This topic is locked
I cleaned my machine of several malware infections with your methods and it seems they are all gone but the machine is very slow on and off.
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Mike Howell (2016-01-08 07:27:08)
Running from C:\Users\Mike Howell\Desktop
Windows 8.1 Pro with Media Center (X64) (2014-02-17 18:45:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-815769884-4045366474-2365471170-500 - Administrator - Disabled)
Caloffice (S-1-5-21-815769884-4045366474-2365471170-1001 - Administrator - Enabled) => C:\Users\Caloffice
Guest (S-1-5-21-815769884-4045366474-2365471170-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-815769884-4045366474-2365471170-1003 - Limited - Enabled)
Mike Howell (S-1-5-21-815769884-4045366474-2365471170-1004 - Administrator - Enabled) => C:\Users\Mike Howell
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: "Endpoint Antivirus" (Enabled - Up to date) {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
AS: "Endpoint Antivirus" (Enabled - Up to date) {ECD425A9-8C8F-D447-4EAB-6F599E267857}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AlphaCom (HKLM-x32\...\AlphaCom) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Endpoint Antivirus 64b (HKLM\...\{62E0EDA5-EC2F-481D-8A3E-CF79A925B3B4}) (Version: 5.0.2 - Total Defense)
Endpoint Security (HKLM-x32\...\{6D3687A4-4F95-4144-9B81-6FE6DA532013}) (Version: 5.0.8.0202 - Cloud Security Team)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.253 - SurfRight B.V.)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{988D55BB-08DE-43C9-8D16-3751361E2A79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
LogMeIn (HKLM-x32\...\{F8511796-1457-4A92-BEF7-71080FCF297A}) (Version: 4.1.4132 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 365 Small Business Premium - en-us (HKLM\...\O365SmallBusPremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Office 365 Support and Recovery Assistant (HKU\S-1-5-21-815769884-4045366474-2365471170-1004\...\4415f693b586d348) (Version: 16.0.847.11 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Passport Software 12.X Thin Client (HKLM-x32\...\PBS-12.X-ThinClient) (Version: - )
PST Walker 5.38 (HKLM-x32\...\PST Walker_is1) (Version: - PST Walker Software)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Window Web Access (HKLM-x32\...\Window Web Access) (Version: 1.41 - Grayscale LLC)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-815769884-4045366474-2365471170-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02FE3CC3-187E-49E9-8FED-73260D03536B} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
Task: {05C4E563-F738-4C5B-9D60-11495B6AA56A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN366B5GMC => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {0DC76852-BEE9-402A-8061-BF237CFF616C} - System32\Tasks\MyDailyBackup => C:\Windows\system32\winupd.exe <==== ATTENTION
Task: {148A4E21-E018-4907-B4E3-4BFFD8626229} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {36958D60-AF31-496D-813A-F6A7AE985B2B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {3968B5B5-D6F3-42D5-9A3D-684555C06977} - System32\Tasks\GoogleUp => C:\Windows\system32\hsysinfo.exe
Task: {6AE9664F-0B98-4A0C-B9B2-0397FB5E0E57} - System32\Tasks\import => C:\Windows\system32\Mint.exe
Task: {6B0A711F-395E-4478-82D3-75BE4EE89909} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {6E495B3D-3E8E-4BB9-8E22-E2944085CD45} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {704D72EA-81E5-4210-8A7E-2FA540F49BDE} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7AE04947-24C4-4EA3-90FA-9E2B4D21AF0B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-14] (Microsoft Corporation)
Task: {830FD91B-4D69-43EF-ACD7-7F60E8D689B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {8553BD83-5B7C-4056-9F51-286603327726} - System32\Tasks\Googleuptodate => C:\Windows\system32\Wimboldon.exe
Task: {9478F4EE-3E37-4A51-A0BF-4FB4BEC798F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {9AD9D894-6DA6-437C-A71F-39A997B754BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A3A56F32-AE86-4D5E-B57C-75D2ACDDB8D1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {BA1A16DF-A353-4AD7-B80E-D3B1410816C5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {BA3B3C28-3D73-427B-8867-2D3F5288DA0B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BBD42757-46FF-4E8C-BABA-101F9BDD4B4B} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-04] (CyberLink)
Task: {CC2840BB-2E7A-49B4-9CB5-817021BCCB56} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN527464H3 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {E41C34FD-24E9-4A31-B222-D624AA0C1B0F} - \impo -> No File <==== ATTENTION
Task: {E6737F98-F68F-4E83-A95C-10EEE7FBBDC0} - System32\Tasks\win => C:\Windows\system32\win.exe
Task: {E8CC2AAF-5AC5-4344-AD27-75D87CACBC92} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {F6F406BD-6536-4DC5-BF41-2DE029DAB83C} - \ReimageUpdater -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-08-05 17:15 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-08-05 17:19 - 2015-09-01 08:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-08-12 22:23 - 2011-08-12 22:23 - 00118784 _____ () C:\Program Files (x86)\OmniCom\AlphaCom\lpd.exe
2013-11-08 13:00 - 2013-08-12 01:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-11-08 13:03 - 2013-08-04 23:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-08-05 17:15 - 2015-08-05 17:15 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-08-05 17:17 - 2015-09-01 04:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll
2015-11-24 10:26 - 2015-12-14 14:21 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2015-08-05 17:17 - 2015-09-01 04:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-12-06 01:42 - 2015-12-06 01:42 - 53432832 _____ () C:\Program Files (x86)\WinWebUse\libcef.dll
2015-01-14 02:55 - 2015-01-14 02:55 - 00386560 _____ () C:\Program Files (x86)\WinWebUse\log4cplusU.dll
2015-12-06 01:42 - 2015-12-06 01:42 - 01976832 _____ () C:\Program Files (x86)\WinWebUse\libglesv2.dll
2015-12-06 01:42 - 2015-12-06 01:42 - 00075264 _____ () C:\Program Files (x86)\WinWebUse\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-815769884-4045366474-2365471170-1004\...\sharepoint.com -> hxxps://controlswitchesinc.sharepoint.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2015-12-10 14:08 - 00000862 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-815769884-4045366474-2365471170-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
HKU\S-1-5-21-815769884-4045366474-2365471170-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike Howell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 192.168.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7CF44B8B-BAA9-4004-BF55-3C34D10D8815}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7DDB96CD-7983-43EE-AC9B-E12659C05E38}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{BAE8B6F5-B63A-4464-9F14-63697A26F2D6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{292855D7-D6BB-4F72-B508-DD4BA8620127}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{703ABC63-DD7D-405F-A06E-D8DC24B28496}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{45A8E48D-9561-42A0-B36F-2FA49C85B8C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{839F2F33-C45C-43CD-B37A-854F3D28706F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E684DB5E-5C19-489E-9CDD-CE1427BDE3EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C021F997-E6A7-4ADA-B32A-EAB0AB10C544}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8A3B13A5-8688-4821-A2B7-4A54A8E88183}] => (Allow) C:\Program Files (x86)\CloudClient\isfacs.exe
FirewallRules: [{7B3D31CA-DDB6-4D47-9C4C-11DFAE9BD45A}] => (Allow) C:\Program Files (x86)\CloudClient\isfacs.exe
FirewallRules: [{6FE123B9-7902-4E36-9FF9-29713167528B}] => (Allow) C:\Program Files (x86)\CloudClient\isfacs.exe
FirewallRules: [{25DE7E37-05A9-4D5D-B24C-5B3FB7277A17}] => (Allow) C:\Program Files (x86)\CloudClient\isfacs.exe
FirewallRules: [TCP Query User{F8D52464-AF84-49EC-BE5D-1D2939CF6745}C:\program files (x86)\omnicom\alphacom\lpd.exe] => (Allow) C:\program files (x86)\omnicom\alphacom\lpd.exe
FirewallRules: [UDP Query User{6F27A041-42FD-4FA1-ACDB-1CF9FC1161AD}C:\program files (x86)\omnicom\alphacom\lpd.exe] => (Allow) C:\program files (x86)\omnicom\alphacom\lpd.exe
FirewallRules: [{D4C3830F-8B4C-4776-AE38-F5BDA0D16FD7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{98011763-36C6-403B-842C-3EAFCA69D6FE}C:\program files (x86)\omnicom\alphacom\lpd.exe] => (Allow) C:\program files (x86)\omnicom\alphacom\lpd.exe
FirewallRules: [UDP Query User{D7B4B9CC-A94A-4205-BF91-D926E63A45E4}C:\program files (x86)\omnicom\alphacom\lpd.exe] => (Allow) C:\program files (x86)\omnicom\alphacom\lpd.exe
FirewallRules: [TCP Query User{528FA8DF-F68E-46A6-987A-E682F576F930}C:\users\mike howell\appdata\local\temp\7zs313c\enterprisedu.exe] => (Allow) C:\users\mike howell\appdata\local\temp\7zs313c\enterprisedu.exe
FirewallRules: [UDP Query User{324573B0-1B29-4902-8D48-4C40DBC00E7E}C:\users\mike howell\appdata\local\temp\7zs313c\enterprisedu.exe] => (Allow) C:\users\mike howell\appdata\local\temp\7zs313c\enterprisedu.exe
FirewallRules: [{E396751B-0F50-4C74-B5A0-1F0B2EF7F45A}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS34E8\HPDiagnosticCoreUI.exe
FirewallRules: [{C1E0A9E4-7901-4D8F-A2FC-4F6C1FB8AC26}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS34E8\HPDiagnosticCoreUI.exe
FirewallRules: [{D0443B02-C0A8-4830-A857-E95A283FB067}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS38F0\HPDiagnosticCoreUI.exe
FirewallRules: [{120DFDAF-2533-433F-9D1E-C9724E1B98EF}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS38F0\HPDiagnosticCoreUI.exe
FirewallRules: [{7927271C-1977-44D4-B0B4-42F2FBB40E4C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{68446980-8E60-4CF7-BF8C-BED8CAE8ABBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4224207A-43B9-4247-8515-7813C4E79F27}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BA980717-6129-4E9C-9B07-FC6BEAE71AD7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{59B1201C-8825-45A4-AE37-E669BE19EADF}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS0BAA\HPDiagnosticCoreUI.exe
FirewallRules: [{61E803CD-BDDA-4A93-90F3-99F33D035FC3}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS0BAA\HPDiagnosticCoreUI.exe
FirewallRules: [{416C530A-C692-4188-8873-F90A6E1F4BAA}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS2013\HPDiagnosticCoreUI.exe
FirewallRules: [{23D264EE-953F-4BD9-AF11-F2254B97044B}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS2013\HPDiagnosticCoreUI.exe
FirewallRules: [{2D848790-3099-49EB-9068-527563DBB682}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS22D4\HPDiagnosticCoreUI.exe
FirewallRules: [{F9B137AC-F0D1-4010-B239-8A691B164A51}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS22D4\HPDiagnosticCoreUI.exe
FirewallRules: [{8CA1A6FB-A83D-4DDC-B1FE-FC0DA09ADF7A}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{8CBC43FA-F259-4024-B42F-44DAC845B7FA}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{08E6F859-622C-49D7-A4B1-9F2494C87346}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{6BA521A0-8ABA-4FBD-B356-00A2FFB5DD64}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{3CDA4E9A-38DD-4484-A69F-30EFA3A09884}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{37E4C96F-1B6C-4F2D-BB0D-E7FC39EF9B06}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{684CF0AC-3B33-4120-9A20-7F2B1A3BC847}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數
FirewallRules: [{9D38006A-EA04-4C44-9A4B-DC7703F19D1C}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳硥e
==================== Restore Points =========================
22-12-2015 07:13:11 Windows Update
30-12-2015 02:43:13 Windows Update
06-01-2016 13:38:33 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/08/2016 07:29:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x18c4
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 07:22:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x129c
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 07:18:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1648
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 07:17:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1134
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 07:17:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1cf4
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 07:10:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1670
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 07:04:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x11a0
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 06:58:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1d08
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 06:52:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x136c
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 06:52:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x16e4
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
System errors:
=============
Error: (01/08/2016 05:35:49 AM) (Source: DCOM) (EventID: 10010) (User: CS-08)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (01/08/2016 05:35:19 AM) (Source: DCOM) (EventID: 10010) (User: CS-08)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (01/07/2016 09:15:09 PM) (Source: DCOM) (EventID: 10010) (User: CS-08)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (01/07/2016 11:09:43 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (01/07/2016 11:09:43 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (01/06/2016 05:23:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 2 time(s).
Error: (01/06/2016 05:01:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (01/06/2016 05:01:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (01/06/2016 02:48:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (01/06/2016 02:48:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
CodeIntegrity:
===================================
Date: 2015-12-10 14:30:09.440
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:29:45.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:29:45.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:29:45.297
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:28:50.371
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:28:50.269
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:27:26.121
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:26:43.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:26:43.753
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:26:26.584
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core™ i5-4430 CPU @ 3.00GHz
Percentage of memory in use: 67%
Total physical RAM: 8097.27 MB
Available physical RAM: 2597.59 MB
Total Virtual: 17929.69 MB
Available Virtual: 10222.75 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:914.92 GB) (Free:849.56 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.11 GB) (Free:1.83 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E0708284)
Partition: GPT.
==================== End of Addition.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Mike Howell (2016-01-08 07:27:08)
Running from C:\Users\Mike Howell\Desktop
Windows 8.1 Pro with Media Center (X64) (2014-02-17 18:45:27)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-815769884-4045366474-2365471170-500 - Administrator - Disabled)
Caloffice (S-1-5-21-815769884-4045366474-2365471170-1001 - Administrator - Enabled) => C:\Users\Caloffice
Guest (S-1-5-21-815769884-4045366474-2365471170-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-815769884-4045366474-2365471170-1003 - Limited - Enabled)
Mike Howell (S-1-5-21-815769884-4045366474-2365471170-1004 - Administrator - Enabled) => C:\Users\Mike Howell
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: "Endpoint Antivirus" (Enabled - Up to date) {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
AS: "Endpoint Antivirus" (Enabled - Up to date) {ECD425A9-8C8F-D447-4EAB-6F599E267857}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
AlphaCom (HKLM-x32\...\AlphaCom) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3103 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4323 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3215 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3215 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Endpoint Antivirus 64b (HKLM\...\{62E0EDA5-EC2F-481D-8A3E-CF79A925B3B4}) (Version: 5.0.2 - Total Defense)
Endpoint Security (HKLM-x32\...\{6D3687A4-4F95-4144-9B81-6FE6DA532013}) (Version: 5.0.8.0202 - Cloud Security Team)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.12.253 - SurfRight B.V.)
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{988D55BB-08DE-43C9-8D16-3751361E2A79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inst5675 (Version: 8.00.51 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.51 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4029 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 4.2.1909 - KYOCERA Document Solutions Inc.)
LogMeIn (HKLM-x32\...\{F8511796-1457-4A92-BEF7-71080FCF297A}) (Version: 4.1.4132 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 365 Small Business Premium - en-us (HKLM\...\O365SmallBusPremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Office 365 Support and Recovery Assistant (HKU\S-1-5-21-815769884-4045366474-2365471170-1004\...\4415f693b586d348) (Version: 16.0.847.11 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Passport Software 12.X Thin Client (HKLM-x32\...\PBS-12.X-ThinClient) (Version: - )
PST Walker 5.38 (HKLM-x32\...\PST Walker_is1) (Version: - PST Walker Software)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.7001 - CyberLink Corp.) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
Window Web Access (HKLM-x32\...\Window Web Access) (Version: 1.41 - Grayscale LLC)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-815769884-4045366474-2365471170-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02FE3CC3-187E-49E9-8FED-73260D03536B} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
Task: {05C4E563-F738-4C5B-9D60-11495B6AA56A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN366B5GMC => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {0DC76852-BEE9-402A-8061-BF237CFF616C} - System32\Tasks\MyDailyBackup => C:\Windows\system32\winupd.exe <==== ATTENTION
Task: {148A4E21-E018-4907-B4E3-4BFFD8626229} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {36958D60-AF31-496D-813A-F6A7AE985B2B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {3968B5B5-D6F3-42D5-9A3D-684555C06977} - System32\Tasks\GoogleUp => C:\Windows\system32\hsysinfo.exe
Task: {6AE9664F-0B98-4A0C-B9B2-0397FB5E0E57} - System32\Tasks\import => C:\Windows\system32\Mint.exe
Task: {6B0A711F-395E-4478-82D3-75BE4EE89909} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {6E495B3D-3E8E-4BB9-8E22-E2944085CD45} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {704D72EA-81E5-4210-8A7E-2FA540F49BDE} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {7AE04947-24C4-4EA3-90FA-9E2B4D21AF0B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-14] (Microsoft Corporation)
Task: {830FD91B-4D69-43EF-ACD7-7F60E8D689B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {8553BD83-5B7C-4056-9F51-286603327726} - System32\Tasks\Googleuptodate => C:\Windows\system32\Wimboldon.exe
Task: {9478F4EE-3E37-4A51-A0BF-4FB4BEC798F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {9AD9D894-6DA6-437C-A71F-39A997B754BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {A3A56F32-AE86-4D5E-B57C-75D2ACDDB8D1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-04] (Microsoft Corporation)
Task: {BA1A16DF-A353-4AD7-B80E-D3B1410816C5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {BA3B3C28-3D73-427B-8867-2D3F5288DA0B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BBD42757-46FF-4E8C-BABA-101F9BDD4B4B} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-04] (CyberLink)
Task: {CC2840BB-2E7A-49B4-9CB5-817021BCCB56} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN527464H3 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {E41C34FD-24E9-4A31-B222-D624AA0C1B0F} - \impo -> No File <==== ATTENTION
Task: {E6737F98-F68F-4E83-A95C-10EEE7FBBDC0} - System32\Tasks\win => C:\Windows\system32\win.exe
Task: {E8CC2AAF-5AC5-4344-AD27-75D87CACBC92} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {F6F406BD-6536-4DC5-BF41-2DE029DAB83C} - \ReimageUpdater -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-08-05 17:15 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-08-05 17:19 - 2015-09-01 08:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-08-12 22:23 - 2011-08-12 22:23 - 00118784 _____ () C:\Program Files (x86)\OmniCom\AlphaCom\lpd.exe
2013-11-08 13:00 - 2013-08-12 01:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-11-08 13:03 - 2013-08-04 23:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-08-05 17:15 - 2015-08-05 17:15 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2015-08-05 17:17 - 2015-09-01 04:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll
2015-11-24 10:26 - 2015-12-14 14:21 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2015-08-05 17:17 - 2015-09-01 04:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-12-06 01:42 - 2015-12-06 01:42 - 53432832 _____ () C:\Program Files (x86)\WinWebUse\libcef.dll
2015-01-14 02:55 - 2015-01-14 02:55 - 00386560 _____ () C:\Program Files (x86)\WinWebUse\log4cplusU.dll
2015-12-06 01:42 - 2015-12-06 01:42 - 01976832 _____ () C:\Program Files (x86)\WinWebUse\libglesv2.dll
2015-12-06 01:42 - 2015-12-06 01:42 - 00075264 _____ () C:\Program Files (x86)\WinWebUse\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-815769884-4045366474-2365471170-1004\...\sharepoint.com -> hxxps://controlswitchesinc.sharepoint.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2015-12-10 14:08 - 00000862 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-815769884-4045366474-2365471170-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
HKU\S-1-5-21-815769884-4045366474-2365471170-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike Howell\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 192.168.0.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7CF44B8B-BAA9-4004-BF55-3C34D10D8815}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{7DDB96CD-7983-43EE-AC9B-E12659C05E38}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{BAE8B6F5-B63A-4464-9F14-63697A26F2D6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{292855D7-D6BB-4F72-B508-DD4BA8620127}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{703ABC63-DD7D-405F-A06E-D8DC24B28496}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{45A8E48D-9561-42A0-B36F-2FA49C85B8C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{839F2F33-C45C-43CD-B37A-854F3D28706F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E684DB5E-5C19-489E-9CDD-CE1427BDE3EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C021F997-E6A7-4ADA-B32A-EAB0AB10C544}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8A3B13A5-8688-4821-A2B7-4A54A8E88183}] => (Allow) C:\Program Files (x86)\CloudClient\isfacs.exe
FirewallRules: [{7B3D31CA-DDB6-4D47-9C4C-11DFAE9BD45A}] => (Allow) C:\Program Files (x86)\CloudClient\isfacs.exe
FirewallRules: [{6FE123B9-7902-4E36-9FF9-29713167528B}] => (Allow) C:\Program Files (x86)\CloudClient\isfacs.exe
FirewallRules: [{25DE7E37-05A9-4D5D-B24C-5B3FB7277A17}] => (Allow) C:\Program Files (x86)\CloudClient\isfacs.exe
FirewallRules: [TCP Query User{F8D52464-AF84-49EC-BE5D-1D2939CF6745}C:\program files (x86)\omnicom\alphacom\lpd.exe] => (Allow) C:\program files (x86)\omnicom\alphacom\lpd.exe
FirewallRules: [UDP Query User{6F27A041-42FD-4FA1-ACDB-1CF9FC1161AD}C:\program files (x86)\omnicom\alphacom\lpd.exe] => (Allow) C:\program files (x86)\omnicom\alphacom\lpd.exe
FirewallRules: [{D4C3830F-8B4C-4776-AE38-F5BDA0D16FD7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{98011763-36C6-403B-842C-3EAFCA69D6FE}C:\program files (x86)\omnicom\alphacom\lpd.exe] => (Allow) C:\program files (x86)\omnicom\alphacom\lpd.exe
FirewallRules: [UDP Query User{D7B4B9CC-A94A-4205-BF91-D926E63A45E4}C:\program files (x86)\omnicom\alphacom\lpd.exe] => (Allow) C:\program files (x86)\omnicom\alphacom\lpd.exe
FirewallRules: [TCP Query User{528FA8DF-F68E-46A6-987A-E682F576F930}C:\users\mike howell\appdata\local\temp\7zs313c\enterprisedu.exe] => (Allow) C:\users\mike howell\appdata\local\temp\7zs313c\enterprisedu.exe
FirewallRules: [UDP Query User{324573B0-1B29-4902-8D48-4C40DBC00E7E}C:\users\mike howell\appdata\local\temp\7zs313c\enterprisedu.exe] => (Allow) C:\users\mike howell\appdata\local\temp\7zs313c\enterprisedu.exe
FirewallRules: [{E396751B-0F50-4C74-B5A0-1F0B2EF7F45A}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS34E8\HPDiagnosticCoreUI.exe
FirewallRules: [{C1E0A9E4-7901-4D8F-A2FC-4F6C1FB8AC26}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS34E8\HPDiagnosticCoreUI.exe
FirewallRules: [{D0443B02-C0A8-4830-A857-E95A283FB067}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS38F0\HPDiagnosticCoreUI.exe
FirewallRules: [{120DFDAF-2533-433F-9D1E-C9724E1B98EF}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS38F0\HPDiagnosticCoreUI.exe
FirewallRules: [{7927271C-1977-44D4-B0B4-42F2FBB40E4C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{68446980-8E60-4CF7-BF8C-BED8CAE8ABBB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{4224207A-43B9-4247-8515-7813C4E79F27}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BA980717-6129-4E9C-9B07-FC6BEAE71AD7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{59B1201C-8825-45A4-AE37-E669BE19EADF}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS0BAA\HPDiagnosticCoreUI.exe
FirewallRules: [{61E803CD-BDDA-4A93-90F3-99F33D035FC3}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS0BAA\HPDiagnosticCoreUI.exe
FirewallRules: [{416C530A-C692-4188-8873-F90A6E1F4BAA}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS2013\HPDiagnosticCoreUI.exe
FirewallRules: [{23D264EE-953F-4BD9-AF11-F2254B97044B}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS2013\HPDiagnosticCoreUI.exe
FirewallRules: [{2D848790-3099-49EB-9068-527563DBB682}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS22D4\HPDiagnosticCoreUI.exe
FirewallRules: [{F9B137AC-F0D1-4010-B239-8A691B164A51}] => (Allow) C:\Users\Mike Howell\AppData\Local\Temp\7zS22D4\HPDiagnosticCoreUI.exe
FirewallRules: [{8CA1A6FB-A83D-4DDC-B1FE-FC0DA09ADF7A}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe
FirewallRules: [{8CBC43FA-F259-4024-B42F-44DAC845B7FA}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe
FirewallRules: [{08E6F859-622C-49D7-A4B1-9F2494C87346}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe
FirewallRules: [{6BA521A0-8ABA-4FBD-B356-00A2FFB5DD64}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{3CDA4E9A-38DD-4484-A69F-30EFA3A09884}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{37E4C96F-1B6C-4F2D-BB0D-E7FC39EF9B06}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{684CF0AC-3B33-4120-9A20-7F2B1A3BC847}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數
FirewallRules: [{9D38006A-EA04-4C44-9A4B-DC7703F19D1C}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳硥e
==================== Restore Points =========================
22-12-2015 07:13:11 Windows Update
30-12-2015 02:43:13 Windows Update
06-01-2016 13:38:33 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/08/2016 07:29:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x18c4
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 07:22:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x129c
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 07:18:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1648
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 07:17:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1134
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 07:17:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1cf4
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 07:10:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1670
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 07:04:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x11a0
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 06:58:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x1d08
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 06:52:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x136c
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
Error: (01/08/2016 06:52:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
Exception code: 0xc0000005
Fault offset: 0x000020c0
Faulting process id: 0x16e4
Faulting application start time: 0xwinwebtask_.exe0
Faulting application path: winwebtask_.exe1
Faulting module path: winwebtask_.exe2
Report Id: winwebtask_.exe3
Faulting package full name: winwebtask_.exe4
Faulting package-relative application ID: winwebtask_.exe5
System errors:
=============
Error: (01/08/2016 05:35:49 AM) (Source: DCOM) (EventID: 10010) (User: CS-08)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
Error: (01/08/2016 05:35:19 AM) (Source: DCOM) (EventID: 10010) (User: CS-08)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (01/07/2016 09:15:09 PM) (Source: DCOM) (EventID: 10010) (User: CS-08)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Error: (01/07/2016 11:09:43 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (01/07/2016 11:09:43 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (01/06/2016 05:23:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly. It has done this 2 time(s).
Error: (01/06/2016 05:01:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (01/06/2016 05:01:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (01/06/2016 02:48:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
Error: (01/06/2016 02:48:49 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
CodeIntegrity:
===================================
Date: 2015-12-10 14:30:09.440
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:29:45.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:29:45.402
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:29:45.297
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:28:50.371
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:28:50.269
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:27:26.121
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:26:43.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:26:43.753
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-12-10 14:26:26.584
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Core™ i5-4430 CPU @ 3.00GHz
Percentage of memory in use: 67%
Total physical RAM: 8097.27 MB
Available physical RAM: 2597.59 MB
Total Virtual: 17929.69 MB
Available Virtual: 10222.75 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:914.92 GB) (Free:849.56 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:15.11 GB) (Free:1.83 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E0708284)
Partition: GPT.
==================== End of Addition.txt ============================
Answered
![Possible Malware infection - help request [Solved] - last post by DR M](https://www.geekstogo.com/forum/uploads/profile/photo-418842.gif?_r=1578338641)
Sign In
Create Account
