Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows 10

Notices

Reply
 
Topic Tools
  #1  
Old December 5th, 2016, 08:43 PM
The Hornmeister The Hornmeister is offline
CTH Subscriber
 
Join Date: Dec 2004
O/S: Windows 10 Home
Location: Liverpool, England
Age: 52
Posts: 296
Windows 10 nightmares

Hi,

First time I've posted on here since I bought the new pc (HP, Windows 10).

Anyway, experiencing various problems on here, as follows :

1) Wont play my old MOV files (the actual blank screen is popping up to play the file)...but it just stays blank.(was playing them ok last week !)

2) Getting a lot of "not responding messages" on various web pages and apps

3) Generally pc seems sluggish.

Any help would be appreciated,

Regards

Ian
Reply With Quote


  #2  
Old December 6th, 2016, 11:52 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Hey Ian,

Sounds like infection actually. Let's take a look.


To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


If you know how, it's best to disable your antivirus while doing these steps.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Reply With Quote
  #3  
Old December 7th, 2016, 10:00 PM
The Hornmeister The Hornmeister is offline
CTH Subscriber
 
Join Date: Dec 2004
O/S: Windows 10 Home
Location: Liverpool, England
Age: 52
Posts: 296
Hi Tom, thanks for replying. Unfortunately my pc won't let me do anything at all at present. It's constantly freezing. I'm currently writing this from my phone. Hopefully will post results very soon.

Regards

Ian
Reply With Quote
  #4  
Old December 7th, 2016, 10:58 PM
The Hornmeister The Hornmeister is offline
CTH Subscriber
 
Join Date: Dec 2004
O/S: Windows 10 Home
Location: Liverpool, England
Age: 52
Posts: 296
Managed to do it (Thankfully)...as follows :

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by ian_h (administrator) on DESKTOP-C1G3K5M (07-12-2016 21:50:05)
Running from C:\Users\ian_h\Desktop
Loaded Profiles: ian_h (Available Profiles: ian_h)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHJE. EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIEGE. EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x6 4__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\Core\mchost.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\Core\mchost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8790264 2016-04-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795336 2015-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1485309144-2528400413-2003176991-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHJE. EXE [283232 2016-04-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1485309144-2528400413-2003176991-1001\...\Run: [EPSON Stylus SX400 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEGE. EXE [221696 2007-12-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1485309144-2528400413-2003176991-1001\...\RunOnce: [Uninstall C:\Users\ian_h\AppData\Local\Microsoft\OneDrive\17 .3.6390.0509_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ian_h\AppData\Local\Microsoft\OneDrive\1 7.3.6390.0509_1\amd64"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{83b64d82-9fbc-4cd7-a4b8-27a23c61e1b9}: [DhcpNameServer] 192.168.22.22 192.168.22.23
Tcpip\..\Interfaces\{e75f0449-9a11-4dc2-8330-5675c425b253}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1485309144-2528400413-2003176991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1485309144-2528400413-2003176991-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
SearchScopes: HKLM -> {C810D6C7-309D-4193-B277-D26BAE4109CA} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {C810D6C7-309D-4193-B277-D26BAE4109CA} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1485309144-2528400413-2003176991-1001 -> {C810D6C7-309D-4193-B277-D26BAE4109CA} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-08] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-08] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-10-08] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-02] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-10-08] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-09-23] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-09-23] (McAfee, Inc.)

