Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Not sure if malware has been removed [Solved]


  • This topic is locked This topic is locked

#16
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts

Thanks. That folder need to go, please run the fix Attached File  Fixlist.txt   96bytes   72 downloads.

 

Post the log with the result.

 

Next,

  • Please download Security Check by glax24 and save the file to the Desktop
  • Run the tool by accepting all the Security prompts
  • when complete the tool will produce a log file C:\SecurityCheck\SecurityCheck.txt and also copy the contents to the Clipboard
  • Simply Paste the log to your reply

 

 

 


  • 0

Advertisements


#17
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts

Here are the two logs.  (By the way, can I delete the Upload.zip folder from my desktop?)

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Robert (2016-04-02 19:11:43) Run:3
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Program Files\619b6f496b71d7e57b3d49442dd611fe
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files\619b6f496b71d7e57b3d49442dd611fe => moved successfully


The system needed a reboot.

==== End of Fixlog 19:12:20 ====

 

SecurityCheck by glax24 & Severnyj v.1.4.0.37 [05.03.16]
WebSite: www.safezone.cc
DateLog: 02.04.2016 19:15:58
Path starting: C:\Users\Robert\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Robert
VersionXML: 2.66is-29.03.2016
___________________________________________________________________________

Windows 8.1(6.3.9600) (x64) Core Lang: English(0409)
Installation date OS: 23.04.2014 06:03:03
LicenseStatus: Windows®, Core edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [677.3 Gb] Used: [156.2 Gb] Free: [521.1 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18231
User Account Control disabled
The elevation prompt for administrators disabled
^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^
Notify of download and installation
Date install updates: 2016-03-29 22:24:57
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service has stopped
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
ESET NOD32 Antivirus 8.0 (enabled and up to date)
Windows Defender (disabled and out of date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and out of date)
ESET NOD32 Antivirus 8.0 (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET NOD32 Antivirus v.8.0.319.0
ESET Online Scanner v3
--------------------------- [ OtherUtilities ] ----------------------------
7-Zip 9.20 (x64 edition) v.9.20.00.0 Warning! Download Update
Uninstall old version and install new one.
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.3 v.7.3.101 Warning! Download Update
^Optional update.^
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.0.0.10 Warning! Download Update
^Please use Apple Software Update tool.^
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 21 NPAPI v.21.0.0.197
Adobe Shockwave Player 12.0 v.12.0.3.133 Warning! Download Update
Adobe Acrobat Reader DC v.15.010.20060
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 45.0.1 (x64 en-US) v.45.0.1
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe v.8.0.319.0
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe v.8.0.319.0
----------------------------- [ End of Log ] ------------------------------
 


  • 0

#18
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts

Here are the two logs.  (By the way, can I delete the Upload.zip folder from my desktop?)

Yes delete the zip. I will get back to the Security log later, first I would like to run another scan.
 
 
Emsisoft Emergency Kit
 
Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the Desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your Desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your Desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

  • 0

#19
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts

Emisoft Malware scan log is provided below.  (After I downloaded the program, there was also a Commandline Scanner file.  I didn't run that.  Should I?)

 

Emsisoft Emergency Kit - Version 11.0
Last update: Sun, Apr 03, 2016 10:59:08 AM
User account: Shadowfax\Robert

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    Sun, Apr 03, 2016 10:59:37 AM
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERBARBUTTON     detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERBARBUTTON     detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERBARBUTTON.1     detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERBARBUTTON.1     detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERSETTINGSCONTROL     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERSETTINGSCONTROL     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERSETTINGSCONTROL.1     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERSETTINGSCONTROL.1     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.SETTINGSPLUGIN     detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.SETTINGSPLUGIN     detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.SETTINGSPLUGIN.1     detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.SETTINGSPLUGIN.1     detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{09BD51AE-7E02-4916-9B12-647A92C02B7F}     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{72FE8681-0BFA-471B-9B2A-B37ED68DD09E}     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{83453071-3F9C-4AB0-BE30-EDA368D7976D}     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BD04DAE2-8C1B-4CC5-9E06-22DE05C2EDA0}     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{83453070-3F9C-4AB0-BE30-EDA368D7976D}     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{83453070-3F9C-4AB0-BE30-EDA368D7976D}     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FE063DBA-4EC0-403E-8DD8-394C54984B2C}     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{FE063DBA-4EC0-403E-8DD8-394C54984B2C}     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{BD04DAE0-8C1B-4CC5-9E06-22DE05C2EDA0}     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{BD04DAE0-8C1B-4CC5-9E06-22DE05C2EDA0}     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{FE063DB0-4EC0-403E-8DD8-394C54984B2C}     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{FE063DB0-4EC0-403E-8DD8-394C54984B2C}     detected:

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{83453071-3F9C-4AB0

-BE30-EDA368D7976D}     detected: Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FE063DBB-4EC0-

