2016-04-15 19:16 - 2016-04-17 22:17 - 00001074 _____ C:\Users\Default User\Desktop\Get Random Viral.lnk 2016-04-15 19:16 - 2016-04-17 22:17 - 00001050 _____ C:\Users\Default\Desktop\Google Search.lnk 2016-04-15 19:16 - 2016-04-17 22:17 - 00001050 _____ C:\Users\Default User\Desktop\Google Search.lnk 2016-04-14 22:14 - 2016-04-14 22:14 - 00003440 _____ C:\WINDOWS\System32\Tasks\wtmw2osb 2016-04-14 22:14 - 2016-04-14 22:14 - 00000000 ____D C:\Program Files\Common Files\atbtcesy 2016-04-14 21:52 - 2016-04-17 21:54 - 00000000 ____D C:\Users\Caroline\AppData\Local\bvyvavay 2016-04-14 21:52 - 2016-04-14 21:52 - 00003524 _____ C:\WINDOWS\System32\Tasks\bvyvavay 2016-04-14 21:11 - 2016-04-14 21:14 - 00069807 _____ C:\Users\Caroline\Desktop\Addition.txt 2016-04-14 21:09 - 2016-04-14 21:09 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\Mozilla 2016-04-14 21:08 - 2016-04-15 19:16 - 00000000 ____D C:\Program Files\BitTorrent 2016-04-14 21:07 - 2016-04-17 22:21 - 00023278 _____ C:\Users\Caroline\Desktop\FRST.txt 2016-04-14 21:07 - 2016-04-17 22:21 - 00000000 ____D C:\FRST 2016-04-14 21:07 - 2016-04-14 21:07 - 02375168 _____ (Farbar) C:\Users\Caroline\Desktop\FRST64.exe 2016-04-14 21:03 - 2016-04-14 21:03 - 00201532 _____ C:\WINDOWS\Minidump\041416-43531-01.dmp 2016-04-14 20:52 - 2016-04-14 20:52 - 00000000 ___HD C:\OneDriveTemp 2016-04-13 21:54 - 2016-04-13 21:55 - 00031818 _____ C:\WINDOWS\wininit.ini 2016-04-11 10:17 - 2016-04-11 10:18 - 00002153 _____ C:\Users\Caroline\Desktop\Hotmail.lnk 2016-04-10 13:40 - 2016-04-10 13:40 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-04-10 13:39 - 2016-04-10 14:48 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner 2016-04-10 13:39 - 2016-04-10 13:39 - 00060136 ____N (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys 2016-04-10 13:38 - 2016-04-10 13:39 - 00000000 ____D C:\Users\Public\Documents\dmp 2016-04-10 13:38 - 2016-04-10 13:38 - 00034720 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys 2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\Users\Caroline\AppData\Local\Tempfolder 2016-04-10 13:38 - 2016-04-10 13:38 - 00000000 ____D C:\uninst 2016-04-10 13:24 - 2016-04-10 13:21 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak 2016-04-10 13:19 - 2016-04-10 13:19 - 04282368 _____ C:\Users\Caroline\Downloads\Based_On_A_True_Story_Fat.iso 2016-04-10 01:40 - 2016-04-10 13:38 - 00065856 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys 2016-04-01 16:35 - 2016-04-01 16:35 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-04-01 16:35 - 2016-04-01 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-04-01 16:34 - 2016-04-01 16:35 - 00000000 ____D C:\Program Files\iTunes 2016-04-01 16:34 - 2016-04-01 16:34 - 00000000 ____D C:\Program Files\iPod 2016-04-01 16:34 - 2016-04-01 16:34 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-04-01 16:32 - 2016-04-01 16:32 - 00000000 ____D C:\Program Files\Bonjour 2016-04-01 16:32 - 2016-04-01 16:32 - 00000000 ____D C:\Program Files (x86)\Bonjour 2016-04-01 16:31 - 2016-04-01 16:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple 2016-04-01 16:31 - 2016-04-01 16:31 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2016-03-20 10:17 - 2016-03-20 10:19 - 00279476 _____ C:\WINDOWS\Minidump\032016-34953-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-04-17 22:19 - 2014-08-20 23:06 - 00000000 __RDO C:\Users\Caroline\OneDrive 2016-04-17 22:19 - 2014-06-30 17:48 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-04-17 22:17 - 2015-09-13 17:28 - 00146648 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_9EC60124.sys 2016-04-17 22:16 - 