FireFox:
========
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-10-24] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-09-23] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-09-23] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-10-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-08] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-13] (Dropbox, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-20] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
R2 mfevtp; C:\windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [316152 2016-04-06] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [7402992 2016-11-01] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2016-04-06] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146232 2015-07-11] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-07 21:50 - 2016-12-07 21:50 - 00017475 _____ C:\Users\ian_h\Desktop\FRST.txt
2016-12-07 21:49 - 2016-12-07 21:50 - 00000000 ____D C:\FRST
2016-12-07 21:48 - 2016-12-07 21:49 - 02420224 _____ (Farbar) C:\Users\ian_h\Desktop\FRST64.exe
2016-12-07 21:37 - 2016-12-07 21:37 - 01761792 _____ (Farbar) C:\Users\ian_h\Desktop\Fst32.exe
2016-12-07 21:04 - 2016-12-07 21:04 - 00000000 ____D C:\Users\ian_h\AppData\Roaming\WildTangent
2016-12-07 21:04 - 2014-04-16 22:08 - 00658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall247953.exe
2016-12-07 20:45 - 2016-12-07 20:45 - 00000000 ___HD C:\OneDriveTemp
2016-12-07 20:45 - 2016-12-07 20:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-12-07 20:40 - 2016-12-07 21:21 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-12-07 20:40 - 2016-12-07 20:40 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-12-04 19:20 - 2016-12-04 19:20 - 00000000 ____D C:\Users\ian_h\AppData\Local\CrashRpt
2016-12-04 19:16 - 2016-12-07 20:29 - 00000000 ____D C:\ProgramData\RapidSolution
2016-12-04 19:16 - 2016-12-04 19:16 - 00000000 ____D C:\Program Files (x86)\Music Recorder
2016-12-04 19:15 - 2016-12-04 19:15 - 00000000 ____D C:\Users\ian_h\AppData\Local\RapidSolution
2016-12-04 19:14 - 2016-12-04 19:14 - 00000000 ____D C:\ProgramData\simplitec
2016-12-04 19:11 - 2016-12-07 20:29 - 00000000 ____D C:\Program Files (x86)\Nero
2016-12-04 19:11 - 2016-12-05 00:37 - 00000000 ____D C:\ProgramData\Nero
2016-12-04 19:02 - 2016-12-04 19:02 - 00000000 ____D C:\Users\ian_h\AppData\Local\ashampoo
2016-12-04 19:02 - 2016-12-04 19:02 - 00000000 ____D C:\ProgramData\ashampoo
2016-12-04 18:58 - 2016-12-04 20:52 - 00000000 ____D C:\Users\ian_h\AppData\Roaming\Nero
2016-12-04 18:55 - 2016-12-07 20:28 - 00000000 ____D C:\Users\ian_h\AppData\Local\WebBar
2016-11-11 04:41 - 2016-10-28 23:56 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-11-11 04:41 - 2016-10-28 23:56 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-10 03:15 - 2016-11-02 12:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-10 03:15 - 2016-11-02 12:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-10 03:15 - 2016-11-02 11:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-10 03:15 - 2016-11-02 11:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-10 03:15 - 2016-11-02 11:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-10 03:15 - 2016-11-02 11:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-10 03:15 - 2016-11-02 11:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-10 03:15 - 2016-11-02 11:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-10 03:15 - 2016-11-02 11:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-10 03:15 - 2016-11-02 11:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-10 03:15 - 2016-11-02 11:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-10 03:15 - 2016-11-02 11:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-10 03:15 - 2016-11-02 11:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-10 03:15 - 2016-11-02 11:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-10 03:15 - 2016-11-02 11:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-10 03:15 - 2016-11-02 11:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-10 03:15 - 2016-11-02 11:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-10 03:15 - 2016-11-02 11:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-10 03:15 - 2016-11-02 11:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-10 03:15 - 2016-11-02 11:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayR eady.dll
2016-11-10 03:15 - 2016-11-02 11:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-10 03:15 - 2016-11-02 10:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-10 03:15 - 2016-11-02 10:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-10 03:15 - 2016-11-02 10:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandle r.dll
2016-11-10 03:15 - 2016-11-02 10:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-10 03:15 - 2016-11-02 10:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-10 03:15 - 2016-11-02 10:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-10 03:15 - 2016-11-02 10:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-10 03:15 - 2016-11-02 10:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-10 03:15 - 2016-11-02 10:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-10 03:15 - 2016-11-02 10:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-10 03:15 - 2016-11-02 10:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-10 03:15 - 2016-11-02 10:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-10 03:15 - 2016-11-02 10:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-10 03:15 - 2016-11-02 10:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-10 03:15 - 2016-11-02 10:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-10 03:15 - 2016-11-02 10:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandle r.dll
2016-11-10 03:15 - 2016-11-02 10:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-10 03:15 - 2016-11-02 10:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin. dll
2016-11-10 03:15 - 2016-11-02 10:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-10 03:15 - 2016-11-02 10:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-10 03:15 - 2016-11-02 10:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-10 03:15 - 2016-11-02 10:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-10 03:15 - 2016-11-02 10:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockS creen.dll
2016-11-10 03:15 - 2016-11-02 10:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-10 03:15 - 2016-11-02 10:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-10 03:15 - 2016-11-02 10:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-10 03:15 - 2016-11-02 10:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-10 03:15 - 2016-11-02 10:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-10 03:15 - 2016-11-02 10:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
Reply With Quote
  #5  
Old December 7th, 2016, 10:59 PM
The Hornmeister The Hornmeister is offline
CTH Subscriber
 
Join Date: Dec 2004
O/S: Windows 10 Home
Location: Liverpool, England
Age: 52
Posts: 296
FRST.txt scan (continued) :