403E-8DD8-394C54984B2C}     detected: Application.Win32.WebToolbar (A)
C:\Windows\Installer\MSI988F.tmp-\FiddlerCore.dll     detected: Gen:[email protected] (B)
C:\Windows\Installer\MSI988F.tmp-\Smartbar.Communication.dll     detected: Adware.Smartbar.AB (B)
C:\Windows\Installer\MSI988F.tmp-\Smartbar.Resources.SocialNetsSharer.dll     detected:

Application.Generic.1164164 (B)
C:\Windows\Installer\MSI988F.tmp-\Smartbar.Common.dll     detected: Adware.Smartbar.AB (B)
C:\Windows\Installer\MSI988F.tmp-\srns.dll     detected: Application.Generic.1170154 (B)
C:\Windows\Installer\MSI988F.tmp-\srsbs.dll     detected: Application.Generic.1201913 (B)

Scanned    75930
Found    32

Scan end:    Sun, Apr 03, 2016 11:05:58 AM
Scan time:    0:06:21

C:\Windows\Installer\MSI988F.tmp-\srsbs.dll     Application.Generic.1201913 (B)
C:\Windows\Installer\MSI988F.tmp-\srns.dll     Application.Generic.1170154 (B)
C:\Windows\Installer\MSI988F.tmp-\Smartbar.Common.dll     Adware.Smartbar.AB (B)
C:\Windows\Installer\MSI988F.tmp-\Smartbar.Resources.SocialNetsSharer.dll     Application.Generic.1164164 (B)
C:\Windows\Installer\MSI988F.tmp-\Smartbar.Communication.dll     Adware.Smartbar.AB (B)
C:\Windows\Installer\MSI988F.tmp-\FiddlerCore.dll     Gen:[email protected] (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{09BD51AE-7E02-4916-9B12-647A92C02B7F}    

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.SETTINGSPLUGIN.1     Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{83453071-3F9C-4AB0-BE30-EDA368D7976D}    

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{72FE8681-0BFA-471B-9B2A-B37ED68DD09E}    

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.SETTINGSPLUGIN     Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERBARBUTTON.1     Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERBARBUTTON     Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERSETTINGSCONTROL.1     Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\ASKTBAR.POPSWATTERSETTINGSCONTROL     Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{FE063DB0-4EC0-403E-8DD8-394C54984B2C}    

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{BD04DAE0-8C1B-4CC5-9E06-22DE05C2EDA0}    

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{FE063DBB-4EC0-

403E-8DD8-394C54984B2C}     Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{83453071-3F9C-4AB0

-BE30-EDA368D7976D}     Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{FE063DBA-4EC0-403E-8DD8-394C54984B2C}    

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{83453070-3F9C-4AB0-BE30-EDA368D7976D}    

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{BD04DAE2-8C1B-4CC5-9E06-22DE05C2EDA0}    

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FE063DBA-4EC0-403E-8DD8-394C54984B2C}    

Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{83453070-3F9C-4AB0-BE30-EDA368D7976D}    

Application.Win32.WebToolbar (A)

Quarantined    24
 


  • 0

#20
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts

Hi,

 

In terms of malware the machine seems clean but I would like to confirm that everything is as it should with Windows.

 

» Farbar Service Scanner (FSS) log
Let's check some windows critical services...
Download Farbar Service Scanner and save the file to the Desktop.

  • Run FSS
  • Check all the options
  • click Scan

Post the generated log in your reply.

 


  • 0

#21
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts

Here is the FSS log.

 

Farbar Service Scanner Version: 27-01-2016
Ran by Robert (administrator) on 03-04-2016 at 14:59:17
Running from "C:\Users\Robert\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


  • 0

#22
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts

The Windows Update service isn't working!

 

  • Download the file wuauserv.reg and save it to the Desktop
  • Double click the file wuauserv.reg and accept the Security Warning related to Registry Editor
    RegistryImport.png
  • click the Yes to accept importing the file to the Registry
  • if everything work as expected you will see a windows with this: "The keys and values contained in {..\wuauserv.reg} have been successfully added to the registry."
  • Restart the computer

 

Run FSS again and post a new log.

 


  • 0

#23
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts

Registry change made, computer restarted.  Second FSS scan log provided below.

 

Farbar Service Scanner Version: 27-01-2016
Ran by Robert (administrator) on 03-04-2016 at 17:27:04
Running from "C:\Users\Robert\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


  • 0

#24
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts

Hi,

 

Something strange is happening!

 

Run FRST64 again check the option Addition.txt and click Scan.