2015-12-16 21:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-04-17 22:16 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-04-17 22:14 - 2014-06-30 17:48 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-04-17 22:11 - 2014-06-27 14:23 - 00000000 ____D C:\ProgramData\MOCP 2016-04-17 22:08 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2016-04-17 22:08 - 2015-09-13 17:34 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-04-17 22:07 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-04-17 22:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-04-17 22:03 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-04-17 21:58 - 2014-07-11 16:17 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-04-17 21:58 - 2014-07-11 16:17 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-04-17 21:58 - 2014-06-30 17:50 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-04-17 21:56 - 2014-08-20 10:22 - 00000000 ____D C:\Users\Caroline\AppData\Local\Adobe 2016-04-17 21:55 - 2015-04-15 18:09 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A3876C08-2ECA-427D-AA61-AEFBBADEEC43} 2016-04-14 21:48 - 2014-06-30 17:40 - 00000000 ____D C:\Users\Caroline\AppData\Local\Packages 2016-04-14 21:04 - 2015-12-16 21:15 - 00000000 ____D C:\Users\Caroline 2016-04-14 21:03 - 2016-03-09 21:44 - 00000000 ____D C:\WINDOWS\Minidump 2016-04-14 21:03 - 2014-11-26 15:50 - 822560255 _____ C:\WINDOWS\MEMORY.DMP 2016-04-14 20:54 - 2012-07-26 06:26 - 00000226 _____ C:\WINDOWS\win.ini 2016-04-10 17:33 - 2015-09-13 18:01 - 00000000 ____D C:\Users\Caroline\AppData\Local\MicrosoftEdge 2016-04-10 17:29 - 2015-04-14 17:51 - 00000000 ____D C:\Users\Caroline\AppData\Local\ElevatedDiagnostics 2016-04-10 13:56 - 2014-06-30 17:42 - 00000000 ____D C:\WINDOWS\pss 2016-04-10 13:40 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2016-04-10 13:40 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-04-10 13:24 - 2014-11-19 15:27 - 00000000 ____D C:\Users\Caroline\AppData\Local\cache 2016-04-10 13:22 - 2015-08-01 00:03 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-04-10 13:08 - 2014-08-23 19:06 - 00000000 ____D C:\Users\Caroline\AppData\Roaming\uTorrent 2016-04-09 13:13 - 2016-03-11 01:27 - 00003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForCaroline 2016-04-09 13:13 - 2016-03-11 01:27 - 00000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForCaroline.job 2016-04-04 18:56 - 2015-09-13 17:49 - 00000000 ____D C:\Users\Caroline\AppData\Local\Comms 2016-04-02 16:59 - 2015-08-01 16:48 - 00000132 _____ C:\Users\Caroline\AppData\Roaming\Adobe PNG Format CS6 Prefs 2016-04-01 16:34 - 2014-07-31 23:36 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-04-01 16:31 - 2014-07-31 23:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-03-23 18:10 - 2014-11-19 16:35 - 00000000 ____D C:\Users\Caroline\AppData\Local\TempSWBackupDirectory 2016-03-19 15:56 - 2015-12-16 21:03 - 05065952 _____ C:\WINDOWS\system32\FNTCACHE.DAT ==================== Files in the root of some directories ======= 2015-08-01 16:48 - 2016-04-02 16:59 - 0000132 _____ () C:\Users\Caroline\AppData\Roaming\Adobe PNG Format CS6 Prefs 2014-08-21 11:48 - 2014-10-04 14:48 - 0000034 _____ () C:\Users\Caroline\AppData\Roaming\AdobeWLCMCache.dat 2014-11-19 15:21 - 2014-11-19 15:21 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some files in TEMP: ==================== C:\Users\Caroline\AppData\Local\Temp\libeay32.dll C:\Users\Caroline\AppData\Local\Temp\msvcr120.dll C:\Users\Caroline\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-04 20:00 ==================== End of FRST.txt ============================