2016-11-10 03:15 - 2016-11-02 10:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-10 03:15 - 2016-11-02 10:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-10 03:15 - 2016-11-02 10:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-10 03:15 - 2016-11-02 10:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-10 03:15 - 2016-11-02 10:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-10 03:15 - 2016-11-02 10:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-10 03:15 - 2016-11-02 10:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-10 03:15 - 2016-11-02 10:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-10 03:15 - 2016-11-02 10:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-10 03:15 - 2016-11-02 10:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-10 03:15 - 2016-11-02 10:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-10 03:15 - 2016-11-02 10:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-10 03:15 - 2016-11-02 10:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-10 03:15 - 2016-11-02 10:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-10 03:15 - 2016-11-02 10:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-10 03:15 - 2016-11-02 10:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-10 03:15 - 2016-11-02 10:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-10 03:15 - 2016-11-02 10:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-10 03:15 - 2016-11-02 10:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-10 03:15 - 2016-11-02 10:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-10 03:15 - 2016-11-02 10:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-10 03:15 - 2016-11-02 10:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-10 03:15 - 2016-11-02 10:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-10 03:15 - 2016-11-02 10:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-10 03:15 - 2016-11-02 08:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-10 03:14 - 2016-11-02 11:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-10 03:14 - 2016-11-02 11:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-10 03:14 - 2016-11-02 11:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-10 03:14 - 2016-11-02 11:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-10 03:14 - 2016-11-02 11:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayR eady.dll
2016-11-10 03:14 - 2016-11-02 11:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-10 03:14 - 2016-11-02 11:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-10 03:14 - 2016-11-02 11:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-10 03:14 - 2016-11-02 11:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-10 03:14 - 2016-11-02 11:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-10 03:14 - 2016-11-02 11:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-10 03:14 - 2016-11-02 10:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-10 03:14 - 2016-11-02 10:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-10 03:14 - 2016-11-02 10:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-10 03:14 - 2016-11-02 10:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-10 03:14 - 2016-11-02 10:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-10 03:14 - 2016-11-02 10:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-10 03:14 - 2016-11-02 10:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-10 03:14 - 2016-11-02 10:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-10 03:14 - 2016-11-02 10:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-10 03:14 - 2016-11-02 10:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-10 03:14 - 2016-11-02 10:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-10 03:14 - 2016-11-02 10:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-10 03:14 - 2016-11-02 10:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-10 03:14 - 2016-11-02 10:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-10 03:14 - 2016-11-02 10:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-10 03:14 - 2016-11-02 10:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-10 03:14 - 2016-11-02 10:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-10 03:14 - 2016-11-02 10:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-10 03:14 - 2016-11-02 10:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-10 03:14 - 2016-11-02 10:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-10 03:14 - 2016-11-02 10:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-10 03:14 - 2016-11-02 10:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-10 03:14 - 2016-11-02 10:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-10 03:14 - 2016-11-02 10:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-10 03:14 - 2016-11-02 10:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-10 03:14 - 2016-11-02 10:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-10 03:14 - 2016-11-02 10:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-10 03:14 - 2016-11-02 10:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-10 03:14 - 2016-11-02 10:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-10 03:14 - 2016-11-02 10:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-10 03:14 - 2016-11-02 10:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-10 03:14 - 2016-11-02 10:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-10 03:14 - 2016-11-02 10:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-10 03:14 - 2016-11-02 10:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-10 03:14 - 2016-11-02 10:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-10 03:14 - 2016-11-02 10:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-10 03:14 - 2016-11-02 10:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-10 03:14 - 2016-11-02 10:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-10 03:14 - 2016-11-02 10:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-10 03:14 - 2016-11-02 10:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-10 03:14 - 2016-11-02 10:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-10 03:14 - 2016-11-02 10:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-10 03:14 - 2016-11-02 10:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-10 03:14 - 2016-11-02 10:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-10 03:14 - 2016-11-02 10:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-10 03:14 - 2016-11-02 10:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHan dlers.dll
2016-11-10 03:14 - 2016-11-02 10:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-10 03:14 - 2016-11-02 10:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-10 03:14 - 2016-11-02 10:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-10 03:14 - 2016-11-02 10:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-10 03:14 - 2016-11-02 10:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-10 03:14 - 2016-11-02 10:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-10 03:14 - 2016-11-02 10:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-10 03:14 - 2016-11-02 10:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-10 03:14 - 2016-11-02 10:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-10 03:14 - 2016-11-02 10:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-10 03:14 - 2016-11-02 10:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-10 03:14 - 2016-11-02 10:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authenticatio n.OnlineId.dll
2016-11-10 03:14 - 2016-11-02 10:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-10 03:14 - 2016-11-02 10:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-10 03:14 - 2016-11-02 10:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-10 03:14 - 2016-11-02 10:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-10 03:14 - 2016-11-02 10:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-10 03:14 - 2016-11-02 10:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-10 03:14 - 2016-11-02 10:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-10 03:14 - 2016-11-02 10:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-10 03:14 - 2016-11-02 10:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-10 03:14 - 2016-11-02 10:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-10 03:14 - 2016-11-02 10:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-10 03:14 - 2016-11-02 10:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-10 03:14 - 2016-11-02 10:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-10 03:14 - 2016-11-02 10:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-10 03:14 - 2016-11-02 10:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-10 03:14 - 2016-11-02 10:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-10 03:14 - 2016-11-02 10:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-10 03:14 - 2016-11-02 10:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-10 03:14 - 2016-11-02 10:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-10 03:14 - 2016-11-02 10:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-10 03:14 - 2016-11-02 10:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-10 03:13 - 2016-11-02 11:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-10 03:13 - 2016-11-02 11:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-10 03:13 - 2016-11-02 11:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-10 03:13 - 2016-11-02 11:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-10 03:13 - 2016-11-02 11:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-10 03:13 - 2016-11-02 11:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-10 03:13 - 2016-11-02 11:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-10 03:13 - 2016-11-02 11:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-10 03:13 - 2016-11-02 11:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-10 03:13 - 2016-11-02 11:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-10 03:13 - 2016-11-02 11:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-10 03:13 - 2016-11-02 11:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-10 03:13 - 2016-11-02 11:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-10 03:13 - 2016-11-02 11:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-10 03:13 - 2016-11-02 11:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-10 03:13 - 2016-11-02 11:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-10 03:13 - 2016-11-02 11:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-10 03:13 - 2016-11-02 11:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-10 03:13 - 2016-11-02 10:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-10 03:13 - 2016-11-02 10:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-10 03:13 - 2016-11-02 10:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-10 03:13 - 2016-11-02 10:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-10 03:13 - 2016-11-02 10:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-10 03:13 - 2016-11-02 10:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-10 03:13 - 2016-11-02 10:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-10 03:13 - 2016-11-02 10:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-10 03:13 - 2016-11-02 10:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-10 03:13 - 2016-11-02 10:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-10 03:13 - 2016-11-02 10:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-10 03:13 - 2016-11-02 10:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-10 03:13 - 2016-11-02 10:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-10 03:13 - 2016-11-02 10:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-10 03:13 - 2016-11-02 10:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockS creen.dll
2016-11-10 03:13 - 2016-11-02 10:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-10 03:13 - 2016-11-02 10:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-10 03:13 - 2016-11-02 10:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-10 03:13 - 2016-11-02 10:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-10 03:13 - 2016-11-02 10:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-10 03:13 - 2016-11-02 10:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterface Device.dll
2016-11-10 03:13 - 2016-11-02 10:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-10 03:13 - 2016-11-02 10:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-10 03:13 - 2016-11-02 10:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-10 03:13 - 2016-11-02 10:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-10 03:13 - 2016-11-02 10:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-10 03:13 - 2016-11-02 10:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-10 03:13 - 2016-11-02 10:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-10 03:13 - 2016-11-02 10:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-10 03:13 - 2016-11-02 10:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-10 03:13 - 2016-11-02 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-10 03:13 - 2016-11-02 10:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-10 03:13 - 2016-11-02 10:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-10 03:13 - 2016-11-02 10:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-10 03:13 - 2016-11-02 10:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-10 03:13 - 2016-11-02 10:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-10 03:13 - 2016-11-02 10:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-10 03:13 - 2016-11-02 10:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-10 03:13 - 2016-11-02 10:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-10 03:13 - 2016-11-02 10:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-10 03:13 - 2016-11-02 10:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authenticatio n.OnlineId.dll
2016-11-10 03:13 - 2016-11-02 10:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-10 03:13 - 2016-11-02 10:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-10 03:13 - 2016-11-02 10:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterface Device.dll
2016-11-10 03:13 - 2016-11-02 10:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-10 03:13 - 2016-11-02 10:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-10 03:13 - 2016-11-02 10:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-10 03:13 - 2016-11-02 10:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-10 03:13 - 2016-11-02 10:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-10 03:13 - 2016-11-02 10:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-10 03:13 - 2016-11-02 10:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-10 03:13 - 2016-11-02 10:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.deskt op.dll
2016-11-10 03:13 - 2016-11-02 10:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-10 03:13 - 2016-11-02 10:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-10 03:13 - 2016-11-02 10:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-10 03:13 - 2016-11-02 10:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-10 03:13 - 2016-11-02 10:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-10 03:13 - 2016-11-02 10:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-10 03:13 - 2016-11-02 10:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-10 03:13 - 2016-11-02 10:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-10 03:13 - 2016-11-02 10:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-10 03:13 - 2016-11-02 10:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.oneco re.dll
2016-11-10 03:13 - 2016-11-02 10:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-10 03:13 - 2016-11-02 10:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-10 03:13 - 2016-11-02 10:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-10 03:13 - 2016-11-02 10:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-10 03:13 - 2016-11-02 10:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-10 03:13 - 2016-11-02 10:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-10 03:13 - 2016-11-02 10:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-10 03:13 - 2016-11-02 09:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-10 03:13 - 2016-11-02 09:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-10 03:13 - 2016-08-02 04:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-07 21:51 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-07 21:51 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-07 21:06 - 2015-10-30 19:47 - 00000000 ____D C:\Program Files (x86)\WildGames
2016-12-07 21:06 - 2015-10-30 19:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-07 21:04 - 2015-10-30 19:46 - 00000000 ____D C:\ProgramData\WildTangent
2016-12-07 21:04 - 2015-10-30 19:46 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-12-07 21:02 - 2016-04-06 17:17 - 00000000 ____D C:\Users\ian_h\AppData\Local\Packages
2016-12-07 20:54 - 2016-09-17 08:49 - 00003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForian_h
2016-12-07 20:54 - 2016-09-17 08:49 - 00000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForian_h.job
2016-12-07 20:46 - 2016-04-06 18:34 - 00000000 ____D C:\Users\ian_h\AppData\Roaming\CyberLink
2016-12-07 20:45 - 2016-04-06 17:24 - 00000000 ___RD C:\Users\ian_h\OneDrive
2016-12-07 20:41 - 2016-08-20 02:46 - 00000000 ____D C:\Users\ian_h
2016-12-07 20:41 - 2016-08-20 02:41 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-07 20:41 - 2016-04-06 17:17 - 00000000 __SHD C:\Users\ian_h\IntelGraphicsProfiles
2016-12-07 20:39 - 2016-08-20 02:46 - 01087918 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-07 20:35 - 2016-08-20 03:06 - 00004008 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachine UA
2016-12-07 20:35 - 2016-08-20 03:06 - 00003776 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachine Core
2016-12-07 20:35 - 2015-10-30 19:49 - 00000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-07 20:35 - 2015-10-30 19:49 - 00000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-07 20:33 - 2016-08-20 03:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-07 20:31 - 2016-08-20 03:06 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-12-07 20:31 - 2016-08-20 03:06 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-12-07 20:31 - 2016-07-16 11:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-12-07 20:31 - 2016-07-16 11:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-07 20:31 - 2016-04-29 16:09 - 00000000 ____D C:\Users\ian_h\AppData\Roaming\Accord CD Ripper Free
2016-12-07 20:14 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\registration
2016-12-07 20:01 - 2015-07-16 14:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-07 19:56 - 2016-08-20 02:39 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-07 19:56 - 2015-10-30 19:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-05 20:01 - 2016-07-16 06:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-12-05 16:49 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-20 10:55 - 2016-07-16 11:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-14 02:32 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-11 13:13 - 2016-02-13 17:32 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-11 04:38 - 2016-08-20 02:39 - 00344120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-11 04:37 - 2016-07-16 06:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-11 04:33 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-11-11 04:33 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-11 04:33 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-11 04:33 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-11 04:33 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-11-11 04:32 - 2016-07-16 11:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-11 04:32 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-11 04:32 - 2016-07-16 11:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-11 03:44 - 2016-07-16 11:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-10 22:19 - 2016-04-06 20:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-10 22:15 - 2016-04-06 20:09 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-08 08:43 - 2016-08-27 18:33 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

