Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 freezes shortly after boot, new stuff in WMI

WMI freeze LogFileEventConsumer

  • Please log in to reply

#1
Fenichel

Fenichel

    Member

  • Member
  • PipPip
  • 43 posts

  I am running Windows 7/64.  It was up to date with MS patches until about 6 months ago, when I lost confidence in my ability to avoid having MS force Windows 10 on me.

  It was running continuously from about 2017-03-24 through 2017-04-01 (yesterday), when I turned it off normally.  This morning, it boots to a normal desktop, but a few seconds later it freezes; even the Task Manager is then inaccessible.  I tried a System Restore, but only one restore point remains; it was created a few seconds after midnight on 2017-04-01 (the computer was then unattended), suggesting to me that malware deleted the previous restore points at that time.

  Running in Safe Mode, I have interrogated the Event Viewer, and I see that multiple WMI services are now installed at boot time; they were not installed on boots before today.  I suspect that they are the problem.  I have saved an Event Viewer dump, but your uploader won't accept it.

 All suggestions welcome.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Robert R. Fenichel (administrator) on CPU2015 (02-04-2017 10:52:11)
Running from C:\Users\Robert R. Fenichel\Desktop
Loaded Profiles: Robert R. Fenichel (Available Profiles: Robert R. Fenichel)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\word processing\PGP\GnuPG\bin\dbus-daemon.exe
() C:\Program Files (x86)\word processing\PGP\GnuPG\bin\kleopatra.exe
(g10 Code GmbH) C:\Program Files (x86)\word processing\PGP\GnuPG\gpg-agent.exe
(g10 Code GmbH) C:\Program Files (x86)\word processing\PGP\GnuPG\scdaemon.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanDesktop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-03] (NVIDIA Corporation)
HKLM\...\Run: [EPSON Stylus Photo 2200] => C:\Windows\system32\spool\DRIVERS\x64\3\E_S10IC2.EXE [99840 2003-05-27] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2419512 2012-11-04] (Logitech, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [461184 2016-10-17] (Code 42 Software, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-06-15] (Intel Corporation)
HKLM-x32\...\Run: [Bonus.SSR.FR10] => C:\Program Files (x86)\word processing\ABBYY OCR\Bonus.ScreenshotReader.exe [939272 2009-09-18] (ABBYY.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Internet\RoboForm\RoboTaskBarIcon.exe [110376 2017-02-25] (Siber Systems)
HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\RunOnce: [Uninstall C:\Users\Robert R. Fenichel\AppData\Local\Microsoft\OneDrive\17.3.4604.0120] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Robert R. Fenichel\AppData\Local\Microsoft\OneDrive\17.3.4604.0120"
HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\Policies\Explorer: [NoStartMenuMorePrograms] 1
HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\MountPoints2: {f750e80c-71da-11e5-bf75-806e6f6e6963} - T:\Run.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-10-13] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlanDesktop.lnk [2015-10-30]
ShortcutTarget: CrashPlanDesktop.lnk -> C:\Program Files (x86)\system tools\backup\CrashPlan\CrashPlanDesktop.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-10-15]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2015 Fast Start.lnk [2015-10-15]
ShortcutTarget: SOLIDWORKS 2015 Fast Start.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS Background Downloader.lnk [2015-11-01]
ShortcutTarget: SOLIDWORKS Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\Users\Robert R. Fenichel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CoolMon.lnk [2015-10-13]
ShortcutTarget: CoolMon.lnk -> C:\Program Files (x86)\system tools\monitor\CoolInfo\CoolMon.exe (The CoolMon Project)
Startup: C:\Users\Robert R. Fenichel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2015-10-13]
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\database\Password Safe\pwsafe.exe (SourceForge.net)
Startup: C:\Users\Robert R. Fenichel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RRF background.lnk [2015-10-13]
ShortcutTarget: RRF background.lnk -> G:\source code\Delphi\applications\infrastructure\background\Background.exe ()
Startup: C:\Users\Robert R. Fenichel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RRF clock gadget.lnk [2015-10-13]
ShortcutTarget: RRF clock gadget.lnk -> G:\source code\Delphi\applications\infrastructure\CalendarClock\CalendarClockGadget.exe ()
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-14] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-14] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-14] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-14] (Lavasoft Limited)
Winsock: Catalog9 15 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-14] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-14] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-14] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-14] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-14] (Lavasoft Limited)
Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-14] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{06E3C05D-7943-4997-885D-29E08AC5CC12}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{93257A18-FF66-4342-A183-FF5CF43EE04C}: [DhcpNameServer] 192.168.1.254 75.153.171.122
 
Internet Explorer:
==================
HKU\S-1-5-21-979816460-3853156291-1427404335-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.nytimes.com/crosswords/index.html?page=home&module=SectionsNav&action=click&version=BrowseTree&region=TopBar&contentCollection=Crossword&pgtype=Homepage&_r=0
SearchScopes: HKU\S-1-5-21-979816460-3853156291-1427404335-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D101415-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms}
SearchScopes: HKU\S-1-5-21-979816460-3853156291-1427404335-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D101415-A510D0E105D5B4CC49CF&form=CONBDF&conlogo=CT3330941&q={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-29] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Internet\RoboForm\RoboForm-x64.dll [2017-02-25] (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\programming\Java\bin\ssv.dll [2015-10-30] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-02-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-29] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\programming\Java\bin\jp2ssv.dll [2015-10-30] (Oracle Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Internet\RoboForm\roboform.dll [2017-02-25] (Siber Systems Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2012-11-04] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-02-18] (Microsoft Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Internet\RoboForm\RoboForm-x64.dll [2017-02-25] (Siber Systems Inc.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Internet\RoboForm\roboform.dll [2017-02-25] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-979816460-3853156291-1427404335-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Internet\RoboForm\RoboForm-x64.dll [2017-02-25] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-979816460-3853156291-1427404335-1000 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-29] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Robert R. Fenichel\AppData\Roaming\Mozilla\Firefox\Profiles\702qq0q4.default [2017-04-02]
FF NewTab: Mozilla\Firefox\Profiles\702qq0q4.default -> hxxp://www.bing.com/?pc=COSP&ptag=D101415-A510D0E105D5B4CC49CF&form=CONMHP&conlogo=CT3330941
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\702qq0q4.default -> Bing®
FF Homepage: Mozilla\Firefox\Profiles\702qq0q4.default -> hxxps://calendar.google.com/calendar/render?tab=mc#main_7
FF Extension: (Ghostery) - C:\Users\Robert R. Fenichel\AppData\Roaming\Mozilla\Firefox\Profiles\702qq0q4.default\Extensions\[email protected] [2017-02-11]
FF Extension: (uBlock Origin) - C:\Users\Robert R. Fenichel\AppData\Roaming\Mozilla\Firefox\Profiles\702qq0q4.default\Extensions\[email protected] [2017-03-13]
FF Extension: (NoScript) - C:\Users\Robert R. Fenichel\AppData\Roaming\Mozilla\Firefox\Profiles\702qq0q4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-17]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2017-04-01] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-08]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-10-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Internet\RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Internet\RoboForm\Firefox\roboform.xpi [2017-02-25]
FF HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Internet\RoboForm\Firefox\roboform.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-14] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\programming\Java\bin\dtplugin\npDeployJava1.dll [2015-10-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\programming\Java\bin\plugin2\npjp2.dll [2015-10-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\image processing\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-14] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\multimedia\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\multimedia\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\image processing\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
 