Please post the new logs FRST.txt and Addition.txt

 


  • 0

#25
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts

FRST.txt and Addition.txt scan logs below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Robert (administrator) on SHADOWFAX (03-04-2016 17:42:08)
Running from C:\Users\Robert\Desktop
Loaded Profiles: Robert (Available Profiles: Robert)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Raxco Software, Inc.) C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7660760 2015-02-18] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2015-02-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2015-02-18] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-07-23] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-03-12] (Nero AG)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2014-12-11] (SlySoft, Inc.)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [133632 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-08] (Autodesk, Inc.)
AppInit_DLLs: acaptuser64.dll => C:\Windows\system32\acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk [2014-06-23]
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
BootExecute: PDBoot.exeautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{42E1B6EA-3728-42A7-8E02-53ADCE251643}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7C57A303-A069-4AAA-A050-8A4F276FEC6D}: [DhcpNameServer] 40.20.1.201 40.20.1.202

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCON14/4
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCON14/4
SearchScopes: HKLM -> {4A033BE2-44B8-4954-BB49-126C850FAF6E} URL = hxxp://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)

FireFox:
========
FF ProfilePath: C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\uqxmp3ab.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-28] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2014-05-12] ( )
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Extension: TRUSTe Privacy Plugin - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\uqxmp3ab.default\Extensions\[email protected] [2015-05-12] [not signed]
FF Extension: Adblock Plus - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\uqxmp3ab.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-16] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-19] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-07-23] (Hewlett-Packard Development Company, L.P.)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [271920 2007-03-12] (Nero AG)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-02-18] (Realtek Semiconductor)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2014-05-12] ()
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2014-06-23] (SolidWorks) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2015-02-18] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2015-02-18] (Advanced Micro Devices, INC.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-11] (SlySoft, Inc.)
S3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-11] (SlySoft, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2015-02-18] (Advanced Micro Devices)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-18] (REALiX™)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2015-02-18] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205448 2015-02-18] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-07-26] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [34544 2013-07-26] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-03 17:42 - 2016-04-03 17:42 - 00019178 _____ C:\Users\Robert\Desktop\FRST.txt
2016-04-03 17:22 - 2016-04-03 17:22 - 00006176 _____ C:\Users\Robert\Desktop\wuauserv.reg
2016-04-03 14:59 - 2016-04-03 17:27 - 00003175 _____ C:\Users\Robert\Desktop\FSS.txt
2016-04-03 14:58 - 2016-04-03 14:58 - 00899584 _____ (Farbar) C:\Users\Robert\Desktop\FSS.exe
2016-04-03 11:06 - 2016-04-03 11:06 - 00014496 _____ C:\Users\Robert\Desktop\scan_160403-105937.txt
2016-04-03 10:53 - 2016-04-03 11:07 - 00000000 ____D C:\EEK
2016-04-03 10:35 - 2016-04-03 10:36 - 225201672 _____ C:\Users\Robert\Desktop\EmsisoftEmergencyKit.exe
2016-04-02 19:15 - 2016-04-02 19:15 - 00491657 _____ (glax24 (safezone.cc)) C:\Users\Robert\Desktop\SecurityCheck.exe
2016-04-02 19:15 - 2016-04-02 19:15 - 00000000 ____D C:\SecurityCheck
2016-04-02 16:35 - 2016-04-03 17:42 - 00000000 ____D C:\FRST
2016-04-02 16:35 - 2016-04-02 19:12 - 00000645 _____ C:\Users\Robert\Desktop\Fixlog.txt
2016-04-02 16:34 - 2016-04-02 16:34 - 02374144 _____ (Farbar) C:\Users\Robert\Desktop\FRST64.exe
2016-04-02 14:59 - 2016-04-02 14:59 - 03480040 _____ (McAfee, Inc.) C:\Users\Robert\Desktop\MCPR.exe
2016-04-02 12:48 - 2016-04-02 12:49 - 00000000 ____D C:\AdwCleaner
2016-04-02 12:46 - 2016-04-02 12:46 - 00000558 _____ C:\Users\Robert\Desktop\JRT.txt
2016-04-02 12:43 - 2016-04-02 12:43 - 03102720 _____ C:\Users\Robert\Desktop\AdwCleaner.exe
2016-04-02 12:42 - 2016-04-02 12:42 - 01610352 _____ (Malwarebytes) C:\Users\Robert\Desktop\JRT.exe
2016-03-29 18:24 - 2016-03-29 18:24 - 00000000 ____D C:\Users\Robert\AppData\Local\ElevatedDiagnostics
2016-03-28 22:22 - 2016-03-28 22:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-28 21:45 - 2016-03-28 21:45 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-28 21:45 - 2016-03-28 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-28 21:39 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-03-28 21:39 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-03-28 21:39 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-03-28 21:39 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-03-28 21:39 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-03-28 21:39 - 2016-01-31 12:24 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-03-28 21:39 - 2016-01-31 12:20 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-03-28 21:38 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-28 21:38 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-03-28 21:38 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-03-28 21:38 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-03-28 21:38 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-03-28 21:38 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-03-28 21:38 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2016-03-28 21:38 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2016-03-28 21:38 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-03-28 21:38 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-03-28 21:38 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
2016-03-28 21:38 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2016-03-28 21:38 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingMonitor.dll