==================== Files in the root of some directories =======

2016-12-07 21:04 - 2014-04-16 22:08 - 0658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall247953.exe

Files to move or delete:
====================
C:\ProgramData\uninstall247953.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-29 04:31

==================== End of FRST.txt ============================

Last edited by The Hornmeister; December 7th, 2016 at 11:02 PM.
Reply With Quote
  #6  
Old December 7th, 2016, 11:00 PM
The Hornmeister The Hornmeister is offline
CTH Subscriber
 
Join Date: Dec 2004
O/S: Windows 10 Home
Location: Liverpool, England
Age: 52
Posts: 296
And the Addition.txt :

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by ian_h (07-12-2016 21:53:37)
Running from C:\Users\ian_h\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-20 03:16:17)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-1485309144-2528400413-2003176991-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1485309144-2528400413-2003176991-503 - Limited - Disabled)
Guest (S-1-5-21-1485309144-2528400413-2003176991-501 - Limited - Disabled)
ian_h (S-1-5-21-1485309144-2528400413-2003176991-1001 - Administrator - Enabled) => C:\Users\ian_h

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Accord CD Ripper Free 6.9.1 (HKLM-x32\...\8BF2152B-6835-4FF3-A2EC-5BDAB46DCDFF_is1) (Version: - Accmeware Corporation)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.7006 - CyberLink Corp.)
CyberLink PhotoDirector (Version: 5.0.6.7006 - CyberLink Corp.) Hidden
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.2.5801 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4601 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.5.4601 - CyberLink Corp.) Hidden
Dropbox 25 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Epson Easy Photo Print 2 (HKLM-x32\...\{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}) (Version: 2.2.4.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8A17C27D-0325-400C-8AA9-DAA6B16CBD74}) (Version: 2.40.0009 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Stylus SX400 Series Printer Uninstall (HKLM\...\EPSON Stylus SX400 Series) (Version: - SEIKO EPSON Corporation)
EPSON SX130 Series Printer Uninstall (HKLM\...\EPSON SX130 Series) (Version: - SEIKO EPSON Corporation)
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP ESU for Microsoft Windows 10 (HKLM-x32\...\{2CDA0D13-ED4D-4E66-B920-9AE696F9992E}) (Version: 1.1.1 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.34.7 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{76272057-98E0-4DC4-AAC3-10C546C47195}) (Version: 14.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.11 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1094 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.179 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.64 - REALTEK Semiconductor Corp.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
User's Guide EPSON SX130 Series (HKLM-x32\...\EPSON SX130 Series Useg) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03452B8D-3C1A-4AEF-9E31-B34A66A392DD} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-09-20] (McAfee, Inc.)
Task: {038DAB28-9781-460A-8BEE-804691B41990} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [2016-10-12] (HP Inc.)
Task: {2B718BC5-0D9C-4AC5-84C6-FC2B9EAAB111} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {36162FA9-FDCF-4ADD-ABAD-953FEB734ACB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation)
Task: {38D27A22-99DF-41D9-B9E7-42B33C6BA2B8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {3F5FB73C-9C92-4F05-98B1-6785DAD418D4} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.ex e [2016-08-18] (HP Inc.)
Task: {43A30FFF-DB61-491A-924D-542D462939EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-09] (Microsoft Corporation)
Task: {475CECAE-B0E6-4B66-9EB1-A3C135DB6D94} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0 \mcdatrep.exe [2016-04-07] (McAfee, Inc.)
Task: {50420C72-9F20-4E03-AFBB-C252417ECB75} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {547E6D02-06AF-44F0-B697-EA7529E8AC03} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {637ACA5A-6A5B-4AA3-AF88-A2D83163D638} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {6854BD9C-968F-4A33-BF16-1E17CBB65FEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {715144A3-0C20-43B6-A190-FF1D89D999D9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {8C3A356B-2896-4AEF-80D9-5A04610F2FEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {921DF4F4-52A2-4F29-93A3-3B5BB7A4D249} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {92857713-8D42-464D-8794-210E31DAFA4F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-09] (Microsoft Corporation)
Task: {9A4036F6-520E-4D38-A588-94DD295BA8A6} - System32\Tasks\HPCeeScheduleForian_h => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {D5C6C058-F191-446A-98C4-A4DC96F66B87} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0 \mcdatrep.exe [2016-04-07] (McAfee, Inc.)
Task: {D6074BDE-5845-49D9-9BD3-0118A621008F} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-13] (Dropbox, Inc.)
Task: {E1B8D1C6-0EEE-4412-84D4-AC6D4845ACC6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-13] (Dropbox, Inc.)
Task: {E552BE5D-4849-46A7-874D-94A937D4C9DF} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {E9025E68-B546-40A9-8E4A-C1A5080E8927} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe [2016-10-12] (HP Inc.)
Task: {F8D88FE4-8675-409A-8CFD-8DA79CC133F8} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForian_h.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ian_h\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AmazonShopping.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.amazon.co.uk/gp/bit/amazonbookmark.html?tag=hp2-desktop-uk-21&partner=HP
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.booking.com/index.html?aid=398438&label=square