Chrome: 
=======
CHR Profile: C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default [2016-08-03]
CHR Extension: (Google Slides) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-23]
CHR Extension: (Google Docs) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-23]
CHR Extension: (Google Drive) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-23]
CHR Extension: (YouTube) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-23]
CHR Extension: (Logitech SetPoint) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2016-03-23]
CHR Extension: (Google Sheets) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-23]
CHR Extension: (Kaspersky Protection) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-08-03]
CHR Extension: (Google Docs Offline) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-03]
CHR Extension: (Blue Gradient with Diagonal Lines) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkaofaeifenjdcgjmpnhlokifhmenpho [2016-08-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-03]
CHR Extension: (Gmail) - C:\Users\Robert R. Fenichel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-23]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2015-10-13]
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ABBYY.Licensing.FineReader.Professional.10.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [806664 2009-09-08] (ABBYY)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3704520 2017-02-18] (Microsoft Corporation)
S3 CoordinatorServiceHost; C:\Program Files (x86)\image processing\SolidWorks\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [81400 2015-03-06] (Dassault Systèmes SolidWorks Corporation)
S2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [266112 2016-10-17] (Code 42 Software)
S3 DirMngr; C:\Program Files (x86)\word processing\PGP\dirmngr.exe [218112 2013-08-20] () [File not signed]
S2 ewserver; C:\Program Files (x86)\image processing\SolidWorks\SOLIDWORKS Electrical\server\EwServer.exe [184328 2015-03-05] (Trace Software International)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-03] (NVIDIA Corporation)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\hardware\motherboard\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
S2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-10-14] (Lavasoft Limited) [File not signed]
S2 MSSQL$TEW_SQLEXPRESS; G:\image processing\SolidWorks\electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-03] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-03] (NVIDIA Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-10-14] () [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-10-15] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; G:\image processing\SolidWorks\electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S4 NIApplicationWebServer64; "C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe" -user [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ausb3hub; C:\Windows\System32\DRIVERS\ausb3hub.sys [395752 2015-10-13] (Intel Corporation)
R3 ausb3xhc; C:\Windows\System32\DRIVERS\ausb3xhc.sys [807912 2015-10-13] (Intel Corporation)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (www.winchiphead.com)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [501216 2015-06-18] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-06-23] (Intel Corporation)
S2 IntelHaxm; C:\Windows\System32\DRIVERS\IntelHaxm.sys [96776 2015-11-16] (Intel  Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
S0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
S1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
S2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [195296 2017-03-15] (AO Kaspersky Lab)
S1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [313112 2017-03-15] (AO Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1035488 2017-03-15] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [57936 2016-12-08] (AO Kaspersky Lab)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
S1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [135904 2017-03-15] (AO Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [199392 2017-03-15] (AO Kaspersky Lab)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42944 2010-09-09] (hxxp://libusb-win32.sourceforge.net)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-07-07] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-03] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files (x86)\system tools\edit\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 Usbtmc; C:\Windows\System32\Drivers\ausbtmc.sys [24064 2014-11-07] (IVI Foundation) [File not signed]
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [205440 2017-01-16] (Oracle Corporation)
S3 cpuz134; \??\C:\Users\ROBERT~1.FEN\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-02 10:52 - 2017-04-02 10:52 - 00028389 _____ C:\Users\Robert R. Fenichel\Desktop\FRST.txt
2017-04-02 10:51 - 2017-04-02 10:52 - 00000000 ____D C:\FRST
2017-04-02 10:51 - 2017-04-02 10:48 - 02424832 _____ (Farbar) C:\Users\Robert R. Fenichel\Desktop\FRST64.exe
2017-04-02 10:05 - 2017-04-02 10:31 - 00069632 _____ C:\Users\Robert R. Fenichel\Desktop\wmi events.evtx
2017-04-02 10:05 - 2017-04-02 10:05 - 00000000 ____D C:\Users\Robert R. Fenichel\Desktop\LocaleMetaData
2017-04-02 08:31 - 2017-04-02 08:31 - 00000342 _____ C:\Windows\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}.job
2017-04-02 08:08 - 2017-04-02 09:41 - 00083970 _____ C:\Windows\ntbtlog.txt
2017-04-02 07:50 - 2017-04-02 08:07 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-04-01 22:26 - 2017-04-01 22:27 - 07908905 _____ C:\Users\Robert R. Fenichel\Downloads\PCNC770-3-UM-B1-4.pdf
2017-04-01 10:25 - 2017-04-02 08:05 - 00000000 ___DC C:\ProgramData\{F4125A5E-9503-4B59-B769-E73E50538BC9}
2017-04-01 10:25 - 2017-04-01 10:25 - 00000000 ____D C:\Users\Public\Documents\RBuilder
2017-03-24 11:19 - 2017-03-24 11:19 - 07023208 _____ (Tim Kosse) C:\Users\Robert R. Fenichel\Downloads\FileZilla_3.25.1_win64-setup.exe
2017-03-22 15:27 - 2017-03-22 15:27 - 00046520 _____ C:\Users\Robert R. Fenichel\Downloads\lookup.csv
2017-03-20 17:22 - 2017-03-20 17:22 - 00001305 _____ C:\Users\Robert R. Fenichel\Desktop\BangGood PS - Shortcut.lnk
2017-03-16 10:22 - 2017-03-16 10:22 - 07008040 _____ (Tim Kosse) C:\Users\Robert R. Fenichel\Downloads\FileZilla_3.25.0_win64-setup.exe
2017-03-13 10:50 - 2017-03-13 10:50 - 00000000 ____D C:\Users\Robert R. Fenichel\Documents\DipTrace Beta
2017-03-13 10:50 - 2017-03-13 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DipTrace Beta
2017-03-13 10:49 - 2017-03-13 10:49 - 00000000 ____D C:\Program Files\New folder
2017-03-06 10:09 - 2017-03-06 10:09 - 11336103 _____ C:\Users\Robert R. Fenichel\Downloads\UltraScope(PC)Installer.rar
2017-03-03 12:41 - 2017-03-03 13:00 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Roaming\uTorrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-02 10:39 - 2015-10-15 10:36 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Roaming\gnupg
2017-04-02 10:33 - 2016-11-21 09:53 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\LocalLow\Mozilla
2017-04-02 08:15 - 2015-10-13 14:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-04-02 08:13 - 2009-07-13 22:13 - 00925446 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-02 08:13 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-04-02 08:07 - 2015-10-25 09:38 - 01027629 _____ C:\ads_err.adt
2017-04-02 08:07 - 2015-10-25 09:38 - 00018432 _____ C:\ads_err.adi
2017-04-02 08:07 - 2015-10-13 14:00 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Local\PasswordSafe
2017-04-02 08:06 - 2015-11-20 22:54 - 00000093 _____ C:\HaxLogs.txt
2017-04-02 08:06 - 2015-10-13 12:54 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-02 08:06 - 2015-10-13 11:55 - 00000000 ____D C:\Users\Robert R. Fenichel
2017-04-02 08:06 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-02 08:05 - 2016-12-09 16:51 - 00000000 ___HD C:\ProgramData\{7AF976B5-59D4-4691-86FA-582467192CE2}
2017-04-02 08:05 - 2016-12-01 11:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-02 08:05 - 2015-10-14 17:39 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Local\Adobe
2017-04-02 08:05 - 2015-10-14 10:34 - 00000000 ____D C:\Users\Public\Documents\DYMO Label
2017-04-02 08:05 - 2015-10-13 16:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-02 08:05 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2017-04-01 09:43 - 2009-07-13 21:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-01 09:43 - 2009-07-13 21:45 - 00014944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-24 19:14 - 2017-01-17 15:06 - 00012789 _____ C:\Users\Robert R. Fenichel\Desktop\scratch.xlsx
2017-03-24 16:18 - 2015-10-13 12:02 - 00010740 _____ C:\Windows\ads.ini
2017-03-24 11:20 - 2015-10-14 11:32 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Roaming\FileZilla
2017-03-24 11:20 - 2015-10-14 11:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-03-24 09:40 - 2016-08-02 12:38 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-03-24 09:24 - 2016-01-01 17:35 - 00000398 __RSH C:\ProgramData\ntuser.pol
2017-03-23 17:46 - 2015-10-14 10:34 - 00000036 _____ C:\Windows\iltwain.ini
2017-03-23 15:03 - 2015-10-25 09:36 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Local\CrashDumps
2017-03-21 20:05 - 2015-10-15 11:52 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Roaming\Master Genealogist
2017-03-17 14:12 - 2016-10-11 21:36 - 00025336 _____ C:\Users\Robert R. Fenichel\Desktop\home control log.txt
2017-03-15 10:21 - 2016-08-02 12:32 - 01035488 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2017-03-15 10:21 - 2016-08-02 12:32 - 00195296 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2017-03-15 10:21 - 2016-06-20 17:51 - 00313112 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2017-03-15 10:21 - 2016-06-14 17:47 - 00199392 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kneps.sys
2017-03-15 10:21 - 2016-06-02 22:39 - 00135904 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klwtp.sys
2017-03-14 17:27 - 2016-04-08 09:27 - 06847064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2017-03-14 17:27 - 2015-11-14 10:49 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-03-14 17:27 - 2015-10-15 17:51 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-14 17:27 - 2015-10-15 17:51 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-14 17:27 - 2015-10-15 17:51 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-14 17:27 - 2015-10-14 17:43 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-13 15:39 - 2015-10-14 16:48 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Roaming\vlc
2017-03-13 12:03 - 2016-12-05 08:51 - 00002259 _____ C:\Users\Robert R. Fenichel\Desktop\scratch.txt
2017-03-13 11:20 - 2015-11-01 16:12 - 00098294 _____ C:\Windows\excal32.dat
2017-03-12 10:10 - 2009-07-13 22:08 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-10 17:38 - 2015-11-08 14:18 - 00000000 ____D C:\Users\Robert R. Fenichel\AppData\Local\SolidWorks
2017-03-10 11:50 - 2015-10-25 09:38 - 00009284 _____ C:\ads_err.adm
2017-03-08 13:38 - 2016-10-11 11:28 - 00145037 _____ C:\Users\Robert R. Fenichel\Desktop\clock anomaly.txt
2017-03-07 10:09 - 2016-05-18 10:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-07 10:08 - 2015-10-14 15:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
 