2016-03-28 21:38 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-03-28 21:38 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-03-28 21:38 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-03-28 21:38 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-03-28 21:38 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2016-03-28 21:38 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2016-03-28 21:38 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-03-28 21:38 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-03-28 21:38 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
2016-03-28 21:38 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2016-03-28 21:38 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\SettingMonitor.dll
2016-03-28 21:38 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2016-03-28 21:38 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-03-28 21:38 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-03-28 21:38 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-03-28 21:38 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-03-28 21:38 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2016-03-28 21:38 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-03-28 21:38 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2016-03-28 21:38 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-03-28 21:38 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-03-28 21:38 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
2016-03-28 21:38 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-03-28 21:38 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-03-28 21:38 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
2016-03-28 21:38 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-03-28 21:38 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-03-28 21:38 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-03-28 21:38 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-03-28 21:38 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-03-28 21:37 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2016-03-28 21:37 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2016-03-28 21:37 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2016-03-28 21:37 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
2016-03-28 21:37 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-03-28 21:37 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-03-28 21:37 - 2016-01-20 18:40 - 00099672 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-03-28 21:36 - 2016-02-11 16:17 - 07452504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-28 21:36 - 2016-02-11 16:17 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-28 21:36 - 2016-02-11 16:17 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-03-28 21:36 - 2016-02-11 16:17 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-03-28 21:36 - 2016-02-11 16:17 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-03-28 21:36 - 2016-02-11 16:17 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-03-28 21:36 - 2016-02-11 16:16 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-28 21:36 - 2016-02-09 14:07 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-03-28 21:36 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-03-28 21:36 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll
2016-03-28 21:36 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpsapi.dll
2016-03-28 21:36 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2016-03-28 21:36 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeui.exe
2016-03-28 21:35 - 2016-02-06 19:05 - 00551256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-03-28 21:35 - 2016-02-06 18:41 - 00316760 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-03-28 21:35 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-03-28 21:35 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-03-28 21:35 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-03-28 21:35 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-03-28 21:35 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-03-28 21:35 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2016-03-27 21:48 - 2016-03-27 21:57 - 00000000 ____D C:\Users\Robert\AppData\Local\app
2016-03-18 23:20 - 2016-03-29 01:09 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-11 19:08 - 2016-02-20 11:45 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-11 19:08 - 2016-02-20 11:45 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-11 19:08 - 2016-02-20 11:45 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-11 19:08 - 2016-02-20 11:45 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-11 19:08 - 2016-02-20 11:45 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-11 19:08 - 2016-02-20 11:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-11 19:08 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-11 19:08 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-11 19:08 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-11 19:08 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-03-11 19:08 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-11 19:08 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-11 19:08 - 2016-02-08 16:07 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-03-11 19:08 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-11 19:08 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-11 19:08 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-11 19:08 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-11 19:08 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-11 19:08 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-11 19:08 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-11 19:08 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-11 19:08 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-11 19:08 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-11 19:08 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-11 19:08 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-03-11 19:08 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-11 19:08 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-11 19:08 - 2016-02-08 13:42 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-03-11 19:08 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-11 19:08 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-11 19:08 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-11 19:08 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-11 19:08 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-11 19:08 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-03-11 19:08 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-11 19:08 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-11 19:08 - 2016-02-05 15:06 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-11 19:06 - 2016-02-11 10:21 - 00869576 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2016-03-11 19:06 - 2016-02-11 10:21 - 00678600 