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 09:34 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-30 19:39 - 2014-04-15 01:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-30 19:39 - 2014-04-15 01:59 - 00023304 _____ () C:\Program Files\Cyberlink\Shared files\RichVideops64.dll
2016-05-27 14:50 - 2016-11-01 23:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-30 09:34 - 2016-09-15 17:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-25 13:50 - 2016-08-25 13:50 - 01864384 _____ () C:\Users\ian_h\AppData\Local\Microsoft\OneDrive\17 .3.6517.0809\amd64\ClientTelemetry.dll
2016-07-07 11:21 - 2016-10-08 07:52 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-17 09:11 - 2016-09-07 04:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.Share dUtilities.dll
2016-11-10 03:14 - 2016-11-02 10:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-10 03:14 - 2016-11-02 10:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CortanaApi.dll
2016-11-10 03:14 - 2016-11-02 10:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2016-11-10 03:14 - 2016-11-02 10:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 03:14 - 2016-11-02 10:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Actions.dll
2016-11-10 03:14 - 2016-11-02 10:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 03:14 - 2016-11-02 10:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersUI.dll
2016-11-18 02:53 - 2016-11-18 02:54 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x6 4__kzf8qxf38zg5c\SkypeHost.exe
2016-11-18 02:53 - 2016-11-18 02:54 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x6 4__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-08-25 13:49 - 2016-08-25 13:49 - 01383616 _____ () C:\Users\ian_h\AppData\Local\Microsoft\OneDrive\17 .3.6517.0809\ClientTelemetry.dll
2016-08-25 13:49 - 2016-08-25 13:49 - 00118976 _____ () C:\Users\ian_h\AppData\Local\Microsoft\OneDrive\17 .3.6517.0809\FileSyncViews.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 11:04 - 2015-07-10 11:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1485309144-2528400413-2003176991-1001\Control Panel\Desktop\\Wallpaper -> c:\users\ian_h\appdata\local\packages\microsoft.wi ndows.photos_8wekyb3d8bbwe\localstate\photosappbac kground\{810ff4df-46f5-4043-ba1b-198464874513}.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{E95A425B-B9E5-46D8-9949-C785FFE0B3A1}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{93F88D27-36A8-49B8-861D-09BAC2BCC5B5}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{DCA8A04C-E650-491D-A48B-92A02646BF1D}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1262EB4E-7943-42AB-B6DC-CB4BAE4D1CDE}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{7067D4B0-0604-4D3B-9394-BB63B5A1DF21}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{B740050F-5F47-49B6-A039-72C98744458D}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5728853E-071F-4536-ADA8-09E84BE67B24}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{377FB8AF-EB75-4153-B2DC-2071DCF95E40}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2AB12673-A7EF-4F2A-B00F-B38CCF25BAFA}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E75B5059-E4AC-416A-9E7B-7D0BF3ECA567}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{57371C85-FE25-4065-B910-EF8A930010B3}] => c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{488F37E4-D406-4080-8B75-3E4562AE6BBF}] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{7744F891-FFEC-435B-A3EF-BC51DA71784F}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPD VD14.exe
FirewallRules: [{6EC486F6-80A4-4121-B7FB-6DD2C5FB23A7}] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{6E7A4E15-A9EB-4324-A97B-01AAF7FD7D7F}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{FC432ACC-E188-444C-8777-877D10C629D9}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [TCP Query User{D2830FE5-C394-47C8-9E43-AEE1F2FA4B98}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{17B685A9-BD59-4306-8FCB-0893142E479E}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe

==================== Restore Points =========================

18-11-2016 04:31:55 Scheduled Checkpoint
27-11-2016 13:54:46 Scheduled Checkpoint
04-12-2016 19:09:12 Installed DirectX
04-12-2016 19:09:52 Installed DirectX
07-12-2016 19:50:05 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/07/2016 09:13:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-C1G3K5M)
Description: Package Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wek yb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.