==================== Files in the root of some directories =======
 
2015-10-15 15:26 - 2017-03-01 10:26 - 0000132 _____ () C:\Users\Robert R. Fenichel\AppData\Roaming\Adobe BMP Format CS6 Prefs
2016-01-26 19:22 - 2016-01-26 19:22 - 0000132 _____ () C:\Users\Robert R. Fenichel\AppData\Roaming\Adobe GIF Format CS6 Prefs
2015-12-15 11:18 - 2017-01-12 16:36 - 0000132 _____ () C:\Users\Robert R. Fenichel\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-12-20 16:42 - 2017-03-01 09:59 - 0000667 _____ () C:\Users\Robert R. Fenichel\AppData\Roaming\Contact Sheet II.xml
2015-12-20 16:42 - 2017-03-01 10:00 - 0027112 _____ () C:\Users\Robert R. Fenichel\AppData\Roaming\ContactSheetII.log
2016-02-26 13:27 - 2016-04-14 11:31 - 0004632 _____ () C:\Users\Robert R. Fenichel\AppData\Roaming\LTspiceIV.ini
2015-10-15 14:18 - 2015-10-15 14:18 - 0000017 _____ () C:\Users\Robert R. Fenichel\AppData\Local\resmon.resmoncfg
2015-10-13 12:28 - 2015-10-13 12:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
2016-06-02 10:12 - 2017-02-25 10:19 - 21387040 _____ (Siber Systems) C:\Users\Robert R. Fenichel\AppData\Local\Temp\RoboForm-Setup.exe
2014-12-22 00:55 - 2014-12-22 00:55 - 0488960 _____ () C:\Users\Robert R. Fenichel\AppData\Local\Temp\sqlite3.exe
2016-06-07 21:30 - 2016-06-07 21:30 - 30533688 _____ () C:\Users\Robert R. Fenichel\AppData\Local\Temp\vlc-2.2.4-win32.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-19 09:59
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Robert R. Fenichel (02-04-2017 10:52:22)
Running from C:\Users\Robert R. Fenichel\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-10-13 18:55:24)
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-979816460-3853156291-1427404335-500 - Administrator - Disabled)
Guest (S-1-5-21-979816460-3853156291-1427404335-501 - Limited - Disabled)
Robert R. Fenichel (S-1-5-21-979816460-3853156291-1427404335-1000 - Administrator - Enabled) => C:\Users\Robert R. Fenichel
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\uTorrent) (Version: 3.4.9.43295 - BitTorrent Inc.)
3D Models for DipTrace (HKLM-x32\...\3D Models for DipTrace) (Version: 3.0 - Novarm)
ABBYY FineReader 10 Professional Edition (HKLM-x32\...\{F1000000-0001-0000-0000-074957833700}) (Version: 10.501.29.7006 - ABBYY)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advantage Client Engine SDK x86_64 v11.10 (HKLM\...\{D4BB5208-3747-4BFD-946C-4699B142E1DC}) (Version: 11.10.0014 - Sybase, Inc.)
Advantage Data Architect v11.10 (HKLM-x32\...\{2C13E985-B33D-42BD-A606-B00D4D8CFE3C}) (Version: 11.10.0024 - Sybase, Inc.)
Advantage Delphi Components v11.10 (HKLM-x32\...\{C8509120-0D07-4441-AF49-EB70165CA3E5}) (Version: 11.10.0014 - Sybase, Inc.)
Advantage TDataSet Descendant for Delphi/C++Builder v8.1 (HKLM-x32\...\{9F1E9D66-63F5-423B-902C-2F5BCBFD4388}) (Version: 8.10.0038 - Extended Systems, Inc.)
Advantage TDataSet Descendant for Delphi/C++Builder v9.0 (HKLM-x32\...\{B12E154B-5894-4F48-BAB2-94C32C4BA3B7}) (Version: 9.00.0007 - iAnywhere, Inc.)
akFontViewer (HKLM-x32\...\akFontViewer) (Version:  - )
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Arduino (HKLM-x32\...\Arduino) (Version: 1.6.7 - Arduino LLC)
Axialis AX-Icons 4.5 (HKLM-x32\...\AX-Icons 4.5) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borland Delphi 7 (HKLM-x32\...\{72263053-50D1-4598-9502-51ED64E54C51}) (Version: 7.1.1 - Borland Software Corporation)
CAIDA IP Spoofing Tester (HKLM-x32\...\spoofer) (Version:  - )
Canon MF Toolbox 4.9.1.1.mf09 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 3.2.0 - Canon)
Canon MF4320-4350 (HKLM\...\{99A5569D-9F86-4f32-A227-1538B731DA42}) (Version:  - )
CoolMon (HKLM-x32\...\CoolMon) (Version:  - )
CrashPlan (HKLM\...\{879BBD10-45D3-4752-AA6B-FB789392946C}) (Version: 4.8.0.323 - Code 42 Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digilent Software (HKLM-x32\...\Digilent Software) (Version: 1.2.2 - Digilent, Inc.)
DipTrace (HKLM\...\DipTrace) (Version: 3.1 beta - Novarm)
DYMO Label Software (HKLM-x32\...\DYMO Label Software) (Version:  - )
EAGLE 6.5.0 (HKLM-x32\...\EAGLE 6.5.0) (Version: 6.5.0 - CadSoft Computer GmbH)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Eudora (HKLM-x32\...\{116D6A91-14D2-4020-BC4D-BC008B7B6267}) (Version: 7.0 - )
ExamDiff 1.9 (Build 1.9.0.2) (HKLM-x32\...\ExamDiff_is1) (Version: 1.9.0.2 - PrestoSoft LLC)
Excalibur For Windows 32-bit (HKLM-x32\...\Excalibur For Windows 32-bit) (Version:  - )
FileZilla Client 3.25.1 (HKLM-x32\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
FotoAlbum 3.4.1 (HKLM-x32\...\FotoTime_FA_3x_is1) (Version: 3.4.1 - FotoTime, Inc.)
FY3200 PC Contrl software (HKLM-x32\...\FY3200 PC Contrl softwareV2.2) (Version: V2.2 - Fei Yi Ke Ji)
Garmin Trip and Waypoint Manager v5 (HKLM-x32\...\{414A373B-59DF-4102-94CA-9FE9A74CBDDA}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
GExperts for Delphi 7 (HKLM-x32\...\GExpertsDelphi7_is1) (Version: 1.36 - GExperts Development Team)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.2.183.39 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gpg4win (2.2.0) (HKLM-x32\...\GPG4Win) (Version: 2.2.0 - The Gpg4win Project)