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2016-03-11 19:06 - 2016-02-11 10:20 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2016-03-11 19:06 - 2016-02-11 10:20 - 00536776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2016-03-11 19:06 - 2016-02-05 10:59 - 07784960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-11 19:06 - 2016-02-05 10:55 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-11 19:06 - 2016-02-05 10:48 - 07075840 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2016-03-11 19:06 - 2016-02-05 10:47 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2016-03-11 19:05 - 2016-02-12 15:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-11 19:05 - 2016-02-12 11:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-11 19:05 - 2016-02-12 10:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-03-11 19:05 - 2016-02-12 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-11 19:05 - 2016-02-12 10:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-11 19:05 - 2016-02-12 10:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-11 19:05 - 2016-02-12 10:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-11 19:05 - 2016-02-12 10:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-11 19:05 - 2016-02-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-11 19:05 - 2016-02-12 10:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-11 19:05 - 2016-02-12 10:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-11 19:05 - 2016-02-12 10:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-11 19:05 - 2016-02-06 12:58 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-11 19:05 - 2016-02-06 12:32 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-11 19:05 - 2016-02-03 16:37 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-11 19:05 - 2016-02-03 16:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-11 19:05 - 2016-02-03 11:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-11 19:05 - 2016-02-03 11:00 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-11 19:05 - 2016-02-03 11:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-11 19:04 - 2016-02-06 14:08 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-11 19:04 - 2016-02-05 15:07 - 00292696 _____ (Microsoft Corporation) C:\Windows\system32\WMASF.DLL
2016-03-11 19:04 - 2016-02-05 15:07 - 00243032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMASF.DLL
2016-03-11 19:04 - 2016-02-05 11:03 - 15432704 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-11 19:04 - 2016-02-05 11:00 - 13318144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-11 19:04 - 2016-02-04 14:18 - 04174336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-11 19:04 - 2016-01-31 15:16 - 00148832 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-11 19:03 - 2016-02-04 14:18 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-11 19:03 - 2016-02-04 14:12 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-11 19:03 - 2016-02-04 13:44 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-11 19:03 - 2016-02-04 13:39 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-11 19:03 - 2016-02-04 13:24 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-11 19:03 - 2016-02-04 13:02 - 00483328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-03 17:38 - 2015-05-06 18:10 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3511957844-2261570385-1743981658-1005
2016-04-03 17:32 - 2014-04-23 19:02 - 00000000 ____D C:\Users\Robert\AppData\Roaming\ClassicShell
2016-04-03 17:25 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-04-03 17:24 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-03 17:19 - 2013-12-12 04:46 - 00000000 ____D C:\ProgramData\Temp
2016-04-03 17:17 - 2014-05-03 11:59 - 00000000 ____D C:\ProgramData\HP
2016-04-03 10:58 - 2014-10-21 22:27 - 00000000 ____D C:\Downloaded Programs
2016-04-02 22:51 - 2014-04-23 18:58 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8A055C58-84B1-4BA9-AD00-A48621AAEA0A}
2016-04-02 12:42 - 2014-04-25 22:55 - 00000000 ____D C:\Users\Robert\AppData\Roaming\uTorrent
2016-03-30 18:43 - 2015-03-10 12:47 - 00000558 _____ C:\DelFix.txt
2016-03-30 18:21 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2016-03-30 18:07 - 2015-09-09 17:58 - 00003172 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRobert
2016-03-30 18:07 - 2015-09-09 17:58 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForRobert.job
2016-03-29 21:26 - 2016-02-15 00:19 - 00000000 ____D C:\Users\Robert\AppData\Roaming\MPC-HC
2016-03-29 19:07 - 2013-08-26 02:13 - 00965454 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-03-29 01:06 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-29 01:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\registration
2016-03-29 01:01 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Sysprep
2016-03-28 22:33 - 2014-04-23 19:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-28 22:20 - 2014-08-16 22:34 - 00000000 ____D C:\Users\Robert\AppData\Local\Adobe
2016-03-28 22:11 - 2015-04-17 22:21 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Skype
2016-03-28 22:10 - 2013-08-26 02:09 - 00956540 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-28 21:48 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2016-03-28 21:48 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-28 21:45 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2016-03-28 21:40 - 2015-12-19 12:21 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-28 21:40 - 2015-12-19 12:21 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-28 21:10 - 2014-04-23 18:57 - 00000000 ____D C:\Users\Robert
2016-03-27 23:19 - 2016-01-04 23:09 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-11 19:36 - 2013-08-22 10:44 - 00589584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-11 19:32 - 2015-04-16 21:36 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-11 19:29 - 2014-04-23 04:09 - 00000000 ____D C:\Windows\system32\MRT
2016-03-11 19:22 - 2014-04-23 04:09 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-11 19:09 - 2016-02-13 20:56 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 19:07 - 2015-12-11 21:01 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-11 19:07 - 2015-12-11 21:01 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-11 19:07 - 2015-12-11 21:01 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-08 03:00 - 2014-12-09 18:15 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:00 - 2014-12-09 18:15 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-07-11 23:15 - 2014-07-11 23:15 - 0000017 _____ () C:\Users\Robert\AppData\Local\resmon.resmoncfg
2014-05-04 14:20 - 2014-12-17 19:00 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-05-03 11:57 - 2014-05-03 11:57 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-10 22:56 - 2014-05-10 22:56 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-02 13:04