Error: (12/07/2016 08:54:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-C1G3K5M)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neut ral_cw5n1h2txyewy+microsoft.windows.immersivecontr olpanel was terminated because it took too long to suspend.

Error: (12/07/2016 08:53:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-C1G3K5M)
Description: Package Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wek yb3d8bbwe+MicrosoftEdge#{cd4f33d1-e85f-4d16-877e-61889d84fd9e} was terminated because it took too long to suspend.

Error: (12/07/2016 08:34:09 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

Error: (12/07/2016 08:33:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1028) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU00176.log.

Error: (12/07/2016 07:50:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/07/2016 07:45:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.14393.447 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 137c

Start Time: 01d250c2317e44cb

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wek yb3d8bbwe\MicrosoftEdge.exe

Report Id: 7a066320-bcb5-11e6-9bf2-48e2447c8132

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wek yb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (12/07/2016 07:43:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-C1G3K5M)
Description: Activation of application Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdg e failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/07/2016 07:43:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-C1G3K5M)
Description: Activation of application Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdg e failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/07/2016 07:43:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: DESKTOP-C1G3K5M)
Description: App Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wek yb3d8bbwe+MicrosoftEdge did not launch within its allotted time.


System errors:
=============
Error: (12/07/2016 09:16:50 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/07/2016 09:16:47 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/07/2016 09:16:43 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/07/2016 09:16:39 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/07/2016 09:16:36 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/07/2016 09:16:32 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/07/2016 09:16:28 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/07/2016 09:16:24 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/07/2016 09:16:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (12/07/2016 09:16:17 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N3050 @ 1.60GHz
Percentage of memory in use: 58%
Total physical RAM: 4017.44 MB
Available physical RAM: 1662.73 MB
Total Virtual: 4721.44 MB
Available Virtual: 2432.23 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:918.22 GB) (Free:830.66 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:11.99 GB) (Free:1.56 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (My Disc) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 931.5 GB) (Disk ID: F71104CD)

Partition: GPT.

==================== End of Addition.txt ============================
Reply With Quote
  #7  
Old December 8th, 2016, 01:14 AM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
No malware, but maybe a disk issue.

Right click the Start button, left click Command Prompt (Admin).

in the command box type the following, and press Enter:

chkdsk

A scan will run. If my guess is right, after a while it will say it cannot continue, and do you want it to run on the next reboot (or something similar to that). Type Y for yes, then reboot the computer.

Once the scan runs and the system boots back up, post back on what happened please.
Reply With Quote
  #8  
Old December 8th, 2016, 08:55 PM
The Hornmeister The Hornmeister is offline
CTH Subscriber
 
Join Date: Dec 2004
O/S: Windows 10 Home
Location: Liverpool, England
Age: 52
Posts: 296
Thanks for your time Tom.
This was the result of the above scan (it never said "cannot continue" or mention a reboot). The scan was done with "view hidden files" ticked (like you asked for in your first reply) although I did have my anti virus active (McAfee Live Safe 2016).

Anyhow, here's the results of the scan :

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>chkdsk
The type of the file system is NTFS.
Volume label is Windows.

WARNING! /F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
377600 file records processed.
File verification completed.
7987 large file records processed.
0 bad file records processed.

Stage 2: Examining file name linkage ...
459300 index entries processed.
Index verification completed.
0 unindexed files scanned.
0 unindexed files recovered to lost and found.

Stage 3: Examining security descriptors ...
Security descriptor verification completed.
40851 data files processed.
CHKDSK is verifying Usn Journal...
38411192 USN bytes processed.
Usn Journal verification completed.

Windows has scanned the file system and found no problems.
No further action is required.

962827263 KB total disk space.
92327176 KB in 206785 files.
141380 KB in 40852 indexes.
0 KB in bad sectors.
515643 KB in use by the system.
65536 KB occupied by the log file.
869843064 KB available on disk.

4096 bytes in each allocation unit.
240706815 total allocation units on disk.
217460766 allocation units available on disk.

C:\WINDOWS\system32>
Reply With Quote
  #9  
Old December 8th, 2016, 11:48 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Okay, so not an issue of file corruption. You will have to completely disable your antivirus for the next steps.


Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.

Agree to the language prompt, and place a check next to:

Install 32 and 64 bits versions (Recommended for Technicians).

Then click Next until you get to the Finish button, and click it. RogueKiller will then open.

Click the Start Scan button, then again the Start Scan button.

When the scan finishes click the Open Report button. Then click the Open TXT button. Save that report to your desktop, and post it back here please. For now just close RogueKiller.