GpProfile (HKLM-x32\...\GpProfile) (Version:  - )
High-Definition Video Playback 10 (x32 Version: 7.0.11000.25.1 - Nero AG) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel® Network Connections 20.2.3001.0 (HKLM\...\PROSetDX) (Version: 20.2.3001.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{30F3FF94-225B-4319-A13C-E307FFDA3CFB}) (Version: 6.0.1 - Intel Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java SE Development Kit 8 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180510}) (Version: 8.0.510.16 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Logitech SetPoint 6.51 (HKLM\...\sp6) (Version: 6.51.8 - Logitech)
LTspice IV (HKLM-x32\...\LTspice IV) (Version:  - )
MapSource - Topo Canada v2 (HKLM-x32\...\InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673}) (Version: 2.00 - Garmin Ltd. and its subsidiaries)
MapSource - Topo Canada v2 (x32 Version: 2.00 - Garmin Ltd. and its subsidiaries) Hidden
MapSource (HKLM-x32\...\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}) (Version: 5.4 - Garmin Ltd. and its subsidiaries)
ME ThreadPal Trial (HKLM-x32\...\ME ThreadPal Trial v3.6_is1) (Version:  - Close Tolerance Software)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft FrontPage 2000 (HKLM-x32\...\{00120409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
moltosenso Network Manager Iron version 1.0.0 (HKLM-x32\...\{46AF7E88-A8CA-4EB7-B9FD-E6EC45AD8659}_is1) (Version: 1.0.0 - moltosenso s.r.l.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0 (x64 en-US) (HKLM\...\Mozilla Firefox 43.0 (x64 en-US)) (Version: 43.0 - Mozilla)
Mozilla Firefox 52.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.0.1 (x86 en-US)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.10700.7.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10400.4.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.10500.7.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10400.5.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.11200 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10600.1.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10500.5.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10500.1.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0012 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10500.1.100 - Nero AG)
NVIDIA 3D Vision Controller Driver 344.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.46 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7766.2047 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.14 (HKLM\...\{6AE61854-0F78-49E3-ABCC-586FB43CE709}) (Version: 5.1.14 - Oracle Corporation)
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.1.0 - Prolific Technology INC)
Programmer's Notepad (HKLM-x32\...\{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1) (Version: 2.4.2.1440 - Simon Steele)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
ReportBuilder Standard 17.03 for Delphi 7 (HKLM-x32\...\ReportBuilder Standard 17.03 for Delphi 7) (Version:  - Digital Metaphors)
ReportBuilder Standard 17.03 for Delphi 7 (x32 Version: 17.0.03.293 - Digital Metaphors) Hidden
ReportBuilder Standard 18.0 for Delphi 7 (HKLM-x32\...\ReportBuilder Standard 18.0 for Delphi 7) (Version:  - Digital Metaphors)
ReportBuilder Standard 18.0 for Delphi 7 (x32 Version: 18.0.0.369 - Digital Metaphors) Hidden
RoboForm 7-9-28-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-28-8 - Siber Systems)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
SigmaPlot 13.0 (HKLM-x32\...\{88B90FF3-D0D3-454A-AACE-9B026E2829E3}) (Version: 13.0 - Systat Software, Inc.)
SOLIDWORKS 2015 x64 Edition SP02.1 (HKLM-x32\...\SolidWorks Installation Manager 20150-40201-1100-100) (Version: 23.2.1.1 - SolidWorks Corporation)
SOLIDWORKS 2015 x64 Edition SP02.1 (Version: 23.121.1 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2015 SP02.1 x64 Edition (Version: 23.21.1 - Dassault Systemes SolidWorks Corp) Hidden
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Startup Control Panel (HKLM-x32\...\{3DC91D8B-0C19-4D67-930B-D0AAD2009632}) (Version: 2.7.0.0 - Mike Lin)
StartupMonitor (HKLM-x32\...\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}) (Version: 1.0.2.0 - Mike Lin)
The Master Genealogist v9 (HKLM-x32\...\{096FBCE1-9FE5-4400-966D-81AFA00368A2}) (Version: 9.05.0000 - Wholly Genes Software)
ThumbsPlus version 7 SP2 (HKLM-x32\...\ThumbsPlus7) (Version: 7.0 SP2 - Cerious Software, Inc.)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Viewplot (HKLM-x32\...\Viewplot) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Web Companion (HKLM-x32\...\{4a749ae8-33fa-47a0-8095-98f90e95424f}) (Version: 2.1.1159.2383 - Lavasoft)
WinAVR 20100110 (remove only) (HKLM-x32\...\WinAVR-20100110) (Version: 20100110 - )
WinDirStat 1.1.2 (HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\WinDirStat) (Version:  - )
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9510 - WinZip Computing, S.L. )
X-CTU (HKLM-x32\...\{101586B7-AE8E-4AC4-B75F-48B0C1387B09}) (Version: 5.2.75 - Digi)