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Robert (2016-04-03 17:43:23)
Running from C:\Users\Robert\Desktop
Windows 8.1 (X64) (2014-04-23 06:03:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3511957844-2261570385-1743981658-500 - Administrator - Disabled)
Guest (S-1-5-21-3511957844-2261570385-1743981658-501 - Limited - Disabled)
Robert (S-1-5-21-3511957844-2261570385-1743981658-1005 - Administrator - Enabled) => C:\Users\Robert

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{E825A27F-01E0-1BB8-6A7D-DD769D57E4B0}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Amnesia - The Dark Descent  (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.4.0 - SlySoft)
AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden
AutoCAD Electrical 2015 - English (Version: 12.0.55.0 - Autodesk) Hidden
AutoCAD Electrical 2015 Language Pack - English (Version: 12.0.55.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.0.27.1100 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 1.0.59.0 - Autodesk)
Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk AutoCAD Electrical 2015 - English (HKLM\...\AutoCAD Electrical 2015 - English) (Version: 12.0.55.0 - Autodesk)
Autodesk AutoCAD Electrical Mobile Data (HKLM-x32\...\{4F4C5027-2FAC-4863-AA12-5754FF226849}) (Version: 1.0.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk)
Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk)
Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
Free Spider Solitaire v5.0 (HKLM-x32\...\Free Spider_is1) (Version:  - TreeCardGames)
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{23EF407B-E7D0-4CB6-8916-43E5B9EEFDED}) (Version: 1.0.9 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
IsoBuster 1.9.1 (HKLM-x32\...\IsoBuster_is1) (Version: 1.9.1 - Smart Projects)
K-Lite Mega Codec Pack 11.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.9.0 - KLCP)
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Home Edition (Version: 6.1.1000 - Paramount Software (UK) Ltd.) Hidden
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 45.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 45.0.1 (x64 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Nero 7 Ultra Edition (HKLM-x32\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
PerfectDisk Professional Business (HKLM\...\{682B22AB-EAAA-4B1C-83AF-B26E7D4ED01E}) (Version: 13.0.783 - Raxco Software Inc.)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.5 - Portforward, LLC)
ProShow Producer (HKLM-x32\...\ProShow Producer) (Version:  - Photodex Corporation)
Ralink Bluetooth Stack64 (HKLM\...\{8A2E2A41-B814-407E-2F96-4E433C42AB78}) (Version: 11.0.739.0 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7373 - Realtek Semiconductor Corp.)
SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SolidWorks 2014 x64 Edition SP03 (HKLM-x32\...\SolidWorks Installation Manager 20140-40300-1100-100) (Version: 22.3.0.56 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP03 (Version: 22.130.56 - SolidWorks) Hidden
SolidWorks Composer Player 2014 SP03 x64 Edition (Version: 22.30.56 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP03 (Version: 14.3.107 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2014 SP03 x64 Edition (Version: 22.30.56 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2014 SP03 x64 Edition (Version: 22.30.56 - SolidWorks Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.8 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Whispered Secrets 3 - Into the Wind CE UPDATE (HKLM-x32\...\Whispered Secrets 3 - Into the Wind CE UPDATE1.1) (Version: 1.1 - Foxy Games)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3511957844-2261570385-1743981658-1005_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\Inventor Server\Bin\TestServer.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09F0478E-5560-421E-B00A-6D957953E2D9} - \Optimize Start Menu Cache Files-S-1-5-21-3511957844-2261570385-1743981658-1002 -> No File <==== ATTENTION
Task: {32CCC404-30CD-417A-A7D9-87E7AA67D658} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-03-24] (HP Inc.)
Task: {563966E9-AE11-4F9C-99CB-1E70BCF16A99} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {59023211-95FC-4489-A0CB-E20A274A8A92} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-03-11] (Microsoft Corporation)
Task: {6510AEDA-4D54-4636-99E7-5D346A87696D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {752D4054-9117-4B7B-A37A-CA3878C2273B} - \Optimize Start Menu Cache Files-S-1-5-21-3511957844-2261570385-1743981658-500 -> No File <==== ATTENTION
Task: {850B844A-9D1F-4459-97DE-2021CE45525F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-02-18] (Synaptics Incorporated)
Task: {97DE100F-297C-447C-85B7-86584EAAD9B1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {99912356-0A5F-4FC5-8425-47B18FA4A98D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {A90C7AA3-D269-4F3E-9B40-7858EB23B002} - System32\Tasks\{FB1A9DC6-BD16-42C2-B04F-5221F8745A03} => pcalua.exe -a "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
Task: {B5BD24CA-2B71-49E8-B01F-C745E75B55BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {BBF4AC2F-7854-45DB-85D7-B7A22AA481D8} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {C3D8F1B7-00E5-4CA1-8F09-B6B575DE5C3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {DB3EB686-B7C1-4B28-8A1E-C3854FE5924B} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
Task: {DF4123C2-437B-4A0A-A375-BC554AE4BED5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {E716061B-C165-457B-8F61-0FE95961FBF9} - System32\Tasks\HPCeeScheduleForRobert => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\HPCeeScheduleForRobert.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-19 17:48 - 2013-08-19 17:48 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-08-19 17:47 - 2013-08-19 17:47 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-05-12 21:05 - 2014-05-12 21:05 - 00186760 _____ () C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
2013-08-19 17:47 - 2013-08-19 17:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-08-19 17:48 - 2013-08-19 17:48 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2014-05-24 19:25 - 2013-12-22 02:22 - 00047496 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2014-05-24 19:25 - 2013-12-22 02:22 - 00104328 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [152]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-03-29 18:29 - 00001006 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\Control Panel\Desktop\\Wallpaper -> C:\Photos\WIND RIVER BOB\DSC00376.JPG
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "SolidWorks 2014 Fast Start.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SolidWorks Background Downloader.lnk"
HKLM\...\StartupApproved\Run32: => "ADSKAppManager"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "Autodesk Sync"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "AnyDVD"
HKU\S-1-5-21-3511957844-2261570385-1743981658-1005\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{99AB0D9B-878E-406F-B97A-3EC70B95F9A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A10E90A9-FB91-4EB3-A9F5-C2BB2A76D75D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD79683A-AEDF-4999-9123-A1FBB00B3273}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66B115C9-4F88-4CDB-96FF-2134BBF5C9CF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{027A2713-D6BD-4A9C-8A1B-40E58AF026AD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{4C4F41CB-7472-4A76-BE5A-0983120BE539}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{40C0F5E0-4E08-4D13-8751-F36663AD8BC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{9ABE0139-9650-4C1B-9FAD-C24BE1CC0B9B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{75E2B264-F083-461B-A302-17FD65CCA98E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{6F4FA5C4-9803-478C-9B68-5F8D0BF88326}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{CF3748AF-48E7-4CCC-AF18-7AA712AEE7EB}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{04C3E7B9-8BE0-4440-9E96-5998F0D863C3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{37F3F536-98BA-4535-B6F7-0A142B3CD0A5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{16354299-2032-4F7F-8FC3-D624C1F476A0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{D6B5F960-757A-464B-B837-7C2541BA312C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{E391D2D7-D081-4FDE-911A-89FFD3A5F831}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{CF39E51A-276C-4B5B-A4EB-126D0FD3E617}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{1F11568A-868C-474A-8C1C-D9A5C3758278}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{CD227912-D37C-4BE1-9D4A-CD6FFFEA9649}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{9FD7154C-DE8B-4BFD-81EA-DDEA520E078F}] => (Allow) LPort=50248
FirewallRules: [{7311761D-148D-4EA8-9807-7D36DEFB5980}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{6F76C9D8-A6F8-44CE-A8D4-FDBC96D861F1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{FEC748DC-3F69-430C-B6B7-4ADC5AD26F7B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{87BFE6EB-7370-4D88-A499-C6E7D54FB381}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B41342F7-7E5B-4833-A2EB-7C9261E005E1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{F382F42C-30DC-4637-A876-A2C8816ED645}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{08270B2A-DFD8-419D-A149-51F53E46EC5F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{7E6FBC94-87D6-4C0B-9D60-409520CB7A51}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{421D41BC-6B3F-42B2-9287-61E0ACD705CB}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{A6B8F9B2-CA75-4FC7-832B-69C423BAEFCE}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{98839095-A09A-44A6-B263-550944AB3F00}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360.exe
FirewallRules: [{D8451383-83ED-4DA0-A9A8-AC0917D78FEB}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [{4DCB9EE0-8BBA-44D5-B924-22F6EDA54EA3}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe
FirewallRules: [TCP Query User{0073B75D-7E40-4709-AD5C-9B188879A63D}C:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe] => (Block) C:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe
FirewallRules: [UDP Query User{A0C4A43D-E192-4240-A455-E4A24E826853}C:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe] => (Block) C:\program files\solidworks corp\solidworks\swscheduler\dtsmonitor.exe
FirewallRules: [TCP Query User{565C4669-35DC-43D1-BBA9-A26FB0836228}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{E6647BF4-C0C8-45C2-825A-12C1F7FA59FD}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [{F60E5310-C881-4942-BDF9-F6450272248C}] => (Allow) C:\Users\Robert\AppData\Roaming\OAS\oas.exe
FirewallRules: [{B98C766F-AC48-4ACE-A567-F54BADCACBA4}] => (Allow) C:\Users\Robert\AppData\Roaming\OAS\oasupd.exe
FirewallRules: [{7516FD80-6552-4D75-8FE8-BE23EACA781B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2D5D68CB-2589-455F-9FA2-4314A4E9C891}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{37210263-5DB9-4A35-9297-E7ECBF7AEA7F}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
FirewallRules: [{43FB2BE8-BBEE-4DDD-AB76-064634D94334}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
FirewallRules: [{50D5CDDC-5780-497E-A0CB-E1A50EF54E1F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C35C7DA0-B461-415E-872E-97C28B174D95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