---------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Reply With Quote
  #10  
Old December 9th, 2016, 05:15 PM
The Hornmeister The Hornmeister is offline
CTH Subscriber
 
Join Date: Dec 2004
O/S: Windows 10 Home
Location: Liverpool, England
Age: 52
Posts: 296
Cheers, Here's the result of rogue killer, (scan took nearly 3 hours)..at the end I pressed "remove selected" as it found 3 threats. Dunno if I should have now ??

RogueKiller V12.8.4.0 (x64) [Dec 5 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : ian_h [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 12/09/2016 13:04:18 (Duration : 03:02:13)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 3 ¤¤¤
[PUP][Folder] C:\ProgramData\simplitec -> Found
[PUP][Folder] C:\Users\ian_h\AppData\Local\WebBar -> Found
[PUP][Folder] C:\ProgramData\simplitec -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EZEX-60M2NA0 +++++
--- User ---
[MBR] 0033b4ab842ba8a4046d74eaeceecdb7
[BSP] 6986b8b624834b999012db1e70a80b9b : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 360 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 739328 | Size: 128 MB
2 - Basic data partition | Offset (sectors): 1001472 | Size: 940261 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1926656000 | Size: 840 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 1928376320 | Size: 12279 MB
User = LL1 ... OK
User = LL2 ... OK
Reply With Quote
  #11  
Old December 9th, 2016, 05:42 PM
The Hornmeister The Hornmeister is offline
CTH Subscriber
 
Join Date: Dec 2004
O/S: Windows 10 Home
Location: Liverpool, England
Age: 52
Posts: 296
This is the result of the quick scan from GMER, I did get a warning message up during the opening scan saying "WARNING !!!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system". ...(I pressed yes)

Here's the results of the opening scan:

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-12-09 16:25:36
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000023 WDC_WD10EZEX-60M2NA0 rev.03.01A03 931.51GB
Running: 44k70407.exe Gmer.exe; Driver: C:\Users\ian_h\AppData\Local\Temp\agadrpod.sys


---- Services - GMER 2.2 ----

Service C:\Windows\System32\drivers\TrueSight.sys (*** hidden *** ) [MANUAL] TrueSight <-- ROOTKIT !!!

---- Registry - GMER 2.2 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1285109684
Reg HKLM\SYSTEM\CurrentControlSet\Services\TrueSight
Reg HKLM\SYSTEM\CurrentControlSet\Services\TrueSight@T ype 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TrueSight@I magePath \??\C:\Windows\System32\drivers\TrueSight.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TrueSight@S tart 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\TrueSight
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeEstimated 0x41 0xB4 0x33 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeHigh 0x41 0x1C 0xF8 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeLow 0x41 0x4C 0x6F 0x3A ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw Mask 0x64 0x62 0x03 0x00 ...

---- Disk sectors - GMER 2.2 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.2 ----
Reply With Quote
  #12  
Old December 9th, 2016, 05:45 PM
The Hornmeister The Hornmeister is offline
CTH Subscriber
 
Join Date: Dec 2004
O/S: Windows 10 Home
Location: Liverpool, England
Age: 52
Posts: 296
And here's the result of the actual scan (again, I got a message saying " WARNING !!! GMER has found system modification caused by ROOTKIT modification".

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-12-09 16:34:30
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000023 WDC_WD10EZEX-60M2NA0 rev.03.01A03 931.51GB
Running: 44k70407.exe Gmer.exe; Driver: C:\Users\ian_h\AppData\Local\Temp\agadrpod.sys


---- Services - GMER 2.2 ----

Service C:\Windows\System32\drivers\TrueSight.sys (*** hidden *** ) [MANUAL] TrueSight <-- ROOTKIT !!!

---- Registry - GMER 2.2 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed 1285109684
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeEstimated 0x82 0xE0 0xD3 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeHigh 0x82 0x48 0x98 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeLow 0x82 0x78 0x0F 0xB8 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ...
Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw Mask 0x64 0x62 0x03 0x00 ...

---- Disk sectors - GMER 2.2 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.2 ----
Reply With Quote
  #13  
Old December 9th, 2016, 10:59 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Never saw it target that before.

Run Gmer again. When the initial scan finishes click >>> at the top, then click Services.

Click Name at the top left to alphabetize the list of services. Then locate:

TrueSight

Right click it and select Delete. You may get a few warnings, but okay them all.

TrueSight may or may not be deleted. Then restart, and run and post a new Gmer scan please.
Reply With Quote
  #14  
Old December 10th, 2016, 10:41 AM
The Hornmeister The Hornmeister is offline
CTH Subscriber
 
Join Date: Dec 2004
O/S: Windows 10 Home
Location: Liverpool, England
Age: 52
Posts: 296
Hi, it wouldn't let me complete the GMER scan.
I got a pop up box (after it been scanning for a while) saying :

"44k70407.exe Gmer has stopped working.
A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available."

Its took me a while to post this as virtually every web page isn't responding.

Cheers

Ian

Last edited by The Hornmeister; December 10th, 2016 at 05:27 PM.
Reply With Quote
  #15  
Old December 10th, 2016, 08:58 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Follow the steps here under "From Settings" to restart in Safe Mode, and try Gmer then.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 06:37 PM.