XCTU (HKLM-x32\...\XCTU 6.3.4.3) (Version: 6.3.4.3 - Digi International Inc.)
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-979816460-3853156291-1427404335-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Robert R. Fenichel\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {136C3DAE-44F7-469B-95C1-65CEA8474EE8} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMMIMGMPMLMKMNJNMCNHMKJLMMJCNLMKJNMGMCNGMKJNJHMCNMJKMMMKJNMGMMJMMPMPMIMNJJNJICMIMCNGMCNOMJMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMOMJMIMPMJNHICMCJGIGJKJNMJNBJCMNKAJNJKJNILIPNNKBNPNJLKJBJGJMJHJKJDJJNKJ (the data entry has 119 more characters).
Task: {175AED56-98BE-43B1-8D80-B5E430D27976} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {259DB0F1-E1FA-4E8B-B740-B3AA6F68731F} - System32\Tasks\{5E0E2F8A-4D70-470E-988B-5B770928C75A} => C:\Users\Robert R. Fenichel\Desktop\models3d_beta.exe 
Task: {351673E7-7A8D-4EFF-B9E0-7D790C6D6352} - System32\Tasks\{BB4B1526-B077-498D-8AF0-19770E47F21D} => pcalua.exe -a "G:\install\programming\Delphi\Delphi 7\Report Builder\rbstd 1603 for d7.exe" -d "G:\install\programming\Delphi\Delphi 7\Report Builder"
Task: {3A326E33-0473-41AF-A767-549CE5D9D18D} - System32\Tasks\{1BF330DB-D3C3-408A-A192-E33927BD3EC5} => C:\Program Files (x86)\Nikon\NkScan4\Nikon Scan.exe 
Task: {402F598D-ED2B-48D8-8B00-B57FF3E7BB00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-14] (Adobe Systems Incorporated)
Task: {452FAB89-9C8F-4916-B629-BB7D4A4C51F2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-14] (Google Inc.)
Task: {4956DD52-ABC7-495A-899C-1A2558C83BD4} - System32\Tasks\{DB1F3FEC-3255-40F2-AF6D-4B2083D8D746} => C:\Users\Robert R. Fenichel\Desktop\models3d_beta.exe 
Task: {54D2E83A-786C-48F7-9DC1-66AA3EE393DE} - System32\Tasks\{E906D6A1-D60F-4C1E-9A3A-3B7B282C63AE} => pcalua.exe -a "G:\install\word processing\vedit\vpw-prodc.exe" -d "G:\install\word processing\vedit"
Task: {63D151D1-BFAF-4DE9-BE7F-F9392D930C30} - System32\Tasks\{7B45D372-DA5C-4B4A-A952-128310F01C66} => pcalua.exe -a "C:\Users\Robert R. Fenichel\Desktop\scratch\SETUP.EXE" -d "C:\Users\Robert R. Fenichel\Desktop\scratch"
Task: {6F59B2E1-9DA9-4126-B78A-C6EC0A9BBBE0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-14] (Google Inc.)
Task: {9516E801-A4DC-4395-AA63-94669650CED8} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Internet\RoboForm\RoboTaskBarIcon.exe [2017-02-25] (Siber Systems)
Task: {981B316A-28A1-479E-BA9C-B19E1FB1055D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-02-18] (Microsoft Corporation)
Task: {9BC56AA5-D27A-485C-8F2A-6C34EE08BAAD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {9FD45D76-F344-418A-A5D7-4472B3DEEB01} - System32\Tasks\{9504D4FF-6792-43B4-9A21-F1E54AA9183E} => pcalua.exe -a "C:\Users\Robert R. Fenichel\Desktop\feeltech\CH-340 Driver驱动\CH340_341for X64.EXE" -d "C:\Users\Robert R. Fenichel\Desktop\feeltech\CH-340 Driver驱动"
Task: {A6B65AAD-3D9E-46B0-9350-2455AFAD7B26} - System32\Tasks\{A11E4E6D-04C2-4190-9D33-C807BA03FBE3} => pcalua.exe -a F:\Welcome.exe -d F:\
Task: {A76FCE09-4C71-4B92-8AE7-94B3C8EB85E2} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)
Task: {BFC31652-2C17-41E1-99A8-7BED41C2CB82} - System32\Tasks\{FC4F6C93-4FC8-41F7-94CD-5C01FAAE468C} => C:\Users\Robert R. Fenichel\Desktop\models3d_beta.exe 
Task: {C1EB00DD-EF7C-4318-94B4-EED09D72FBF0} - System32\Tasks\{0109BC9A-1E69-42AB-B31E-AC74BE401831} => C:\Users\Robert R. Fenichel\Desktop\models3d_beta.exe 
Task: {C6196BEA-E731-4B2F-8E4A-07FDB413F596} - System32\Tasks\{4E7951EC-4BB8-44C8-A9EC-B20EC20E96FE} => pcalua.exe -a "G:\install\hardware\attached\Feeltech 3200\CH-340 Driver驱动\CH340_341for X64.EXE" -d "G:\install\hardware\attached\Feeltech 3200\CH-340 Driver驱动"
Task: {E4DAB0A0-88CF-46D4-AB1B-19505D01A036} - System32\Tasks\{ED4B180A-901E-4623-9776-D129AC51EBCD} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Nikon\NkScan4\Nikon Scan.exe"
Task: {F5961FB2-BBEB-4B6D-A026-9B4A5AE9FA70} - System32\Tasks\AdobeAAMUpdater-1.0-CPU2015-Robert R. Fenichel => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}.job => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-05-18 10:48 - 2017-01-29 06:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-20 08:44 - 2017-03-20 08:44 - 00052392 _____ () C:\Program Files (x86)\Internet\Filezilla\fzshellext_64.dll
2010-07-14 21:44 - 2010-07-14 21:44 - 00020032 _____ () C:\Program Files (x86)\system tools\edit\Unlocker\UnlockerCOM.dll
2013-04-17 06:09 - 2013-04-17 06:09 - 00635392 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\bin\dbus-daemon.exe
2013-08-19 08:13 - 2013-08-19 08:13 - 04050432 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\bin\kleopatra.exe
2013-04-29 03:22 - 2013-04-29 03:22 - 00247747 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libexpat.dll
2013-08-19 08:13 - 2013-08-19 08:13 - 01938944 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libkleo.dll
2013-08-19 08:13 - 2013-08-19 08:13 - 03352576 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\bin\libkdecore.dll