18-03-2016 23:16:42 JRT Pre-Junkware Removal
24-03-2016 23:28:01 Windows Update
27-03-2016 21:56:34 JRT Pre-Junkware Removal
29-03-2016 18:43:43 JRT Pre-Junkware Removal
02-04-2016 12:44:07 JRT Pre-Junkware Removal
02-04-2016 16:35:46 Restore Point Created by FRST
02-04-2016 19:11:49 Restore Point Created by FRST
03-04-2016 17:16:37 Removed HP Officejet 4620 series Basic Device Software

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/02/2016 07:11:48 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {55df71af-03b4-46a8-9ab2-0d07464c0187}

Error: (04/02/2016 04:35:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {1a6966e4-6b4a-4ef9-bb13-5596dd7f28a2}

Error: (04/02/2016 01:04:48 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Outlook

Error: (04/02/2016 01:04:48 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: Outlook8

Error: (03/31/2016 11:01:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (03/29/2016 06:50:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: egui.exe, version: 8.0.319.0, time stamp: 0x559d2313
Faulting module name: ToastNotify.dll, version: 8.0.319.0, time stamp: 0x559d2398
Exception code: 0xc0000005
Fault offset: 0x0000000000002f3e
Faulting process id: 0x10e4
Faulting application start time: 0xegui.exe0
Faulting application path: egui.exe1
Faulting module path: egui.exe2
Report Id: egui.exe3
Faulting package full name: egui.exe4
Faulting package-relative application ID: egui.exe5

Error: (03/29/2016 06:24:57 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft Access database engine 2010 (English) - Update 'Microsoft Access Database Engine 2010 Service Pack 1 (SP1)' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSI6cac5.LOG.

Error: (03/29/2016 06:24:57 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Access database engine 2010 (English) -- Error 1706. Setup cannot find the required files.  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see SETUP.CHM.

Error: (03/29/2016 06:21:17 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft Access database engine 2010 (English) - Update 'Microsoft Access Database Engine 2010 Service Pack 1 (SP1)' could not be installed. Error code 1603. Additional information is available in the log file C:\Windows\TEMP\MSI35f19.LOG.

Error: (03/29/2016 06:21:16 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft Access database engine 2010 (English) -- Error 1706. Setup cannot find the required files.  Check your connection to the network, or CD-ROM drive.    For other potential solutions to this problem, see SETUP.CHM.


System errors:
=============
Error: (04/03/2016 05:24:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (04/03/2016 05:23:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
%%1062

Error: (04/03/2016 10:46:38 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/03/2016 10:46:08 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/03/2016 10:42:31 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/03/2016 10:42:01 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/03/2016 10:29:54 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/03/2016 10:29:24 AM) (Source: DCOM) (EventID: 10010) (User: Shadowfax)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/03/2016 10:13:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The UAC File Virtualization service failed to start due to the following error:
%%1275

Error: (04/02/2016 11:12:13 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer BEATRICE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{42E1B6EA-3728-42A7-8E02-53ADCE251643}.
The master browser is stopping or an election is being forced.


CodeIntegrity:
===================================
  Date: 2015-10-28 23:06:29.137
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-28 22:50:17.447
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-28 22:42:44.415
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-10-28 22:27:02.996
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A6-5200 APU with Radeon™ HD Graphics
Percentage of memory in use: 17%
Total physical RAM: 7643.95 MB
Available physical RAM: 6324.13 MB
Total Virtual: 8859.95 MB
Available Virtual: 7471.18 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:677.33 GB) (Free:526.58 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.54 GB) (Free:2.08 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3A472083)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

Advertisements


#26
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts

To make the system more secure you should enable the User Account Control (UAC)
 

  • Open the Start Menu Win7Orb.gif
  • Click Control Panel.
  • Click the View by drop-down arrow and select Large icons.
  • Click User Accounts.
  • Click Change User Account Settings.
  • Move the slider:
    • Set to Always Notify to turn UAC ON
    • Click OK
  • Restart your computer.

 

Download Windows Repair (All-in-One) Portable (use the Direct Download button)

  • extract the tweaking.com_windows_repair_aio.zip to c:\Windows\TEMP the zip will extract to a folder called Tweaking.com - Windows Repair
  • execute the file Repair_Windows.exe from the Tweaking.com - Windows Repair folder
  • click on the tab Step 5: Backup and on the buttons:
    • Backup to create a Registry Backup
    • Create to create a System Restore Point
  • click on the tab Start Repairs, next click the Open Repairs button to access the following screen:
    WindowsRepair.png
  • click the box All Repairs to uncheck all the box's
  • check only the following box's:
    • 26 - Restore Important Windows Services
  • check the box Restart/Shutdown System When Finished > Restart System
  • click the Start Repairs button

 

 

After  restart post a new FSS log.


  • 0

#27
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts

Before running FSS again please wait 10 minutes after the restart.


  • 0

#28
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts

Enabled UAC, ran repair.  Waited 20 minutes, ran FSS.  Please see log below.

 

Farbar Service Scanner Version: 27-01-2016
Ran by Robert (administrator) on 03-04-2016 at 19:28:33
Running from "C:\Users\Robert\Desktop"
Microsoft Windows 8.1  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****


  • 0

#29
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,396 posts

Hi,
 
Now looks good :)
 
Back to post #17 and the Security Check log, please update the programs using the Download Update link in front of the Warning! signs on the list

 

 

Edit: I forgot to ask if you want to Upgrade to Windows 10 or not.


Edited by SleepyDude, 04 April 2016 - 04:13 AM.

  • 0

#30
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts

Just checking the thread at work.  I will update the programs identified in post #17 when I get home. 

 

No, I don't want to upgrade to Windows 10.  (Is there any benefit?  I already don't like the user interface with 8.1, that's why I installed Classic Shell so that it looks like XP.)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP