This topic is locked
Hi, I have an HP laptop with Windows 8.1. I experienced some startup problems that is described in the GeekstoGo Windows 8.1 forum(Registry Change Prevents Startup) here: http://www.geekstogo...events-startup/
Basically, it started with some popups after visiting a web page that quickly deteriorated into the computer not properly starting up.
On the advice of SleepyDude, I was instructed to post a new thread on this forum. I ran Junkware Removal Tool and AdwCleaner twice and malware was found. I would appreciate it if someone could review the FRST logs below to see if the malware is gone or still needs to be removed.
Thank you.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Robert (administrator) on SHADOWFAX (29-03-2016 18:57:06)
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-02-18] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2015-02-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-02-18] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-07-23] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-12-11] (SlySoft, Inc.)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Policies\Explorer: []
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk [2014-06-23]
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
BootExecute: PDBoot.exeautocheck autochk *
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{42E1B6EA-3728-42A7-8E02-53ADCE251643}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7C57A303-A069-4AAA-A050-8A4F276FEC6D}: [DhcpNameServer] 40.20.1.201 40.20.1.202
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
SearchScopes: HKLM -> {4A033BE2-44B8-4954-BB49-126C850FAF6E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: SmartOnes -> {8d5d1e5e-1116-40cc-a8b1-8024831f480f} -> C:\Program Files (x86)\SmartOnes\tgzzCE4NDyVWfh.x64.dll => No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\uqxmp3ab.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-28] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2014-05-12] ( )
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: TRUSTe Privacy Plugin - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\uqxmp3ab.default\Extensions\[email protected] [2015-05-12] [not signed]
FF Extension: Adblock Plus - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\uqxmp3ab.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-16] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-19] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Development Company, L.P.)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-02-18] (Realtek Semiconductor)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2014-05-12] ()
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-06-23] (SolidWorks) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2015-02-18] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2015-02-18] (Advanced Micro Devices, INC.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-11] (SlySoft, Inc.)
S3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-11] (SlySoft, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2015-02-18] (Advanced Micro Devices)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-18] (REALiX™)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2015-02-18] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205448 2015-02-18] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
U3 McAPExe; no ImagePath
U3 McMPFSvc; no ImagePath
U3 McNaiAnn; no ImagePath
U3 mcpltsvc; no ImagePath
U3 McProxy; no ImagePath
U3 mfecore; no ImagePath
U3 MSK80Service; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-29 18:57 - 2016-03-29 18:58 - 00019658 _____ C:\Users\Robert\Desktop\FRST.txt
2016-03-29 18:56 - 2016-03-29 18:57 - 00000000 ____D C:\FRST
2016-03-29 18:56 - 2016-03-29 18:56 - 02374144 _____ (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2016-03-29 18:47 - 2016-03-29 18:49 - 00000000 ____D C:\AdwCleaner
2016-03-29 18:46 - 2016-03-29 18:46 - 03102208 _____ C:\Users\Robert\Desktop\AdwCleaner.exe
2016-03-29 18:45 - 2016-03-29 18:45 - 00000772 _____ C:\Users\Robert\Desktop\JRT.txt
2016-03-29 18:43 - 2016-03-29 18:43 - 01610352 _____ (Malwarebytes) C:\Users\Robert\Desktop\JRT.exe
2016-03-29 18:31 - 2016-03-29 18:31 - 00000000 ____D C:\Program Files\619b6f496b71d7e57b3d49442dd611fe
2016-03-29 18:24 - 2016-03-29 18:24 - 00000000 ____D C:\Users\Robert\AppData\Local\ElevatedDiagnostics
2016-03-29 10:25 - 2016-03-29 10:25 - 00137728 _____ C:\Windows\fbdc3abca8074238a1e242d0b61bc3fe.exe
2016-03-28 22:46 - 2016-03-28 22:47 - 22855504 ____R C:\Users\Robert\Downloads\Malwarebytes Anti-Malware Premium 2.2.1.1043 Final Multilingual.rar
2016-03-28 22:45 - 2016-03-28 22:45 - 00000000 ____D C:\Users\Robert\Downloads\Man.Up.2015.DVD9.NTSC.DVDR-NoRBiT
2016-03-28 22:22 - 2016-03-28 22:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-28 21:45 - 2016-03-28 21:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-28 21:45 - 2016-03-28 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-28 21:39 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-03-28 21:39 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-03-28 21:39 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-03-28 21:39 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-03-28 21:39 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-03-28 21:39 - 2016-01-31 12:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-03-28 21:39 - 2016-01-31 12:20 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-03-28 21:38 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-28 21:38 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-03-28 21:38 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-03-28 21:38 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-03-28 21:38 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-03-28 21:38 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-03-28 21:38 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2016-03-28 21:38 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2016-03-28 21:38 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-03-28 21:38 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-03-28 21:38 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2016-03-28 21:38 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2016-03-28 21:38 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingMonitor.dll
2016-03-28 21:38 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-03-28 21:38 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-03-28 21:38 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-03-28 21:38 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-03-28 21:38 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2016-03-28 21:38 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2016-03-28 21:38 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-03-28 21:38 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-03-28 21:38 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2016-03-28 21:38 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2016-03-28 21:38 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\SettingMonitor.dll
2016-03-28 21:38 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2016-03-28 21:38 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-03-28 21:38 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-03-28 21:38 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-03-28 21:38 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-03-28 21:38 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2016-03-28 21:38 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-03-28 21:38 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2016-03-28 21:38 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-03-28 21:38 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-03-28 21:38 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
2016-03-28 21:38 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-03-28 21:38 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-03-28 21:38 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
2016-03-28 21:38 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-03-28 21:38 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-03-28 21:38 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-03-28 21:38 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-03-28 21:38 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-03-28 21:37 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2016-03-28 21:37 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2016-03-28 21:37 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2016-03-28 21:37 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
2016-03-28 21:37 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-03-28 21:37 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-03-28 21:37 - 2016-01-20 18:40 - 00099672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-03-28 21:36 - 2016-02-11 16:17 - 07452504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-28 21:36 - 2016-02-11 16:17 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-28 21:36 - 2016-02-11 16:17 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-03-28 21:36 - 2016-02-11 16:17 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-03-28 21:36 - 2016-02-11 16:17 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-03-28 21:36 - 2016-02-11 16:17 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-03-28 21:36 - 2016-02-11 16:16 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-28 21:36 - 2016-02-09 14:07 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-03-28 21:36 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-03-28 21:36 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll
2016-03-28 21:36 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpsapi.dll
2016-03-28 21:36 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2016-03-28 21:36 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeui.exe
2016-03-28 21:35 - 2016-02-06 19:05 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-03-28 21:35 - 2016-02-06 18:41 - 00316760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-03-28 21:35 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-03-28 21:35 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-03-28 21:35 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-03-28 21:35 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-03-28 21:35 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-03-28 21:35 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2016-03-27 21:48 - 2016-03-27 21:57 - 00000000 ____D C:\Users\Robert\AppData\Local\app
2016-03-18 23:20 - 2016-03-29 01:09 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-11 19:08 - 2016-02-20 11:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-11 19:08 - 2016-02-20 11:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-11 19:08 - 2016-02-20 11:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-11 19:08 - 2016-02-20 11:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-11 19:08 - 2016-02-20 11:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-11 19:08 - 2016-02-20 11:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-11 19:08 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-11 19:08 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-11 19:08 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-11 19:08 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-03-11 19:08 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-11 19:08 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-11 19:08 - 2016-02-08 16:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-03-11 19:08 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-11 19:08 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-11 19:08 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-11 19:08 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-11 19:08 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-11 19:08 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-11 19:08 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-11 19:08 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-11 19:08 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-11 19:08 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-11 19:08 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-11 19:08 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-03-11 19:08 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-11 19:08 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-11 19:08 - 2016-02-08 13:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-03-11 19:08 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-11 19:08 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-11 19:08 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-11 19:08 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-11 19:08 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-11 19:08 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-03-11 19:08 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-11 19:08 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-11 19:08 - 2016-02-05 15:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-11 19:06 - 2016-02-11 10:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-03-11 19:06 - 2016-02-11 10:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-03-11 19:06 - 2016-02-11 10:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-03-11 19:06 - 2016-02-11 10:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-03-11 19:06 - 2016-02-05 10:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-11 19:06 - 2016-02-05 10:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-11 19:06 - 2016-02-05 10:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-03-11 19:06 - 2016-02-05 10:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-03-11 19:05 - 2016-02-12 15:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-11 19:05 - 2016-02-12 11:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-11 19:05 - 2016-02-12 10:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-03-11 19:05 - 2016-02-12 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-11 19:05 - 2016-02-12 10:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-11 19:05 - 2016-02-12 10:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-11 19:05 - 2016-02-12 10:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-11 19:05 - 2016-02-12 10:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-11 19:05 - 2016-02-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-11 19:05 - 2016-02-12 10:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-11 19:05 - 2016-02-12 10:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-11 19:05 - 2016-02-12 10:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-11 19:05 - 2016-02-06 12:58 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-11 19:05 - 2016-02-06 12:32 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-11 19:05 - 2016-02-03 16:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-11 19:05 - 2016-02-03 16:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-11 19:05 - 2016-02-03 11:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-11 19:05 - 2016-02-03 11:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-11 19:05 - 2016-02-03 11:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-11 19:04 - 2016-02-06 14:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-11 19:04 - 2016-02-05 15:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-03-11 19:04 - 2016-02-05 15:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-03-11 19:04 - 2016-02-05 11:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-11 19:04 - 2016-02-05 11:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-11 19:04 - 2016-02-04 14:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-11 19:04 - 2016-01-31 15:16 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-11 19:03 - 2016-02-04 14:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-11 19:03 - 2016-02-04 14:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-11 19:03 - 2016-02-04 13:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-11 19:03 - 2016-02-04 13:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-11 19:03 - 2016-02-04 13:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-11 19:03 - 2016-02-04 13:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-29 18:55 - 2015-05-06 18:10 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3511957844-2261570385-1743981658-1005
2016-03-29 18:50 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-29 18:23 - 2014-04-23 18:58 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8A055C58-84B1-4BA9-AD00-A48621AAEA0A}
2016-03-29 18:20 - 2014-04-23 19:02 - 00000000 ____D C:\Users\Robert\AppData\Roaming\ClassicShell
2016-03-29 01:09 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2016-03-29 01:06 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-29 01:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\registration
2016-03-29 01:01 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Sysprep
2016-03-28 23:19 - 2014-04-25 22:55 - 00000000 ____D C:\Users\Robert\AppData\Roaming\uTorrent
2016-03-28 23:13 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-03-28 23:03 - 2016-02-15 00:19 - 00000000 ____D C:\Users\Robert\AppData\Roaming\MPC-HC
2016-03-28 22:55 - 2015-09-09 17:58 - 00003172 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRobert
2016-03-28 22:55 - 2015-09-09 17:58 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForRobert.job
2016-03-28 22:33 - 2014-04-23 19:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-28 22:20 - 2014-08-16 22:34 - 00000000 ____D C:\Users\Robert\AppData\Local\Adobe
2016-03-28 22:11 - 2015-04-17 22:21 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype
2016-03-28 22:10 - 2013-08-26 02:09 - 00956540 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-28 21:48 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2016-03-28 21:48 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-28 21:45 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2016-03-28 21:40 - 2015-12-19 12:21 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-28 21:40 - 2015-12-19 12:21 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-28 21:10 - 2014-04-23 18:57 - 00000000 ____D C:\Users\Robert
2016-03-27 23:19 - 2016-01-04 23:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-27 22:10 - 2015-03-10 12:47 - 00000401 _____ C:\DelFix.txt
2016-03-11 19:36 - 2013-08-22 10:44 - 00589584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-11 19:32 - 2015-04-16 21:36 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-11 19:29 - 2014-04-23 04:09 - 00000000 ____D C:\Windows\system32\MRT
2016-03-11 19:22 - 2014-04-23 04:09 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-11 19:09 - 2016-02-13 20:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 19:07 - 2015-12-11 21:01 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-11 19:07 - 2015-12-11 21:01 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-11 19:07 - 2015-12-11 21:01 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-08 03:00 - 2014-12-09 18:15 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:00 - 2014-12-09 18:15 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2014-07-11 23:15 - 2014-07-11 23:15 - 0000017 _____ () C:\Users\Robert\AppData\Local\resmon.resmoncfg
2014-05-04 14:20 - 2014-12-17 19:00 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-05-03 11:57 - 2014-05-03 11:57 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-10 22:56 - 2014-05-10 22:56 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Some files in TEMP:
====================
C:\Users\Robert\AppData\Local\Temp\7za.exe
C:\Users\Robert\AppData\Local\Temp\CodecFixDivx.exe
C:\Users\Robert\AppData\Local\Temp\dxdiag.exe
C:\Users\Robert\AppData\Local\Temp\libeay32.dll
C:\Users\Robert\AppData\Local\Temp\mbam-setup-2.2.0.1024.exe
C:\Users\Robert\AppData\Local\Temp\mesox.exe
C:\Users\Robert\AppData\Local\Temp\msconfig.exe
C:\Users\Robert\AppData\Local\Temp\msvcr120.dll
C:\Users\Robert\AppData\Local\Temp\setdd.exe
C:\Users\Robert\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-03-18 20:20
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Robert (2016-03-29 18:59:03)
Running from C:\Users\Robert\Desktop
Windows 8.1 (X64) (2014-04-23 06:03:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3511957844-2261570385-1743981658-500 - Administrator - Disabled)
Guest (S-1-5-21-3511957844-2261570385-1743981658-501 - Limited - Disabled)
Robert (S-1-5-21-3511957844-2261570385-1743981658-1005 - Administrator - Enabled) => C:\Users\Robert
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{E825A27F-01E0-1BB8-6A7D-DD769D57E4B0}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Amnesia - The Dark Descent (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.4.0 - SlySoft)
AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD Electrical 2015 - English (Version: 12.0.55.0 - Autodesk) Hidden
AutoCAD Electrical 2015 Language Pack - English (Version: 12.0.55.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.0.27.1100 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 1.0.59.0 - Autodesk)
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD Electrical 2015 - English (HKLM\...\AutoCAD Electrical 2015 - English) (Version: 12.0.55.0 - Autodesk)
Autodesk AutoCAD Electrical Mobile Data (HKLM-x32\...\{4F4C5027-2FAC-4863-AA12-5754FF226849}) (Version: 1.0.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Free Spider Solitaire v5.0 (HKLM-x32\...\Free Spider_is1) (Version: - TreeCardGames)
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
IsoBuster 1.9.1 (HKLM-x32\...\IsoBuster_is1) (Version: 1.9.1 - Smart Projects)
K-Lite Mega Codec Pack 11.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.9.0 - KLCP)
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Home Edition (Version: 6.1.1000 - Paramount Software (UK) Ltd.) Hidden
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Movie Collector (HKLM-x32\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version: - Collectorz.com)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x64 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.783 - Raxco Software Inc.)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.5 - Portforward, LLC)
ProShow Producer (HKLM-x32\...\ProShow Producer) (Version: - Photodex Corporation)
Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SolidWorks 2014 x64 Edition SP03 (HKLM-x32\...\SolidWorks Installation Manager 20140-40300-1100-100) (Version: 22.3.0.56 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP03 (Version: 22.130.56 - SolidWorks) Hidden
SolidWorks Composer Player 2014 SP03 x64 Edition (Version: 22.30.56 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP03 (Version: 14.3.107 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2014 SP03 x64 Edition (Version: 22.30.56 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2014 SP03 x64 Edition (Version: 22.30.56 - SolidWorks Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Whispered Secrets 3 - Into the Wind CE UPDATE (HKLM-x32\...\Whispered Secrets 3 - Into the Wind CE UPDATE1.1) (Version: 1.1 - Foxy Games)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\Inventor Server\Bin\TestServer.dll => No File
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {09F0478E-5560-421E-B00A-6D957953E2D9} - \Optimize Start Menu Cache Files-S-1-5-21-3511957844-2261570385-1743981658-1002 -> No File <==== ATTENTION
Task: {32CCC404-30CD-417A-A7D9-87E7AA67D658} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-02-22] (HP Inc.)
Task: {563966E9-AE11-4F9C-99CB-1E70BCF16A99} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {59023211-95FC-4489-A0CB-E20A274A8A92} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
Task: {6510AEDA-4D54-4636-99E7-5D346A87696D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {68DAA213-B513-49AF-9BE4-C90EBA00AB22} - System32\Tasks\HPCeeScheduleForRobert => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {752D4054-9117-4B7B-A37A-CA3878C2273B} - \Optimize Start Menu Cache Files-S-1-5-21-3511957844-2261570385-1743981658-500 -> No File <==== ATTENTION
Task: {850B844A-9D1F-4459-97DE-2021CE45525F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-02-18] (Synaptics Incorporated)
Task: {97DE100F-297C-447C-85B7-86584EAAD9B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {99912356-0A5F-4FC5-8425-47B18FA4A98D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {A90C7AA3-D269-4F3E-9B40-7858EB23B002} - System32\Tasks\{FB1A9DC6-BD16-42C2-B04F-5221F8745A03} => pcalua.exe -a "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Task: {B5BD24CA-2B71-49E8-B01F-C745E75B55BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {BBF4AC2F-7854-45DB-85D7-B7A22AA481D8} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {C3D8F1B7-00E5-4CA1-8F09-B6B575DE5C3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {DB3EB686-B7C1-4B28-8A1E-C3854FE5924B} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
Task: {DF4123C2-437B-4A0A-A375-BC554AE4BED5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\HPCeeScheduleForRobert.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2013-08-19 17:48 - 2013-08-19 17:48 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-08-19 17:47 - 2013-08-19 17:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-05-12 21:05 - 2014-05-12 21:05 - 00186760 _____ () C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
2013-08-19 17:47 - 2013-08-19 17:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-08-19 17:48 - 2013-08-19 17:48 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2014-05-24 19:25 - 2013-12-22 02:22 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-05-24 19:25 - 2013-12-22 02:22 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [152]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 09:25 - 2016-03-29 18:29 - 00001006 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Control Panel\Desktop\\Wallpaper -> C:\Photos\WIND RIVER BOB\DSC00376.JPG
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "SolidWorks 2014 Fast Start.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SolidWorks Background Downloader.lnk"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "AnyDVD"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{99AB0D9B-878E-406F-B97A-3EC70B95F9A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A10E90A9-FB91-4EB3-A9F5-C2BB2A76D75D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD79683A-AEDF-4999-9123-A1FBB00B3273}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66B115C9-4F88-4CDB-96FF-2134BBF5C9CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{027A2713-D6BD-4A9C-8A1B-40E58AF026AD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{4C4F41CB-7472-4A76-BE5A-0983120BE539}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{40C0F5E0-4E08-4D13-8751-F36663AD8BC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{9ABE0139-9650-4C1B-9FAD-C24BE1CC0B9B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{75E2B264-F083-461B-A302-17FD65CCA98E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{6F4FA5C4-9803-478C-9B68-5F8D0BF88326}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{CF3748AF-48E7-4CCC-AF18-7AA712AEE7EB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{04C3E7B9-8BE0-4440-9E96-5998F0D863C3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{37F3F536-98BA-4535-B6F7-0A142B3CD0A5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{16354299-2032-4F7F-8FC3-D624C1F476A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5AF18F91-FEA2-460C-A03F-D59A820253CF}] => (Allow) C:\Users\Robert\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BCF61DE5-82B9-46C6-9D1F-703823727C0D}] => (Allow) C:\Users\Robert\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{78754A17-85EA-4A66-BBC2-8B4F38532F3D}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\FaxApplications.exe
FirewallRules: [{998CAABD-10DC-45EC-BB22-EC704F109499}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\DigitalWizards.exe
FirewallRules: [{7B9E975C-070F-4A1D-8554-12BE57ABBC74}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\bin\SendAFax.exe
FirewallRules: [{0243DFC7-29E1-40D8-9F4A-28721980D10F}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\DeviceSetup.exe
FirewallRules: [{78D495F6-69E7-4895-A95E-330F049F7BF3}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{29BB7925-B0F5-40AF-BAE0-93474DE6D5B3}] => (Allow) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D6B5F960-757A-464B-B837-7C2541BA312C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E391D2D7-D081-4FDE-911A-89FFD3A5F831}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{CF39E51A-276C-4B5B-A4EB-126D0FD3E617}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{1F11568A-868C-474A-8C1C-D9A5C3758278}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{CD227912-D37C-4BE1-9D4A-CD6FFFEA9649}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{9FD7154C-DE8B-4BFD-81EA-DDEA520E078F}] => (Allow) LPort=50248
FirewallRules: [{7311761D-148D-4EA8-9807-7D36DEFB5980}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{6F76C9D8-A6F8-44CE-A8D4-FDBC96D861F1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{FEC748DC-3F69-430C-B6B7-4ADC5AD26F7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{87BFE6EB-7370-4D88-A499-C6E7D54FB381}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B41342F7-7E5B-4833-A2EB-7C9261E005E1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{F382F42C-30DC-4637-A876-A2C8816ED645}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{08270B2A-DFD8-419D-A149-51F53E46EC5F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{7E6FBC94-87D6-4C0B-9D60-409520CB7A51}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{421D41BC-6B3F-42B2-9287-61E0ACD705CB}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{A6B8F9B2-CA75-4FC7-832B-69C423BAEFCE}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{98839095-A09A-44A6-B263-550944AB3F00}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{D8451383-83ED-4DA0-A9A8-AC0917D78FEB}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{4DCB9EE0-8BBA-44D5-B924-22F6EDA54EA3}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [TCP Query User{0073B75D-7E40-4709-AD5C-9B188879A63D}C:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe] => (Block) C:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe
FirewallRules: [UDP Query User{A0C4A43D-E192-4240-A455-E4A24E826853}C:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe] => (Block) C:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe
FirewallRules: [TCP Query User{565C4669-35DC-43D1-BBA9-A26FB0836228}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{E6647BF4-C0C8-45C2-825A-12C1F7FA59FD}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{F60E5310-C881-4942-BDF9-F6450272248C}] => (Allow) C:\Users\Robert\AppData\Roaming\OAS\oas.exe
FirewallRules: [{B98C766F-AC48-4ACE-A567-F54BADCACBA4}] => (Allow) C:\Users\Robert\AppData\Roaming\OAS\oasupd.exe
FirewallRules: [{7516FD80-6552-4D75-8FE8-BE23EACA781B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2D5D68CB-2589-455F-9FA2-4314A4E9C891}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{C697713F-74A4-4B28-B5FF-B9AF2985305F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0F2586EE-CE14-4D56-B1CD-79EFFC6A76E5}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{37210263-5DB9-4A35-9297-E7ECBF7AEA7F}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
FirewallRules: [{43FB2BE8-BBEE-4DDD-AB76-064634D94334}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
FirewallRules: [{50D5CDDC-5780-497E-A0CB-E1A50EF54E1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C35C7DA0-B461-415E-872E-97C28B174D95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Restore Points =========================
11-03-2016 19:09:20 Windows Update
17-03-2016 16:34:54 Windows Update
18-03-2016 23:16:42 JRT Pre-Junkware Removal
24-03-2016 23:28:01 Windows Update
27-03-2016 21:56:34 JRT Pre-Junkware Removal
29-03-2016 18:43:43 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/29/2016 06:50:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: egui.exe, version: 8.0.319.0, time stamp: 0x559d2313
Faulting module name: ToastNotify.dll, version: 8.0.319.0, time stamp: 0x559d2398
Exception code: 0xc0000005
Fault offset: 0x0000000000002f3e
Faulting process id: 0x10e4
Faulting application start time: 0xegui.exe0
Faulting application path: egui.exe1
Faulting module path: egui.exe2
Report Id: egui.exe3
Faulting package full name: egui.exe4
Faulting package-relative application ID: egui.exe5
Error: (03/29/2016 06:24:57 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft Access database engine 2010 (English) - Update 'Microsoft Access Database Engine 2010 Service Pack 1 (SP1)' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSI6cac5.LOG.
Error: (03/29/2016 06:24:57 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Access database engine 2010 (English) -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see SETUP.CHM.
Error: (03/29/2016 06:21:17 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft Access database engine 2010 (English) - Update 'Microsoft Access Database Engine 2010 Service Pack 1 (SP1)' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSI35f19.LOG.
Error: (03/29/2016 06:21:16 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Access database engine 2010 (English) -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see SETUP.CHM.
Error: (03/28/2016 11:19:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: egui.exe, version: 8.0.319.0, time stamp: 0x559d2313
Faulting module name: ToastNotify.dll, version: 8.0.319.0, time stamp: 0x559d2398
Exception code: 0xc0000005
Fault offset: 0x0000000000002f3e
Faulting process id: 0x1030
Faulting application start time: 0xegui.exe0
Faulting application path: egui.exe1
Faulting module path: egui.exe2
Report Id: egui.exe3
Faulting package full name: egui.exe4
Faulting package-relative application ID: egui.exe5
System errors:
=============
Error: (03/29/2016 06:50:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275
Error: (03/29/2016 06:49:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (03/29/2016 06:49:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (03/29/2016 06:49:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/29/2016 06:49:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NMIndexingService service terminated unexpectedly. It has done this 1 time(s).
Error: (03/29/2016 06:49:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (03/29/2016 06:49:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SynTPEnh Caller Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/29/2016 06:49:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ScsiAccess service terminated unexpectedly. It has done this 1 time(s).
Error: (03/29/2016 06:49:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Macrium Reflect Image Mounting Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/29/2016 06:49:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDEngine service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2015-10-28 23:06:29.137
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-10-28 22:50:17.447
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-10-28 22:42:44.415
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-10-28 22:27:02.996
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD A6-5200 APU with Radeon™ HD Graphics
Percentage of memory in use: 16%
Total physical RAM: 7643.95 MB
Available physical RAM: 6353.7 MB
Total Virtual: 8859.95 MB
Available Virtual: 7485.05 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:677.33 GB) (Free:508.17 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.54 GB) (Free:2.08 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3A472083)
Partition: GPT.
==================== End of Addition.txt ============================
Edited by Jackpine, 30 March 2016 - 04:40 PM.
Sign In
Create Account