2013-08-19 08:13 - 2013-08-19 08:13 - 00039936 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libkdewin.dll
2013-08-19 08:13 - 2013-08-19 08:13 - 00038912 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libgcc_s_sjlj-1.dll
2013-04-17 06:09 - 2013-04-17 06:09 - 00507904 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libdbus-1.dll
2013-08-19 08:13 - 2013-08-19 08:13 - 04038144 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libkdeui.dll
2013-08-19 08:13 - 2013-08-19 08:13 - 00949248 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libattica.dll
2013-08-19 08:13 - 2013-08-19 08:13 - 00258560 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libdbusmenu-qt.dll
2013-08-19 08:13 - 2013-08-19 08:13 - 00834048 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libgpgme++.dll
2013-08-20 03:13 - 2013-08-20 03:13 - 00248832 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libgpgme-11.dll
2013-08-20 02:58 - 2013-08-20 02:58 - 00069632 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libassuan-0.dll
2013-08-20 02:56 - 2013-08-20 02:56 - 00037888 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libgpg-error-0.dll
2013-08-19 08:13 - 2013-08-19 08:13 - 00072704 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libqgpgme.dll
2013-08-19 08:13 - 2013-08-19 08:13 - 00294400 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libkcmutils.dll
2013-08-19 08:13 - 2013-08-19 08:13 - 00604160 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libkmime.dll
2013-08-20 02:59 - 2013-08-20 02:59 - 00628224 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libgcrypt-11.dll
2013-08-20 02:54 - 2013-08-20 02:54 - 00050176 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libw32pth-0.dll
2013-08-20 02:59 - 2013-08-20 02:59 - 00221184 _____ () C:\Program Files (x86)\word processing\PGP\GnuPG\libksba-8.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-979816460-3853156291-1427404335-1000\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-979816460-3853156291-1427404335-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1A69996A-38E2-4A19-B53D-E207CBAC1CF2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{48DC8B4C-433E-4FCF-B7EA-BDDE14110EF5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{90DF5A34-44A2-4A0C-A004-1F27DBBCE39C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4CFE7BA6-49C3-46BB-9335-8AE1A3620A35}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{1476D7A5-BEC0-431F-8E25-AE95826B318F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0AA9523E-C226-462F-A80A-B5F728E9B629}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{74A3E4B4-C2FE-4A8A-97E9-C4DD1D4DAEB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AC0C43AF-DC60-4062-B36B-91F9BD7A90DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6399F938-840E-49E1-AE46-1632A2E26B37}] => (Allow) C:\Users\Robert R. Fenichel\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{1F8CC371-D5CD-4A58-AF83-536947F83BAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BDEC4E34-8DBC-4138-B5E1-4820E6FE88B7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F2BF8F48-2D0A-4A07-BEC9-B31DAB8CC8B9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C139B51A-C331-42A3-B411-396704AE384E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4E39A97D-BDC8-4232-8899-F02E0BB3417C}] => (Allow) C:\Program Files (x86)\image processing\SolidWorks\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{61BDF249-4D8B-4184-90B4-CCDFE3E2209F}] => (Allow) C:\Program Files (x86)\image processing\SolidWorks\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{5548F3B4-3F9F-4182-A8DF-C29886D1B357}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6EF84C69-804A-4931-AACF-CD4078F943D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C12F55F7-C126-484F-A25B-AA09212655E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C98172A6-9054-4AFD-8540-162960FF6519}] => (Allow) C:\Program Files (x86)\Internet\Firefox64\firefox.exe
FirewallRules: [{215F0293-A5A2-4875-A658-312B65CAA42C}] => (Allow) C:\Program Files (x86)\Internet\Firefox64\firefox.exe
FirewallRules: [{B841275D-EEA5-4BA1-9B68-5E9A837F0F00}] => (Allow) LPort=5044
FirewallRules: [{5F860B4A-CE93-4C1E-8E61-9B79243323EB}] => (Allow) LPort=5044
FirewallRules: [{6350D35A-FFA5-49C3-B3E3-4EE99D5FA49F}] => (Allow) LPort=5044
FirewallRules: [{C92F8F7D-0000-47F3-BB0A-D4DEEBD1CAC5}] => (Allow) LPort=5044
FirewallRules: [{8056F4F2-724C-48CC-BAEE-FB369EDDB636}] => (Allow) LPort=319
FirewallRules: [{F89D3F4B-0153-45BD-834D-6D86540BA8D2}] => (Allow) LPort=319
FirewallRules: [{F188674A-83E6-4D7E-A2B0-9F68D2CABA89}] => (Allow) LPort=320
FirewallRules: [{693C8427-F326-4AD0-8161-5450F053CE5D}] => (Allow) LPort=320
FirewallRules: [{BD5277C5-B331-4A4A-A842-D83A3951B1F5}] => (Allow) LPort=111
FirewallRules: [{42317F6F-5F7C-4E93-B441-3613BB89629B}] => (Allow) LPort=111
FirewallRules: [{D1ED32F5-3CA7-4765-8440-8101C74B94E0}] => (Allow) C:\Program Files\Agilent\IO Libraries Suite\bin\siclland.exe
FirewallRules: [{207E1D94-0F1F-4BED-9B99-CE52F4D2CE96}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
 
==================== Restore Points =========================
 
01-04-2017 00:00:40 Scheduled Checkpoint
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/02/2017 08:09:03 AM) (Source: WinMgmt) (EventID: 4) (User: )
Description: Error 0x8004100a encountered when trying to load MOF C:\PROGRAM FILES (X86)\MICROSOFT SQL SERVER\110\SHARED\SQLMGMPROVIDERXPSP2UP.MOF while recovering .MOF file marked with autorecover.
 
Error: (04/02/2017 07:59:36 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (04/02/2017 07:59:36 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (04/02/2017 07:59:36 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (04/02/2017 07:55:32 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (04/02/2017 07:55:32 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (04/02/2017 07:55:32 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (04/02/2017 07:53:18 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (04/02/2017 07:53:18 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (04/02/2017 07:53:18 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: Event-ID 1
 
 
System errors:
=============
Error: (04/02/2017 10:51:35 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server:
{DCAB0989-1301-4319-BE5F-ADE89F88581C}
 
Error: (04/02/2017 09:41:32 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (04/02/2017 08:09:16 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (04/02/2017 08:09:16 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (04/02/2017 08:09:15 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (04/02/2017 08:09:03 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (04/02/2017 08:08:57 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Firewall service terminated with service-specific error Access is denied.
.
 
Error: (04/02/2017 08:08:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/02/2017 08:08:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (04/02/2017 08:08:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 19%
Total physical RAM: 16333.74 MB
Available physical RAM: 13126.3 MB
Total Virtual: 49099.92 MB
Available Virtual: 45804.49 MB
 
==================== Drives ================================
 
Drive c: (Windows 7/64) (Fixed) (Total:201.21 GB) (Free:33.06 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive g: (data) (Fixed) (Total:264.55 GB) (Free:239.34 GB) NTFS
Drive h: (scratch) (Fixed) (Total:105.2 GB) (Free:67.96 GB) NTFS
Drive i: (archive) (Fixed) (Total:1757.81 GB) (Free:1471.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A03E24BB)
Partition 1: (Active) - (Size=201.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=264.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 8B962CFC)
Partition 1: (Not Active) - (Size=105.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1757.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements


#2
Fenichel

Fenichel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Addendum: FWIW, I see that MS Word won't run now.  However, I can't say that it ever ran in Safe Mode.


  • 0

#3
Fenichel

Fenichel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

  Further addendum: the WMI "provider"s that are now added during (non-safe-mode) boot are

  • SQLServerEventProvider
  • InvProv
  • SQLServerEventProvider
  • ActiveScriptEventConsumer
  • CommandLineEventConsumer
  • LogFileEventConsumer
  • WpcClamperProv
  • MS_NT_EVENTLOG_EVENT_PROVIDER
  • HiPerfCooker_v1

None of these appeared during boots before 2017-04-01.

  •  

  • 0

#4
Fenichel

Fenichel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

  Problem solved (I think).  On one of the sevenforums sites I found this:

  1.  Change startup type of Window Management Instrumentation (WMI) Service to disabled
  2.  Stop the WMI Service; you may need to stop IP Helper Service first or other dependent services before it allows you to stop WMI Service
  3.  Rename the repository folder: C:\WINDOWS\system32\wbem\Repository to Repository.old
  4.  Open a CMD Prompt with elevated privileges
  5.  CD windows\system32\wbem
  6. for /f %s in ('dir /b /s *.dll') do regsvr32 /s %s
  7.  Set the WMI Service type back to Automatic and start WMI Service
  8.  cd /d c:\ ((go to the root of the c drive, this is important))
  9.  for /f %s in ('dir /s /b *.mof *.mfl') do mofcomp %s
  10.  Reboot the server

No, I don't know how it works.


  • 0

#5
Fenichel

Fenichel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

No, it's not fixed.

 

When I started in normal mode this morning, it froze again after a few seconds of operation. I am now running in normal mode after

  1. going back to safe mode,
  2. running through the procedure described in the previous message, and
  3. restarting in normal mode,

but I see in the Event Vviewer that the same WMI providers were inserted during this boot, and I expect that they will cause a new freeze the next time I boot, unless rebooting for me becomes a routine of doing a pre-boot into safe mode, following the procedure just listed. That will be a PITA, especially since Step 9 in the procedure described in the previous message takes a few minutes to run.

Is there a way of trapping the process that registers these unwanted Providers into the WMI service? The process is already being trapped in a way, since the Event Viewer catches the registration events.

I have found no malware, using various MS & Kaspersky tools, but it's pretty plain that something is lurking in my system, reinstalling the malproviders whenever I do a normal boot.


Edited by Fenichel, 03 April 2017 - 09:10 AM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

Try wmidiag:

 

https://www.microsof...ls.aspx?id=7684

 

Attach the file it creates.


  • 0

#7
Fenichel

Fenichel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

OK, here they are.  I tried to include the CSV file produced by WMIDIAG in its original form, but the forum software doesn't seem to allow the attachment of CSV files. 

Attached Files


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

I think we probably need to worry more about this error first:

 

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

 
Download the attached spdlr.zip:
 
Save and right click and Extract All, Extract.  Right click on spdlr.reg and MERGE.  OK.  Do you get an error?  if not:
 
Start, All Programs. Accessories, then right click on Command Prompt and Run As Admin.  Type with an Enter after the line:
 
sc  start  spldr

(Note the service in the sc start command is spelled differently from the reg file's name.)

Does it start or say the service is already started?  If you get an error what does the error say?
 
 
 
 
 
 

Attached Files


  • 0

#9
Fenichel

Fenichel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

it says

[SC] StartService FAILED 1056:
An instance of the service is already running.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

OK.  Make another FRST scan with addition.txt checked and post both logs.  Let's see if it is happy now.


  • 0

Advertisements


#11
Fenichel

Fenichel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

OK.  Do these look OK?  Should I try a reboot?

 

  Also, can you give me a clue as to what happened?  Am I right to believe that it was some sort of malware, or was it just a corrupted file somewhere?

Attached Files


Edited by Fenichel, 07 April 2017 - 02:42 PM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

yes reboot.  I should have told you to do that.   Then run another FRST scan with addition.txt.

 

All I see so far is the Security Processor Loader Driver wasn't working.  It's important for your anti-virus to work correctly.  It looks like it is working now but a reboot will tell us for sure.


  • 0

#13
Fenichel

Fenichel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

  No, that didn't do the trick.  In fact, it's worse now :upset:; I rebooted in Normal Mode, got the usual (!) freeze, rebooted in Safe Mode, ran through the 10-step procedure described in message #4, rebooted in Normal Mode, and got another freeze.  So I am reporting from Safe Mode.  I just ran FRST again, and its results are attached.

Attached Files


  • 0

#14
Fenichel

Fenichel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

An additional discovery:  I had installed MS Office 2016 in October of 2015.  Now (still in Safe Mode) I tried to open an Excel spreadsheet, and after a long pause I see a diagnostic message: "Something went wrong. We couldn't start your program.  Please try starting it again.  If it won't start, try repairing Office from ... Control Panel."  In Control Panel/Programs and Features, the only MS Office is a Home and Student Edition dated 2017-04-04


  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP

The original Addition.txt showed:

 

Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7766.2060 - Microsoft Corporation)
 
the last one:
 
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
 
 
so it looks like Windows Update must have updated it somewhere along the line.
 
 

The last addition.txt file shows the same problem

 


Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 

 

 

 

so for some reason it didn't stick.  Can you do All Programs, Accessories, right click on Command Prompt and then do:

sc start spldr

Does it say it has already started?

 

 

 
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.
 
Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.
 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
 
sfc /scannow
 
(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

  • 0






Similar Topics


Also tagged with one or more of these keywords: WMI, freeze, LogFileEventConsumer

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP