|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Laptop Slow, Rule out Malware
Hello,
I'd like to see if I have possible infections that affecting my cpu. I am experiencing slow downs, unable to use windows update, USB memory drives or detect media in my DVD Drive. For the reasons above, I cannot initiate a reformat. |
#2
|
||||
|
||||
Hello BSTAR and Welcome to the CyberTechHelp Forums. .
I will be helping you fixing your problems. Please take note of some guidelines for this fix: 1- My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Keep your sentences short. Thanks for your understanding. 2- Perform everything in the correct order. Sometimes one step requires the previous one. 3- Please open as administrator the computer. How is open as administrator the computer? 4- Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here How to disable your security applications. 5- To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" 6- Back up all your private data / important files on another (external) drive before using our tools (if possible). 7- Please subscribe to this thread if you have not done so already, and please don't do any other scans on your own and don't install or remove software. 8- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Thanks ************************************************** ******************************************* Let's check. I Would like you to do the following Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
|
#3
|
|||
|
|||
Frst
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016
Ran by Skynet (administrator) on SKYNET-PC (03-06-2016 13:25:14) Running from C:\Users\Skynet\Downloads Loaded Profiles: Skynet & Mcx1-SKYNET-PC & Guest (Available Profiles: Skynet & So Fresh & Mcx1-SKYNET-PC & Guest) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe (Joyent, Inc) C:\Windows\Prey\versions\1.5.1\bin\node.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2016\Moldflow\bin\mitsijm.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Fork, Ltd.) C:\Windows\Prey\versions\1.5.1\node_modules\trigge rs\bin\lightevt.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe (Mozilla Corporation) C:\Users\Skynet\AppData\Local\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8123936 2011-07-10] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2011-07-10] (Synaptics Incorporated) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7400064 2016-06-03] (AVAST Software) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd) HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\...\MountPoints2: {927803d8-abd1-11e0-943b-00265ed672bc} - F:\setup.exe HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\...\MountPoints2: {92780607-abd1-11e0-943b-00265ed672bc} - "H:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-2229191350-1810342362-1993344431-1124\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-02] (AVAST Software) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-06] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-09-28] (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-09-28] (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-09-28] (SugarSync, Inc.) ShellIconOverlayIdentifiers: [SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll [2015-09-28] (SugarSync, Inc.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-05-04] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 nlsk.neulion.com Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{7E1F58AC-6E59-409F-AE01-66F2FAC74F5C}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/ HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp SearchScopes: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001 -> {ABF3EFD7-FC3D-4DA4-8FBD-ACAB8567873B} URL = hxxp://www.redflagdeals.com/search.php?q={searchTerms} SearchScopes: HKU\S-1-5-21-2229191350-1810342362-1993344431-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-04-13] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-14] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClien t.dll [2014-09-12] (Adobe Systems Incorporated) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-13] (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClien t.dll [2014-09-12] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-13] (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-14] (AVAST Software) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dl l [2014-09-12] (Adobe Systems Incorporated) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-13] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dl l [2014-09-12] (Adobe Systems Incorporated) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClien t.dll [2014-09-12] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dl l [2014-09-12] (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-2229191350-1810342362-1993344431-501 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClien t.dll [2014-09-12] (Adobe Systems Incorporated) DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: HKLM-x32 {556EEC63-31E2-47C3-BF29-DFF799D2FE04} hxxps://secure.logmein.com/activex/RACtrl.cab DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007 FireFox: ======== FF ProfilePath: C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default FF DefaultSearchEngine.US: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_ 213.dll [2016-04-12] () FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1. dll [2016-04-13] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-13] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect64.dll [2014-04-28] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_ 213.dll [2016-04-12] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635 .dll [2012-07-05] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1. dll [2016-04-13] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-13] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-09-12] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDet ect32.dll [2014-04-28] (Adobe Systems) FF user.js: detected! => C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\user.js [2013-10-28] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-02] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext => not found FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-12-25] [not signed] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-08] [not signed] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-02] StartMenuInternet: FIREFOX.EXE - C:\Users\Skynet\AppData\Local\Mozilla Firefox\firefox.exe Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-02] (AVAST Software) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 CronService; c:\Windows\Prey\wpxsvc.exe [611854 2015-10-17] (Fork, Ltd.) [File not signed] S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries) R2 mitsijm2016; C:\Program Files\Autodesk\Inventor 2016\Moldflow\bin\mitsijm.exe [968480 2014-09-30] (Autodesk, Inc.) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed] S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2016-02-21] (SolidWorks) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 yksvc; C:\Windows\System32\yk62x64.dll [496128 2009-09-28] (Marvell) S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X] S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe /SERVICE [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-02] (AVAST Software) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-02] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-02] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-02] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-02] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-02] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-02] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-02] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-06-02] (AVAST Software) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2014-01-06] (hxxp://libusb-win32.sourceforge.net) R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [180096 2011-07-10] (Vimicro Corporation) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () S3 ADDMEM; \??\C:\Users\Skynet\AppData\Local\Temp\__Samsung_U pdate\ADDMEM.SYS [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X] S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X] Last edited by BSTAR; June 3rd, 2016 at 06:30 PM. |
#4
|
|||
|
|||
FRST (Cont'd)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-03 13:25 - 2016-06-03 13:25 - 00021838 _____ C:\Users\Skynet\Downloads\FRST.txt 2016-06-03 13:24 - 2016-06-03 13:24 - 02383872 _____ (Farbar) C:\Users\Skynet\Downloads\FRST64.exe 2016-06-03 12:59 - 2016-06-03 13:20 - 00118492 _____ C:\Users\So Fresh\Desktop\Addition.txt 2016-06-03 12:54 - 2016-06-03 13:25 - 00000000 ____D C:\FRST 2016-06-03 12:54 - 2016-06-03 13:20 - 00065353 _____ C:\Users\So Fresh\Desktop\FRST.txt 2016-06-03 12:54 - 2016-06-03 12:54 - 02383872 _____ (Farbar) C:\Users\So Fresh\Desktop\FRST64.exe 2016-06-03 11:19 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2016-06-03 11:19 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2016-06-03 11:19 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2016-06-03 10:48 - 2016-04-23 12:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-06-03 10:48 - 2016-04-23 01:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-06-03 10:48 - 2016-04-23 01:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-06-03 10:48 - 2016-04-23 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-06-03 10:48 - 2016-04-23 00:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-06-03 10:48 - 2016-04-23 00:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-06-03 10:48 - 2016-04-23 00:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-06-03 10:48 - 2016-04-23 00:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-06-03 10:48 - 2016-04-23 00:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-06-03 10:48 - 2016-04-23 00:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-06-03 10:48 - 2016-04-23 00:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-06-03 10:48 - 2016-04-22 23:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-06-03 10:48 - 2016-04-22 23:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-06-03 10:48 - 2016-04-22 23:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-06-03 10:48 - 2016-04-22 23:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-06-03 10:48 - 2016-04-09 01:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-06-03 10:47 - 2016-04-23 13:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-06-03 10:47 - 2016-04-23 01:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-06-03 10:47 - 2016-04-23 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-06-03 10:47 - 2016-04-23 01:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-06-03 10:47 - 2016-04-23 01:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-06-03 10:47 - 2016-04-23 01:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-06-03 10:47 - 2016-04-23 01:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-06-03 10:47 - 2016-04-23 01:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-06-03 10:47 - 2016-04-23 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-06-03 10:47 - 2016-04-23 00:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-06-03 10:47 - 2016-04-23 00:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-06-03 10:47 - 2016-04-23 00:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-06-03 10:47 - 2016-04-23 00:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-06-03 10:47 - 2016-04-23 00:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-06-03 10:47 - 2016-04-23 00:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-06-03 10:47 - 2016-04-23 00:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-06-03 10:47 - 2016-04-23 00:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-06-03 10:47 - 2016-04-23 00:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-06-03 10:47 - 2016-04-23 00:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-06-03 10:47 - 2016-04-23 00:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-06-03 10:47 - 2016-04-23 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-06-03 10:47 - 2016-04-23 00:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-06-03 10:47 - 2016-04-23 00:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-06-03 10:47 - 2016-04-23 00:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-06-03 10:47 - 2016-04-23 00:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-06-03 10:47 - 2016-04-23 00:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-06-03 10:47 - 2016-04-23 00:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-06-03 10:47 - 2016-04-23 00:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-06-03 10:47 - 2016-04-23 00:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-06-03 10:47 - 2016-04-23 00:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-06-03 10:47 - 2016-04-23 00:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-06-03 10:47 - 2016-04-23 00:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-06-03 10:47 - 2016-04-22 23:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-06-03 10:47 - 2016-04-22 23:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-06-03 10:47 - 2016-04-22 23:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-06-03 10:47 - 2016-04-22 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-06-03 10:47 - 2016-04-22 23:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-06-03 10:47 - 2016-04-22 23:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-06-03 10:47 - 2016-04-22 23:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-06-03 10:47 - 2016-04-22 23:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-06-03 10:47 - 2016-04-22 23:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-06-03 10:47 - 2016-04-22 23:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-06-03 10:47 - 2016-04-22 23:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-06-03 10:47 - 2016-04-22 23:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-06-03 10:47 - 2016-04-22 23:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-06-03 10:47 - 2016-04-22 23:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-06-03 10:47 - 2016-04-22 23:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-06-03 10:47 - 2016-04-22 23:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-06-03 10:47 - 2016-04-22 23:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-06-03 10:47 - 2016-04-22 23:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-06-03 10:47 - 2016-04-22 23:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-06-03 10:47 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2016-06-03 10:47 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2016-06-03 10:47 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-06-03 10:47 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-06-03 10:47 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-06-03 10:47 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-06-03 10:47 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-06-03 10:47 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-06-03 10:47 - 2016-04-09 02:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-06-03 10:47 - 2016-04-09 02:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-06-03 10:47 - 2016-04-09 02:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-06-03 10:47 - 2016-04-09 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-06-03 10:47 - 2016-04-09 02:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-06-03 10:47 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-06-03 10:47 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-06-03 10:47 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-06-03 10:47 - 2016-04-09 02:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-06-03 10:47 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-06-03 10:47 - 2016-04-09 02:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2016-06-03 10:47 - 2016-04-09 02:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-06-03 10:47 - 2016-04-09 02:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-06-03 10:47 - 2016-04-09 02:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-06-03 10:47 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-06-03 10:47 - 2016-04-09 02:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-06-03 10:47 - 2016-04-09 02:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2016-06-03 10:47 - 2016-04-09 02:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-06-03 10:47 - 2016-04-09 02:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-06-03 10:47 - 2016-04-09 02:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-06-03 10:47 - 2016-04-09 01:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-06-03 10:47 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2016-06-03 10:47 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2016-06-03 10:46 - 2016-04-09 03:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-06-03 10:46 - 2016-04-09 03:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-06-03 10:46 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-06-03 10:46 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-06-03 10:46 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-06-03 10:46 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-06-03 10:46 - 2016-04-09 02:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-06-03 10:46 - 2016-04-09 02:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-06-03 10:46 - 2016-04-09 02:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-06-03 10:46 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-06-03 10:46 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-06-03 10:46 - 2016-04-09 02:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-06-03 10:46 - 2016-04-09 02:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-06-03 10:46 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-06-03 10:46 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-06-03 10:46 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-06-03 10:46 - 2016-04-09 01:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-06-03 10:46 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-06-03 10:46 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-06-03 10:46 - 2016-04-09 01:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-06-03 10:46 - 2016-04-09 01:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-06-03 10:46 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-06-03 10:46 - 2016-04-09 01:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-06-03 10:46 - 2016-04-09 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-06-03 10:46 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-06-03 10:46 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-06-03 10:46 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-06-03 10:46 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-06-03 10:46 - 2016-04-09 01:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-06-03 10:46 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-06-03 10:46 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-06-03 10:43 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2016-06-03 10:43 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2016-06-02 13:57 - 2016-06-02 13:56 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2016-06-02 13:54 - 2016-06-02 13:54 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr 2016-06-02 13:44 - 2016-06-02 15:17 - 00000000 ____D C:\Users\So Fresh\Desktop\90967 slider anchor 2016-06-02 13:41 - 2016-06-02 13:43 - 00864082 _____ C:\Users\So Fresh\Desktop\90967 slider anchor.zip 2016-06-02 13:32 - 2016-06-02 13:32 - 00001882 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2016-06-02 13:31 - 2016-06-02 13:31 - 00000997 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2016-06-01 13:10 - 2016-06-02 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2016-06-01 13:08 - 2016-06-01 13:08 - 00985600 _____ C:\Users\So Fresh\Desktop\MicrosoftFixit50123.msi 2016-06-01 12:53 - 2016-06-01 12:53 - 00000639 _____ C:\Users\So Fresh\Desktop\WindowsUpdateDiagnostic.diagcab 2016-06-01 01:21 - 2016-06-01 01:21 - 00000000 ____D C:\Users\Skynet\AppData\Roaming\MPC-HC 2016-06-01 00:38 - 2016-06-01 00:39 - 00291304 _____ C:\Windows\Minidump\060116-65832-01.dmp 2016-05-30 16:14 - 2016-05-30 18:37 - 00000000 ____D C:\Users\So Fresh\Desktop\MR303033,305026 RFQ 3D 2016-05-30 12:48 - 2016-05-30 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-05-30 12:46 - 2016-05-30 12:46 - 00000000 ____D C:\Program Files\iPod 2016-05-30 12:46 - 2016-05-30 12:46 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-05-20 09:47 - 2016-05-20 09:47 - 00000000 ____D C:\Users\So Fresh\AppData\Roaming\Skype 2016-05-19 17:55 - 2016-05-19 17:55 - 00022348 _____ C:\Users\So Fresh\Desktop\genium.txt 2016-05-16 13:05 - 2016-05-16 13:05 - 00000000 ____D C:\Users\So Fresh\Desktop\New folder (3) 2016-05-16 10:18 - 2016-05-16 10:18 - 00000000 ____D C:\Users\So Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-05-05 09:42 - 2016-05-05 09:43 - 00286512 _____ C:\Windows\Minidump\050516-64163-01.dmp 2016-05-04 17:45 - 2016-05-05 10:07 - 00000000 ____D C:\Users\Skynet\AppData\Local\Mozilla Firefox 2016-05-04 13:49 - 2016-05-04 13:49 - 25239231 _____ C:\Users\Skynet\Downloads\SWUpdate_2.2.7.22.ZIP 2016-05-04 13:13 - 2016-05-04 13:13 - 00000000 ____D C:\Users\Skynet\AppData\Local\GWX 2016-05-04 11:47 - 2016-05-04 11:47 - 00000000 ____D C:\Users\So Fresh\Desktop\New folder (2) ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-03 13:23 - 2011-07-09 17:33 - 00159272 _____ C:\Users\Skynet\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-03 13:21 - 2013-11-15 23:20 - 00000000 ___RD C:\Users\So Fresh\SkyDrive 2016-06-03 12:54 - 2011-07-11 14:37 - 00159272 _____ C:\Users\So Fresh\AppData\Local\GDIPFONTCACHEV1.DAT 2016-06-03 12:52 - 2014-08-23 00:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-06-03 12:40 - 2014-04-06 14:34 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004UA.job 2016-06-03 12:40 - 2009-07-14 00:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-03 12:40 - 2009-07-14 00:45 - 00015152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-03 12:33 - 2015-06-18 20:22 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004UA.job 2016-06-03 12:22 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-03 12:22 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-06-03 12:15 - 2011-07-10 15:37 - 00000435 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2016-06-03 12:13 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-03 12:13 - 2009-07-14 00:45 - 00515800 _____ C:\Windows\system32\FNTCACHE.DAT 2016-06-03 12:08 - 2016-04-15 03:16 - 00000000 ____D C:\Windows\system32\appraiser 2016-06-03 12:08 - 2016-04-14 18:34 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-06-03 12:08 - 2016-04-14 18:34 - 00000000 ___SD C:\Windows\system32\GWX 2016-06-03 11:54 - 2013-08-03 17:15 - 00000000 ____D C:\Windows\system32\MRT 2016-06-03 11:40 - 2014-04-06 14:34 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004Core.job 2016-06-03 11:23 - 2011-07-09 18:00 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-06-03 10:31 - 2015-08-06 22:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2016-06-02 21:13 - 2016-04-27 03:46 - 00000000 ___HD C:\$WINDOWS.~BT 2016-06-02 18:14 - 2011-07-09 04:13 - 00000000 ____D C:\Windows\Panther 2016-06-02 17:15 - 2015-12-03 11:36 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2016-06-02 17:15 - 2015-10-17 22:02 - 00000000 ____D C:\Windows\Prey 2016-06-02 17:15 - 2015-07-10 15:17 - 00000000 ____D C:\Users\Skynet\AppData\Roaming\vlc 2016-06-02 17:15 - 2015-06-22 01:06 - 00000000 ____D C:\Windows\Minidump 2016-06-02 17:15 - 2013-10-14 22:51 - 00000000 ____D C:\Users\Mcx1-SKYNET-PC.Skynet-PC 2016-06-02 17:15 - 2011-07-23 11:45 - 00000000 ____D C:\Users\Guest 2016-06-02 17:15 - 2011-07-10 20:52 - 00000000 ____D C:\ProgramData\WinClon 2016-06-02 17:15 - 2011-07-10 14:40 - 00000000 ____D C:\Windows\VMC326 2016-06-02 17:15 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat 2016-06-02 17:14 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2016-06-02 14:21 - 2016-04-14 17:14 - 00003884 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1458748804 2016-06-02 14:18 - 2009-07-14 01:08 - 00032652 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-06-02 13:56 - 2014-04-21 22:18 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2016-06-02 13:56 - 2014-01-05 02:04 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2016-06-02 13:56 - 2013-05-10 08:48 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2016-06-02 13:56 - 2013-05-10 08:48 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2016-06-02 13:56 - 2013-05-10 08:48 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2016-06-02 13:56 - 2013-03-05 23:26 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2016-06-02 13:56 - 2013-03-05 23:26 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2016-06-02 13:53 - 2016-03-23 11:58 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2016-06-02 13:53 - 2013-05-10 08:48 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2016-06-02 13:29 - 2011-07-09 17:27 - 00000000 ____D C:\Users\Skynet 2016-06-02 13:18 - 2011-07-11 14:26 - 00000000 ____D C:\Users\So Fresh 2016-06-01 19:17 - 2012-07-19 20:00 - 00000000 ____D C:\Users\Skynet\AppData\Local\ElevatedDiagnostics 2016-06-01 14:53 - 2013-09-17 12:22 - 00007663 _____ C:\Users\Skynet\AppData\Local\Resmon.ResmonCfg 2016-06-01 01:21 - 2011-07-11 13:17 - 00000000 ____D C:\Users\Skynet\AppData\Roaming\Apple Computer 2016-06-01 00:37 - 2015-06-22 01:05 - 716065746 _____ C:\Windows\MEMORY.DMP 2016-05-30 12:48 - 2015-08-05 07:54 - 00000000 ____D C:\Program Files\iTunes 2016-05-30 10:08 - 2014-02-19 18:42 - 00002170 _____ C:\Users\So Fresh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2016-05-19 22:52 - 2013-11-27 01:44 - 00000000 ____D C:\Users\So Fresh\AppData\Roaming\KeePass 2016-05-19 22:33 - 2015-06-18 20:22 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004Core.job 2016-05-19 17:59 - 2013-11-04 19:36 - 00000000 ___HD C:\Users\So Fresh\Downloads\encs 2016-05-18 17:38 - 2015-11-09 09:52 - 00000000 ____D C:\Users\So Fresh\AppData\Roaming\Kodi 2016-05-17 23:01 - 2015-04-16 20:12 - 00000000 ____D C:\Users\So Fresh\AppData\Roaming\vlc 2016-05-17 18:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2016-05-17 15:48 - 2011-07-10 14:19 - 00000000 ____D C:\Program Files (x86)\Samsung 2016-05-16 10:18 - 2014-10-16 14:26 - 00000000 ____D C:\Users\So Fresh\AppData\Roaming\Dropbox 2016-05-13 11:35 - 2014-04-06 14:34 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004UA 2016-05-13 11:35 - 2014-04-06 14:34 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004Core 2016-05-04 14:08 - 2011-07-10 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2016-05-04 13:54 - 2011-07-10 20:54 - 00000000 ____D C:\ProgramData\SAMSUNG 2016-05-04 11:47 - 2016-04-19 13:26 - 00000000 ____D C:\Users\So Fresh\Desktop\New folder 2016-05-04 11:18 - 2009-07-13 23:20 - 00000000 ____D C:\PerfLogs ==================== Files in the root of some directories ======= 2009-02-13 11:02 - 2009-02-13 11:02 - 0080896 _____ (Microsoft Corporation) C:\Program Files\devcon_amd64.exe 2013-09-17 12:22 - 2016-06-01 14:53 - 0007663 _____ () C:\Users\Skynet\AppData\Local\Resmon.ResmonCfg 2011-09-19 13:05 - 2016-04-13 14:09 - 0009556 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\Skynet\AppData\Local\Temp\AcDeltree.exe C:\Users\Skynet\AppData\Local\Temp\jre-8u77-windows-au.exe C:\Users\Skynet\AppData\Local\Temp\shutdown1436804 996.exe C:\Users\Skynet\AppData\Local\Temp\_is6F2.exe C:\Users\Skynet\AppData\Local\Temp\_isD44F.exe C:\Users\So Fresh\AppData\Local\Temp\ug3ipq6-.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-31 15:26 ==================== End of FRST.txt ============================ Last edited by BSTAR; June 3rd, 2016 at 06:30 PM. |
#5
|
|||
|
|||
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-06-2016
Ran by Skynet (2016-06-03 13:25:43) Running from C:\Users\Skynet\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2011-07-09 21:27:09) Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= Administrator (S-1-5-21-2229191350-1810342362-1993344431-500 - Administrator - Disabled) Guest (S-1-5-21-2229191350-1810342362-1993344431-501 - Limited - Enabled) => C:\Users\Guest GuestUser (S-1-5-21-2229191350-1810342362-1993344431-1128 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2229191350-1810342362-1993344431-1029 - Limited - Enabled) Mcx1-SKYNET-PC (S-1-5-21-2229191350-1810342362-1993344431-1124 - Limited - Enabled) => C:\Users\Mcx1-SKYNET-PC.Skynet-PC Skynet (S-1-5-21-2229191350-1810342362-1993344431-1001 - Administrator - Enabled) => C:\Users\Skynet So Fresh (S-1-5-21-2229191350-1810342362-1993344431-1004 - Limited - Enabled) => C:\Users\So Fresh ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.09 - Adobe Systems) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology) Autodesk DWG TrueView 2016 - English (HKLM\...\DWG TrueView 2016 - English) (Version: 20.1.49.0 - Autodesk) Autodesk Inventor Professional 2016 - English (HKLM\...\Autodesk Inventor Professional 2016) (Version: 20.0.13800.0000 - Autodesk) Autodesk Inventor Professional 2016 (Version: 20.0.13800.0000 - Autodesk) Hidden Autodesk Inventor Professional 2016 English Language Pack (Version: 20.0.13800.0000 - Autodesk) Hidden Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk) Autodesk Material Library Low Resolution Image Library 2016 (HKLM-x32\...\{FA5DF4D1-CD59-4183-B3D4-779A56498786}) (Version: 6.3.0.15 - Autodesk) Autodesk Revit Interoperability for Inventor 2016 (HKLM\...\Autodesk Revit Interoperability for Inventor 2016) (Version: 16.0.421.0 - Autodesk) Autodesk Revit Interoperability for Inventor 2016 (Version: 16.0.421.0 - Autodesk) Hidden Avast Free Antivirus (HKLM-x32\...\avast) (Version: 11.2.2262 - AVAST Software) BendWorks 1.1 (HKLM-x32\...\BendWorks_is1) (Version: - Complete Design Services) BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.1 - ) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform) ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) ComicRack v0.9.161 (HKLM\...\ComicRack) (Version: v0.9.161 - cYo Soft) ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) CPUID HWMonitor 1.22 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - ) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DWG TrueView 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.0 - Samsung Electronics Co., Ltd.) EasyBatteryManager (HKLM-x32\...\{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}) (Version: 4.0.0.3 - Samsung) Eco Materials Adviser for Autodesk Inventor 2016 (64-bit) (HKLM\...\{1A56BE00-916E-432D-A576-EB00D2FF8450}) (Version: 5.6.4.44 - Granta Design Limited) Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden estamp_exe (HKLM\...\{ef7031a7-f5f5-4ef5-8d6d-e1f782b9b419}.sdb) (Version: - ) Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{CCB71FF8-DE82-469C-8641-44378F4443EB}) (Version: 2.5.4 - Garmin Ltd or its subsidiaries) G-Force (HKLM-x32\...\G-Force) (Version: 3.7.5 - SoundSpectrum) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden iFunbox (v2.94.2520.758), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.94.2520.758 - ) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) Instagiffer version 1.21 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.21 - Justin Todd) Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation) iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.) Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation) Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation) JDownloader 0.9 (HKLM-x32\...\1489-3350-5074-6281) (Version: 0.9 - AppWork GmbH) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl) K-Lite Codec Pack 10.4.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.4.5 - ) Kodi (HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\...\Kodi) (Version: - XBMC-Foundation) Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech) Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 10.70.3.3 - Marvell) Mastercam X5 (HKLM-x32\...\InstallShield_{9910A499-33A8-4EF3-925F-726F2E16ED9E}) (Version: 14.0.4.33 - CNC Software, Inc.) Mastercam X5 (x32 Version: 14.0.4.33 - CNC Software, Inc.) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation) Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Namuga 1.3M Webcam (HKLM-x32\...\{71A51B59-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation) Neo's SafeKeys v3 (HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\...\Neo's SafeKeys v3) (Version: 3.1.4.0 - Aplin Software) NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5948 - Realtek Semiconductor Corp.) SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden Samsung Recovery Solution 4 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 4.0.0.6 - Samsung) Samsung Support Center (HKLM-x32\...\{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}) (Version: 1.0.1 - Samsung) Samsung Update Plus (HKLM-x32\...\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}) (Version: 2.0 - Samsung Electronics Co., Ltd.) SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) SugarSync (HKLM-x32\...\SugarSync) (Version: 3.7.0.14.141281 - SugarSync, Inc.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.10.0 - Synaptics Incorporated) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - ) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.100 - Broadcom Corporation) Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B ) (Version: 06/15/2009 6.2.0.9000 - Broadcom) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1 ) (Version: 07/30/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21 ) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46 ) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C ) (Version: 06/03/2009 2.3.0.0 - Garmin) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2 ) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA ) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{00F064D8-FEC3-48ac-B07D-39C314D1727B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\TestServer.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{13009989-EFB5-48C9-8BD2-943E0392BD71}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxAppCtrl.Ocx (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\dwgviewr.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{18A21864-E37B-42b9-9612-2C1E8C450A29}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{21DB88B0-BFBF-11D4-8DE6-0010B541CAA8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\iDrop.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{2F8377FC-50C1-44EF-AB7A-8FF1BB8EA277}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2016 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{3FC94EB5-AEBD-4f3f-A2A4-B6CE57113C01}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxAppDocView.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{45122C53-8483-4b62-B15A-EAA9FE5FC3D5}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{4C80573A-9150-11d2-B772-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxAppDocView.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{4E6F2E83-E7F0-4333-9772-875EB733C820}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxTest.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{644190AE-BD8F-493F-B63D-C79404AC5E07}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6FDE7A70-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6FDE7A71-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6FDE7A72-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6FDE7A73-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6FDE7A74-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6FDE7A77-351B-11d6-988B-0010B57A8BB7}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtCp.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{72EC5CC5-88F3-45B1-A865-0A327DF58CC8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{81D07C3D-0350-11D3-B7C2-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxAppCtrl.Ocx (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{8421A29C-54B8-11D1-9837-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\SolidObject.Dll () CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{846217D0-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\UCxTextBtn.Ocx (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{846217D1-8954-11D2-8DCD-0060B0C32531}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\UCxTextBtn.Ocx (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{8B0E6BD9-610C-11D1-9842-0060B03C43C8}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\SolidObject.Dll () CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\TestServer.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B6B5DC40-96E3-11d2-B774-0060B0F159EF}\localserver32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\Inventor.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B8E7214B-25CA-4116-84CB-E86FB9625B36}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BE54741D-E02B-4572-93D6-105AF4EDE777}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C343ED84-A129-11d3-B799-0060B0F159EF}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxApprenticeServer.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C92F8F8C-8B2C-11d4-B872-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{CFEE2BAF-14F9-4D23-853D-B6E2BCC14263}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{D7A1987D-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ColorButton.Ocx (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{D7A1987E-4A73-11D1-9A4B-080009DCE505}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ColorButton.Ocx (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DA1F437C-9BD9-11d4-B87C-0060B0EC020B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DtBridge.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DB5D476B-3FF4-4E9D-A606-1E2B473BE571}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\AcInetUI.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DCA7356C-FF94-4b20-AE04-7AA6A8E14117}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DDA9A20F-5B56-49F5-9465-CE82FC199352}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DE6B563C-B074-4BF1-A8A0-B3FED8703E99}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E1C85E9F-60B2-4007-80C3-2C5E09474C3B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\RxInventorUtilities.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\TestServer.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F13E75B9-6AF6-49CB-80B3-6D2FF6E09932}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F2D4F4E5-EEA1-46FF-A83B-A270C92DAE4B}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DTInterop.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F61064CC-DBFB-47ee-9BC8-CA5A1CBDF0DA}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\InvResc.dll (Autodesk) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FA62F626-EBD5-4dc5-B970-D9E81E0E20E0}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\ServiceModule.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB469644-3F14-4403-ACCA-6B13486FF7BD}\localserver32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\InvTXTStack.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FD703B01-4362-423E-9BDB-91BDCB16C1C9}\InprocServer32 -> C:\Program Files\Autodesk\Inventor 2016\Bin\DTInterop.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll => No File Last edited by BSTAR; June 3rd, 2016 at 06:27 PM. |
#6
|
|||
|
|||
ADDITION (Cont'd)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {075F7C08-1BB3-4DB9-88AB-C3FD225A83DE} - System32\Tasks\SUPBackground => C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe Task: {1CCA99F7-9967-48B2-96A3-1887CE7D5192} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.e xe [2009-10-16] (SAMSUNG Electronics co., LTD.) Task: {36FF2D48-2377-4E88-8ABA-1CDC7BA55A07} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2009-09-08] (Samsung Electronics Co., Ltd.) Task: {4508CF34-62B3-4C76-A3D8-1257B25FA241} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004Core => C:\Users\So Fresh\AppData\Local\Dropbox\Update\DropboxUpdate.e xe [2015-06-18] (Dropbox, Inc.) Task: {554157B2-19DB-4970-A430-AA01B4FC7F30} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2229191350-1810342362-1993344431-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {606CBC83-9BE1-48CC-A3CF-DC72BA51D8C1} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2229191350-1810342362-1993344431-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {668C890A-37E6-4794-95B0-A292BDA79122} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {6DC74D3D-C30F-436A-899C-163F00FFA502} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2229191350-1810342362-1993344431-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {755D78B7-6BC6-4AF2-9046-45000EE401A9} - System32\Tasks\{43318915-5D63-4C05-A579-F2AD0541241C} => pcalua.exe -a "C:\Program Files (x86)\Java\jre6\bin\javacpl.exe" -d C:\Windows\system32 Task: {79D5DD66-0B92-4D47-BCEA-40A2C24C859F} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe Task: {81C10ED6-FD3D-4763-92D0-C5A76D1F4734} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004Core => C:\Users\So Fresh\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {890AEA99-223B-4E4E-9051-9CC32887F22F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004UA => C:\Users\So Fresh\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {8C393685-E0A1-48F0-A3F4-EE979AE047C5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software) Task: {9F599F60-8FFD-4BF3-AF94-90D5B6B70E4A} - System32\Tasks\advSRS4 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2010-01-19] (SEC) Task: {A06224D0-535A-4D4D-9F8C-0976BB4BB271} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-06-02] (AVAST Software) Task: {AAE0149C-FDCD-4B99-8E94-C45995256408} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004UA => C:\Users\So Fresh\AppData\Local\Dropbox\Update\DropboxUpdate.e xe [2015-06-18] (Dropbox, Inc.) Task: {BC62DE63-3849-47F3-BF7F-CA0B9BA8FEAB} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-SKYNET-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation) Task: {CBFE98F3-F4C3-4D2C-9ACC-C93BBD8F0612} - System32\Tasks\{21E4EC8B-4ECE-46ED-9FF3-326F3634E5F5} => C:\Users\Skynet\Downloads\Firmware (bios)\WIN_Q320_06LH.exe Task: {DD5BD7E3-7936-4F5D-A857-E3B22B9D08DB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2229191350-1810342362-1993344431-1004 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {EA8458B8-1523-416D-A907-868D543B2387} - System32\Tasks\SafeZone scheduled Autoupdate 1458748804 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software) Task: {EBD55948-41E4-4E37-9533-1A1873B79A82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2016-04-12] (Adobe Systems Incorporated) Task: {F5BB982B-7A3B-4D81-9918-8943F75D2C4E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004Core.job => C:\Users\So Fresh\AppData\Local\Dropbox\Update\DropboxUpdate.e xe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004UA.job => C:\Users\So Fresh\AppData\Local\Dropbox\Update\DropboxUpdate.e xe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004Core.job => C:\Users\So Fresh\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004UA.job => C:\Users\So Fresh\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2011-07-14 00:14 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll 2014-02-11 14:08 - 2013-04-15 12:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL 2014-12-06 13:52 - 2012-09-18 16:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll 2014-02-11 14:09 - 2013-04-15 12:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dl l 2014-12-06 13:53 - 2012-09-18 16:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dl l 2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-07-31 17:01 - 2014-07-02 14:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-06-02 13:54 - 2016-06-02 13:54 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2016-06-02 13:54 - 2016-06-02 13:54 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-06-03 10:31 - 2016-06-03 10:31 - 02923008 _____ () C:\Program Files\AVAST Software\Avast\defs\16060300\algo.dll 2016-06-02 13:54 - 2016-06-02 13:54 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2016-06-02 13:54 - 2016-06-02 13:54 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2011-07-10 20:54 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll 2016-01-26 11:55 - 2016-01-26 11:55 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122] AlternateDataStreams: C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo [122] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\Software\Classes\.scr: DWGTrueViewScriptFile => C:\Windows\system32\notepad.exe "%1" <===== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2015-04-16 22:30 - 00000863 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 nlsk.neulion.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Skynet\AppData\Roaming\Microsoft\Windows\ Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2229191350-1810342362-1993344431-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\T hemes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Garmin Device Interaction Service => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Background Downloader.lnk => C:\Windows\pss\SolidWorks Background Downloader.lnk.CommonStartup MSCONFIG\startupreg: (default) => MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{867918A5-FC11-454B-8D13-868523F06FCA}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe FirewallRules: [{23EA1580-260D-40CF-AD77-5184054FA6DB}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe FirewallRules: [{B5B9A4EC-5680-4BB5-AEDB-4B845285F58A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{24CBC521-BC96-4142-A5BB-B4068031D2D3}] => (Allow) LPort=2869 FirewallRules: [{8C26F746-31F5-417C-B8DA-B082ED843131}] => (Allow) LPort=1900 FirewallRules: [{F874AB6A-D9C4-4712-81A8-796E5CBB6242}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{B74F4284-D860-46A7-A096-538990D7163C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{156B5326-6FB6-4119-A3C1-FDEFDF1497EA}] => (Allow) E:\setup\hpznui40.exe FirewallRules: [{036FD69E-C6CA-4EEB-AC26-290ABFAA838D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{A5BB3CC6-1FDE-4A51-BE4F-A9DA1C657927}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{B08F3CC7-411E-4D9B-96EA-EE09CC0F407E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{138D9FCA-5136-40A2-8EEC-3C953C6A36EE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{5119E536-2E7C-41B8-BCF9-4835464FFBB8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{799CA761-9D80-404F-9C32-156CAEE2C1FB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{18715B90-B701-47F4-94E6-815B615BD702}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{C9C2C1BC-4BD1-41AA-8990-E206BDDED7D2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{BC67A0A8-4DAF-4F09-BB38-07508D49698B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{3DCAC049-CB49-4AE0-9E7F-AF40CB02CAAD}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [TCP Query User{913ED0E4-0BBD-41BE-AA26-6A99625B9A97}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{85B84FC4-F59E-42F0-B851-410600E28D1A}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{035D330E-CB55-40DD-A6FA-14DD1AC3E5AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{3BF3E551-2B1D-4D38-9A30-1BEB6AD62DF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{98557168-B398-41FD-926F-6C04F4882E93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2476F557-BA76-4F24-B186-0F9E424EC104}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{3F965945-125C-49A7-A321-49B1C43481A5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{69EBDB23-26FF-4AD8-9D8F-A82D39E910CA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{8D5BD741-023C-4D5A-AB1F-3A9AE33C9E07}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe FirewallRules: [UDP Query User{CEC67312-45E6-4E96-83DD-245E32BC2670}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe FirewallRules: [{B1AD8E2A-A7F1-4C21-8E1F-B1B94B3A4D4A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{8EEDA26E-6408-440A-BA1C-EB74795D924F}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{B4587E05-FBB2-4E48-905A-495662C18FB5}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService. exe FirewallRules: [{442E5545-6189-4B79-895B-1CD327A02EAD}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService. exe FirewallRules: [TCP Query User{83AE2668-F896-4114-837D-E82D748034D8}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{C8381F83-1250-4A85-AA81-BF2726A81115}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [{0A00E2D1-17F6-41A1-A213-AB5FF795F660}] => (Allow) C:\Users\Skynet\AppData\Local\Microsoft\SkyDrive\S kyDrive.exe FirewallRules: [{14329D6E-BD33-40A0-B3BD-BF5DD4D18CED}] => (Allow) C:\Users\So Fresh\AppData\Local\Microsoft\SkyDrive\SkyDrive.ex e FirewallRules: [{329F2D27-1B71-488E-8EE6-D44EAD1BD665}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{C4016748-A729-406A-9427-54D41BED0B92}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe FirewallRules: [{67531AAB-CA6E-4410-81CB-D271BF9814ED}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base15405\SC2.exe FirewallRules: [{954C4F84-0AEC-4D80-B7C3-2484A04316FE}] => (Allow) C:\Program Files (x86)\StarCraft II\Versions\Base15405\SC2.exe FirewallRules: [TCP Query User{167ABAEC-7A39-4A12-8ED0-CF6CCB581A4B}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe FirewallRules: [UDP Query User{D8138EFE-CDF6-4B8F-BDC2-6F5DAE2CC3BC}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe] => (Allow) C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe FirewallRules: [{7005256F-FFB7-4A94-AC60-BCC4E72CC681}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.e xe FirewallRules: [{2C047D69-CDEC-4150-8858-509D182087B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.e xe FirewallRules: [{220467B9-52C0-4F01-BBA8-63A688253987}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.e xe FirewallRules: [{936F298C-A09E-4770-B7F2-B7B393426D19}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.e xe FirewallRules: [{126DE54C-92EB-4BB8-AAF4-8157E44F2294}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [{E7D936C1-E8B9-4838-A69D-910D680606A0}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe FirewallRules: [TCP Query User{1ACEB202-813E-497A-80CC-2E8609D31F16}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe FirewallRules: [UDP Query User{05B0CA02-A9E1-4BDC-B1AF-19895AABEA2A}C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base26490\sc2.exe FirewallRules: [{37691F80-12B5-4A4D-A395-43C24AB26129}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{B0FB0076-DCB3-4F2F-AB3E-131D37946113}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{17C61A05-34EC-4008-B937-62CACAC12D10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{EF2282B4-E7C5-47C2-B4C9-2FF14F414555}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{3750FF9B-338E-45E8-9903-88D5937FF5E9}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [UDP Query User{7433B490-9718-4EE3-BB41-E5378EDEA367}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe FirewallRules: [{D550DCF5-40A6-49FD-9AF2-614FF377E04F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.e xe FirewallRules: [{0F9EE531-5D45-4809-9046-3162DFCD4884}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.e xe FirewallRules: [TCP Query User{A112E9FF-2DE8-463F-BC60-BC18D0DEE90E}C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe] => (Block) C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe FirewallRules: [UDP Query User{0E0FD64D-17FA-4483-A447-32BC809AADBC}C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe] => (Block) C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe FirewallRules: [TCP Query User{C4C0AD02-B3FF-4DDD-AF44-F9D4C9A7053C}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{7401956B-4B57-472C-8F19-0FB884D4A84A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{3E0315EB-FA4F-430F-8DE3-CE247D758A26}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [UDP Query User{20AFA074-1096-4F00-8116-9CFE77EE6FF9}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [{CCE0D130-5EF5-4980-A83E-FA1A673A403E}] => (Allow) C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{2BDCA789-C63D-4201-9A9A-C3C5108447F9}] => (Allow) C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{9D2AFFE0-333B-4B55-A3E9-7187579401C7}C:\users\so fresh\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\so fresh\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{43ED3D7B-0E88-407C-8B05-A16192B05D0D}C:\users\so fresh\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\so fresh\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{312C559A-FA70-42FF-ADC8-79ACE8405F0D}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [UDP Query User{6AD72DCE-9565-4A1A-91C5-E920BE562CF3}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [TCP Query User{165CC2F7-09DE-40D3-AD2E-C567B16160F9}C:\users\so fresh\appdata\local\hola\firefox\app\hola_plugin.e xe] => (Allow) C:\users\so fresh\appdata\local\hola\firefox\app\hola_plugin.e xe FirewallRules: [UDP Query User{BB941EDC-9F57-4B2D-88C1-EA3AAEF95A74}C:\users\so fresh\appdata\local\hola\firefox\app\hola_plugin.e xe] => (Allow) C:\users\so fresh\appdata\local\hola\firefox\app\hola_plugin.e xe FirewallRules: [TCP Query User{0260E393-75F4-4562-BDA5-5F702E41E864}C:\users\so fresh\appdata\local\hola\firefox\app\hola_plugin.e xe] => (Allow) C:\users\so fresh\appdata\local\hola\firefox\app\hola_plugin.e xe FirewallRules: [UDP Query User{E0C2292E-0D9A-402A-98D5-5AC68F992EBC}C:\users\so fresh\appdata\local\hola\firefox\app\hola_plugin.e xe] => (Allow) C:\users\so fresh\appdata\local\hola\firefox\app\hola_plugin.e xe FirewallRules: [TCP Query User{924CD3F4-8D3A-47A8-ACFC-AF2A3537EBB1}C:\users\so fresh\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\so fresh\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [UDP Query User{D586B603-2442-47F1-8ACA-B98AD5816E32}C:\users\so fresh\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\so fresh\appdata\local\popcorn time\node-webkit\popcorn time.exe FirewallRules: [TCP Query User{A44591AC-A725-47A5-BDD1-64807AB85AC1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{DC0572CC-5E8E-49F9-8D9A-68A63F7E1170}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{504F2D94-CE9A-458D-9D70-7E092CB8EB0E}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{A231AED8-C361-40D0-B7EF-E0CAB47753ED}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [TCP Query User{DF0DE0A7-973F-43C6-B636-5FE89D11CBFC}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe FirewallRules: [UDP Query User{946B2A63-C671-453B-AA4F-C3F45BEF5C03}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe FirewallRules: [{5D47A8CB-99FD-4950-BA1F-9F8721FE3251}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe FirewallRules: [{92DBB009-9120-4C14-B530-6BF35B37B469}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\FAXRX.exe FirewallRules: [{2269C18A-5B25-41EC-AFC4-F111F88299A9}] => (Allow) LPort=54925 FirewallRules: [TCP Query User{CC2D79EE-78A3-4D54-B2EC-2897F9704F16}C:\users\so fresh\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\so fresh\appdata\local\popcorn time\nw.exe FirewallRules: [UDP Query User{49FA53CF-40D9-4BC2-97DD-845DD6A3EB46}C:\users\so fresh\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\so fresh\appdata\local\popcorn time\nw.exe FirewallRules: [{C0B40656-5FFD-4F41-AF2F-86C03B5B9001}] => (Block) C:\users\so fresh\appdata\local\popcorn time\nw.exe FirewallRules: [{2ABEF304-0B79-43F7-A007-492D6506F9F5}] => (Block) C:\users\so fresh\appdata\local\popcorn time\nw.exe FirewallRules: [{3B67519A-8C7E-4F0C-A594-A702FAB35540}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{66549FF9-929C-49A4-86DD-8FD8BA85A726}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{A82907DB-15DB-4D9F-A094-54DB7F8239BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{3ABBBD96-E5D6-4073-98F6-6A16834FCEA5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{53E21BDE-2B29-4C42-86E2-84F24C0BD607}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{C20D5D56-1FB8-4301-9B51-D28C159FB483}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{EEF61903-8FDB-4635-88E8-6F9392B2DC61}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [UDP Query User{4DCDE398-DE6D-44DF-A2AC-DA7B5967607A}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe FirewallRules: [TCP Query User{5DB70C64-220C-49A9-A4C9-9CEDD8266ECB}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{76052BAD-F4B4-4198-AE45-909A4DFF3597}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [{BF9067C0-D92E-43EE-BA13-312AA321D5FF}] => (Allow) C:\Users\Skynet\AppData\Roaming\PT\updater.exe FirewallRules: [{D4375068-F22B-4FA5-B951-8F282D2BA2FE}] => (Allow) C:\Users\Skynet\AppData\Roaming\PT\updater.exe FirewallRules: [{930ECF0C-E298-4D79-9AFB-D9E4BFB24BDB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{110AB890-0426-44B3-A314-6EDA10D086FF}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{C458A3D7-56A2-46FC-A906-A047DD8A07E1}] => (Allow) c:\Windows\Prey\versions\1.5.1\bin\node.exe FirewallRules: [{15386563-A013-4C29-A766-B630436FA7AB}] => (Allow) C:\Users\Skynet\AppData\Local\Mozilla Firefox\firefox.exe FirewallRules: [{5B24D30A-C693-4CF0-89D6-ACF6EBC90A9F}] => (Allow) C:\Users\Skynet\AppData\Local\Mozilla Firefox\firefox.exe FirewallRules: [{61DB4288-6496-46F4-9D56-C2D88894F550}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Restore Points ========================= 31-05-2016 18:04:45 Scheduled Checkpoint 01-06-2016 16:28:55 Installed Microsoft Fix it 50123 02-06-2016 12:44:29 Installed Microsoft Fix it 50123 02-06-2016 12:48:15 Restore Operation 02-06-2016 17:48:08 Windows Update 03-06-2016 11:19:27 Windows Update ==================== Faulty Device Manager Devices ============= Name: BCM2046 Bluetooth Module Description: BCM2046 Bluetooth Module Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/03/2016 12:30:40 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to compile: System.Management.Automation, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070020 Error: (06/03/2016 12:27:34 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 Error: (06/03/2016 12:25:43 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070020 Error: (06/03/2016 12:17:50 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "ehshell, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed. . Error: (06/02/2016 05:46:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 723876 Error: (06/02/2016 05:46:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 723876 Error: (06/02/2016 05:46:43 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/01/2016 02:39:03 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 46.0.1.5966 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1398 Start Time: 01d1bc323852e353 Termination Time: 31 Application Path: C:\Users\Skynet\AppData\Local\Mozilla Firefox\firefox.exe Report Id: 12d7501d-2828-11e6-93e1-001377e70e25 Error: (06/01/2016 02:36:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2 Faulting module name: wucltux.dll, version: 7.6.7601.19161, time stamp: 0x56be29ef Exception code: 0xc0000005 Fault offset: 0x000000000007abc4 Faulting process id: 0x56c Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 Error: (06/01/2016 02:00:44 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Explorer.EXE, version: 6.1.7601.19135, time stamp: 0x56a1bbe2 Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb3625 Exception code: 0xc0000374 Fault offset: 0x00000000000bf262 Faulting process id: 0x8bc Faulting application start time: 0xExplorer.EXE0 Faulting application path: Explorer.EXE1 Faulting module path: Explorer.EXE2 Report Id: Explorer.EXE3 System errors: ============= Error: (06/03/2016 12:16:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (06/03/2016 12:15:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC) Error: (06/03/2016 12:14:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VBoxAsw Support Driver service failed to start due to the following error: %%3 Error: (06/03/2016 12:14:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SW Update Service service failed to start due to the following error: %%2 Error: (06/03/2016 10:31:03 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (06/03/2016 10:22:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (06/03/2016 10:22:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC) Error: (06/03/2016 10:21:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VBoxAsw Support Driver service failed to start due to the following error: %%3 Error: (06/03/2016 10:21:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SW Update Service service failed to start due to the following error: %%2 Error: (06/02/2016 11:55:28 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Windows Update service did not shut down properly after receiving a preshutdown control. CodeIntegrity: =================================== Date: 2015-08-01 11:15:45.433 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-08-01 11:15:45.386 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\u sbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-13 22:33:03.341 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v. dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 20:56:54.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v. dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 20:55:47.276 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v. dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 20:55:20.908 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v. dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 20:55:03.139 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v. dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 20:54:08.533 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v. dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 20:54:07.491 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v. dll because the set of per-page image hashes could not be found on the system. Date: 2014-08-13 20:53:56.145 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvapo64v. dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Duo CPU P8700 @ 2.53GHz Percentage of memory in use: 49% Total physical RAM: 4060.61 MB Available physical RAM: 2035.01 MB Total Virtual: 8119.4 MB Available Virtual: 5950.59 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:120.09 GB) (Free:31.43 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (New Volume) (Fixed) (Total:164 GB) (Free:0.09 GB) NTFS ==================== MBR & Partition Table ================== ================================================== ====== Disk: 0 (Size: 298.1 GB) (Disk ID: A5AC1090) Partition 1: (Not Active) - (Size=14 GB) - (Type=27) Partition 2: (Active) - (Size=120.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=164 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ |
#7
|
||||
|
||||
Hi there,
Step 1: FRST Script: Please download this attached Fixlist.txt (23.7 KB, 0 views) and save it in the same directory as FRST.
Scan with Malwarebytes Antimalware: Please download Malwarebytes Anti-Malware to your desktop.
ComboFix run: Please be sure to run our tools with administrator rights. * IMPORTAN: 1Place ComboFix.exe on your Desktop * IMPORTAN: 2Ensure your external and/or USB drives are inserted during the scan Next, downloadComboFix Save to the Desktop
Have a nice day. |
#8
|
|||
|
|||
Fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
Ran by Skynet (2016-06-06 12:54:08) Run:1 Running from C:\Users\Skynet\Downloads Loaded Profiles: Skynet (Available Profiles: Skynet & So Fresh & Mcx1-SKYNET-PC & Guest) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll => No File CustomCLSID: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll => No File Task: {755D78B7-6BC6-4AF2-9046-45000EE401A9} - System32\Tasks\{43318915-5D63-4C05-A579-F2AD0541241C} => pcalua.exe -a "C:\Program Files (x86)\Java\jre6\bin\javacpl.exe" -d C:\Windows\system32 AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122] AlternateDataStreams: C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo [122] HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\Software\Classes\.scr: DWGTrueViewScriptFile => C:\Windows\system32\notepad.exe "%1" <===== ATTENTION FirewallRules: [TCP Query User{3F965945-125C-49A7-A321-49B1C43481A5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{69EBDB23-26FF-4AD8-9D8F-A82D39E910CA}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{83AE2668-F896-4114-837D-E82D748034D8}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{C8381F83-1250-4A85-AA81-BF2726A81115}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{C4C0AD02-B3FF-4DDD-AF44-F9D4C9A7053C}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{7401956B-4B57-472C-8F19-0FB884D4A84A}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{5DB70C64-220C-49A9-A4C9-9CEDD8266ECB}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe FirewallRules: [UDP Query User{76052BAD-F4B4-4198-AE45-909A4DFF3597}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\...\MountPoints2: {927803d8-abd1-11e0-943b-00265ed672bc} - F:\setup.exe HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\...\MountPoints2: {92780607-abd1-11e0-943b-00265ed672bc} - "H:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-2229191350-1810342362-1993344431-1124\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\So Fresh\AppData\Roaming\Dropbox\bin\DropboxExt64.24. dll No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File SearchScopes: HKU\S-1-5-21-2229191350-1810342362-1993344431-1001 -> {ABF3EFD7-FC3D-4DA4-8FBD-ACAB8567873B} URL = hxxp://www.redflagdeals.com/search.php?q={searchTerms} SearchScopes: HKU\S-1-5-21-2229191350-1810342362-1993344431-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File FF ProfilePath: C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF user.js: detected! => C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\user.js [2013-10-28] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext => not found C:\Users\Skynet\AppData\Local\Temp C:\Users\So Fresh\AppData\Local\Temp CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state on CMD: ipconfig /flushdns Emptytemp: ***************** Restore point was successfully created. Processes closed successfully. "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{755D78 B7-6BC6-4AF2-9046-45000EE401A9}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{755D78 B7-6BC6-4AF2-9046-45000EE401A9}" => key removed successfully C:\Windows\System32\Tasks\{43318915-5D63-4C05-A579-F2AD0541241C} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4331891 5-5D63-4C05-A579-F2AD0541241C}" => key removed successfully C:\Users\Public\.DS_Store => ":AFP_AfpInfo" ADS removed successfully. C:\Users\Public\Documents\.DS_Store => ":AFP_AfpInfo" ADS removed successfully. "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\Software\Classes\DWGTrueViewScriptFile" => key removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\Software\Classes\.scr" => key removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3F965945-125C-49A7-A321-49B1C43481A5}C:\program files (x86)\java\jre7\bin\javaw.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{69EBDB23-26FF-4AD8-9D8F-A82D39E910CA}C:\program files (x86)\java\jre7\bin\javaw.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{83AE2668-F896-4114-837D-E82D748034D8}C:\program files\java\jre7\bin\javaw.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C8381F83-1250-4A85-AA81-BF2726A81115}C:\program files\java\jre7\bin\javaw.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C4C0AD02-B3FF-4DDD-AF44-F9D4C9A7053C}C:\program files\java\jre7\bin\javaw.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7401956B-4B57-472C-8F19-0FB884D4A84A}C:\program files\java\jre7\bin\javaw.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5DB70C64-220C-49A9-A4C9-9CEDD8266ECB}C:\program files\java\jre1.8.0_45\bin\javaw.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{76052BAD-F4B4-4198-AE45-909A4DFF3597}C:\program files\java\jre1.8.0_45\bin\javaw.exe => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\Curren tVersion\Run\\ => value removed successfully "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{927803d8-abd1-11e0-943b-00265ed672bc}" => key removed successfully HKCR\CLSID\{927803d8-abd1-11e0-943b-00265ed672bc} => key not found. "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\MountPoints2\{92780607-abd1-11e0-943b-00265ed672bc}" => key removed successfully HKCR\CLSID\{92780607-abd1-11e0-943b-00265ed672bc} => key not found. HKU\S-1-5-21-2229191350-1810342362-1993344431-1124\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\"DropboxExt1"" => key removed successfully HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\"DropboxExt2"" => key removed successfully HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\"DropboxExt3"" => key removed successfully HKCR\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\"DropboxExt4"" => key removed successfully HKCR\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\"DropboxExt5"" => key removed successfully HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\"DropboxExt6"" => key removed successfully HKCR\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\"DropboxExt7"" => key removed successfully HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers\"DropboxExt8"" => key removed successfully HKCR\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. "HKU\S-1-5-21-2229191350-1810342362-1993344431-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABF3EFD7-FC3D-4DA4-8FBD-ACAB8567873B}" => key removed successfully HKCR\CLSID\{ABF3EFD7-FC3D-4DA4-8FBD-ACAB8567873B} => key not found. HKU\S-1-5-21-2229191350-1810342362-1993344431-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. FF ProfilePath: C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default => FRST is scripted not to move this directory. "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@microso ft.com/GENUINE" => key removed successfully C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\user.js => not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensio ns\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully "C:\Users\Skynet\AppData\Local\Temp" folder move: Could not move "C:\Users\Skynet\AppData\Local\Temp" => Scheduled to move on reboot. C:\Users\So Fresh\AppData\Local\Temp => moved successfully ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= ========= netsh advfirewall set allprofiles state on ========= Ok. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => 3.2 GB temporary data Removed. Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-06-06 13:09:17) "C:\Users\Skynet\AppData\Local\Temp" => Could not move ==== End of Fixlog 13:09:32 ==== |
#9
|
|||
|
|||
I've successfully installed and attempted to launch Malwarebytes. However, the program hangs when I try to start it. Next, I restarted my laptop where it hangs on "logging off" screen. I had to force shutdown by holding my power button.
Upon restart, I uninstalled/reinstalled Malwarebytes and restarted the laptop. It now started to updating but freezes inbetween, where a windows message indicates the program has stopped responding. Not sure what I should do from here. Last edited by BSTAR; June 6th, 2016 at 08:40 PM. Reason: I got it to work after retrying. see results below |
#10
|
|||
|
|||
Malwarebytes Anti-Malware
Malwarebytes Anti-Malware
www.malwarebytes.org Scan Date: 06/06/2016 Scan Time: 2:23 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.06.05 Rootkit Database: v2016.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Skynet Scan Type: Threat Scan Result: Completed Objects Scanned: 482949 Time Elapsed: 50 min, 49 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 3 PUP.Optional.FaceMoods, C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\prefs.js, Good: (), Bad: (user_pref("extensions.facemoods.aflt", "_#ddrnw"), Replaced,[c0fde0193f5a2d0951cf740bc83c20e0] PUP.Optional.FaceMoods, C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\prefs.js, Good: (), Bad: (ences /* Do not edit this file. * * If you ), Replaced,[b8053cbd10892a0c32ee4c33b25255ab] PUP.Optional.FaceMoods, C:\Users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\prefs.js, Good: (), Bad: (ences /* Do not edit this file. * * If you), Replaced,[01bcda1fd8c1c47246da106faf55cb35] Physical Sectors: 0 (No malicious items detected) (end) |
#11
|
|||
|
|||
ComboFix
ComboFix 16-06-01.01 - Skynet 06/06/2016 15:49:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2452 [GMT -4:00] Running from: c:\users\Skynet\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Public\sdelevURL.tmp c:\windows\Downloaded Program Files\IDropPTB.dll . . ((((((((((((((((((((((((( Files Created from 2016-05-06 to 2016-06-06 ))))))))))))))))))))))))))))))) . . 2016-06-06 20:06 . 2016-06-06 20:06 -------- d-----w- c:\users\Mcx1-SKYNET-PC.Skynet-PC\AppData\Local\temp 2016-06-06 20:06 . 2016-06-06 20:06 -------- d-----w- c:\users\Guest\AppData\Local\temp 2016-06-06 20:06 . 2016-06-06 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-06-06 18:05 . 2016-06-06 18:22 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-06-06 18:04 . 2016-03-10 18:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-06-06 18:04 . 2016-03-10 18:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys 2016-06-06 18:04 . 2016-03-10 18:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys 2016-06-06 18:04 . 2016-06-06 18:04 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2016-06-06 17:04 . 2016-06-06 20:06 -------- d-----w- c:\users\Skynet\AppData\Local\Temp 2016-06-06 16:28 . 2016-06-06 16:28 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05CCA242-2CE5-435D-AC73-B82AD2AEEC5F}\offreg.4028.dll 2016-06-06 08:26 . 2016-06-06 08:26 -------- d-----w- C:\$Windows.~WS 2016-06-06 06:06 . 2016-06-06 06:06 -------- d-----w- C:\$SysReset 2016-06-03 23:25 . 2016-06-06 10:27 -------- d-----w- C:\Recovery 2016-06-03 16:54 . 2016-06-06 17:09 -------- d-----w- C:\FRST 2016-06-03 16:00 . 2016-05-27 18:01 11895896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05CCA242-2CE5-435D-AC73-B82AD2AEEC5F}\mpengine.dll 2016-06-03 15:19 . 2016-04-09 07:01 986344 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2016-06-03 15:19 . 2016-04-09 07:01 264936 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2016-06-03 15:19 . 2016-04-09 06:57 144384 ----a-w- c:\windows\system32\cdd.dll 2016-06-03 14:47 . 2016-04-23 04:34 244224 ----a-w- c:\program files\Internet Explorer\DiagnosticsTap.dll 2016-06-03 14:46 . 2016-04-09 07:01 154344 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2016-06-03 14:43 . 2016-04-09 04:20 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2016-06-03 14:43 . 2016-04-09 03:52 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll 2016-06-02 17:57 . 2016-06-02 17:56 398152 ----a-w- c:\windows\system32\aswBoot.exe 2016-06-02 17:54 . 2016-06-02 17:54 52184 ----a-w- c:\windows\avastSS.scr 2016-06-01 05:21 . 2016-06-01 05:21 -------- d-----w- c:\users\Skynet\AppData\Roaming\MPC-HC 2016-05-30 16:46 . 2016-05-30 16:46 -------- d-----w- c:\program files\iPod 2016-05-30 16:46 . 2016-05-30 16:46 -------- d-----w- c:\program files (x86)\iTunes 2016-05-20 13:47 . 2016-05-20 13:47 -------- d-----w- c:\users\So Fresh\AppData\Roaming\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2016-06-06 08:24 . 2014-08-23 04:46 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2016-06-06 08:24 . 2014-08-23 04:46 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2016-06-03 15:23 . 2011-07-09 22:00 139319312 ----a-w- c:\windows\system32\MRT.exe 2016-06-02 17:56 . 2014-01-05 06:04 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys 2016-06-02 17:56 . 2013-03-06 03:26 287528 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2016-06-02 17:56 . 2013-05-10 12:48 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys 2016-06-02 17:56 . 2014-04-22 02:18 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2016-06-02 17:56 . 2013-05-10 12:48 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2016-06-02 17:56 . 2013-03-06 03:26 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2016-06-02 17:56 . 2013-05-10 12:48 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2016-06-02 17:53 . 2013-05-10 12:48 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2016-06-02 17:53 . 2016-03-23 15:58 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2016-04-21 19:05 . 2011-07-09 21:41 453288 ----a-w- c:\windows\system32\MpSigStub.exe 2016-04-13 18:28 . 2016-04-13 18:28 0 ----a-w- c:\windows\SysWow64\RENF26A.tmp 2016-04-13 18:25 . 2014-08-06 04:03 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2016-04-09 06:54 . 2016-06-03 14:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2016-04-04 18:14 . 2016-04-14 22:27 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe 2016-04-04 18:02 . 2016-04-14 22:27 1169408 ----a-w- c:\windows\system32\aeinv.dll 2016-04-02 13:08 . 2016-04-14 22:27 1386496 ----a-w- c:\windows\system32\appraiser.dll 2016-03-23 14:02 . 2016-04-14 22:27 215040 ----a-w- c:\windows\system32\aepic.dll 2016-03-17 22:56 . 2016-04-14 22:29 2084864 ----a-w- c:\windows\system32\ole32.dll 2016-03-17 22:28 . 2016-04-14 22:29 1414144 ----a-w- c:\windows\SysWow64\ole32.dll 2016-03-17 18:04 . 2016-04-14 22:27 698368 ----a-w- c:\windows\system32\generaltel.dll 2016-03-17 18:04 . 2016-04-14 22:27 499200 ----a-w- c:\windows\system32\devinv.dll 2016-03-17 18:04 . 2016-04-14 22:27 279040 ----a-w- c:\windows\system32\invagent.dll 2016-03-17 18:04 . 2016-04-14 22:27 76800 ----a-w- c:\windows\system32\acmigration.dll 2016-03-16 18:50 . 2016-04-14 22:26 156672 ----a-w- c:\windows\system32\mtxoci.dll 2016-03-16 18:28 . 2016-04-14 22:26 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll 2016-03-16 18:28 . 2016-04-14 22:26 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll 2016-03-16 00:16 . 2016-04-14 22:24 760320 ----a-w- c:\windows\system32\samsrv.dll 2016-03-16 00:16 . 2016-04-14 22:24 106496 ----a-w- c:\windows\system32\samlib.dll 2016-03-15 23:53 . 2016-04-14 22:24 60416 ----a-w- c:\windows\SysWow64\samlib.dll 2009-02-13 15:02 . 2009-02-13 15:02 80896 ----a-w- c:\program files\devcon_amd64.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-06-03 7400064] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\tray.exe" [2015-04-08 1010008] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 1080608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.s ys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x] R2 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x] R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x] R3 ADDMEM;ADDMEM;c:\users\Skynet\AppData\Local\Temp\_ _Samsung_Update\ADDMEM.SYS;c:\users\Skynet\AppData \Local\Temp\__Samsung_Update\ADDMEM.SYS [x] R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c :\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x] R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c :\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x] R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x] R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\ windows\SYSNATIVE\drivers\bcbtums.sys [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c: \windows\SYSNATIVE\drivers\btusbflt.sys [x] R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwa mpfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c :\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\ windows\SYSNATIVE\IEEtwCollector.exe [x] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys;c :\windows\SYSNATIVE\DRIVERS\ivusb.sys [x] R3 libusb0;Jawbone LibUsb-Win32 - Kernel Driver 09/04/2013,1.2.6.2;c:\windows\system32\DRIVERS\libusb0.s ys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys; c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\wi ndows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys;c:\windows\SYSNATIVE\drivers\rdpvideominipor t.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c :\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c: \windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c: \windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\win dows\SYSNATIVE\DRIVERS\WSDScan.sys [x] R4 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x] R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\ windows\SYSNATIVE\drivers\nvvad64v.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.s ys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.s ys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys; c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\ SYSNATIVE\Drivers\SABI.sys [x] S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys; c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x] S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys ;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt .sys [x] S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe ;c:\windows\SYSNATIVE\BtwRSupportService.exe [x] S2 CronService;Cron Service;c:\windows\Prey\wpxsvc.exe;c:\windows\Prey \wpxsvc.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows \SYSNATIVE\svchost.exe [x] S2 mitsijm2016;Autodesk Simulation Moldflow MITSI 2016 Job Manager;c:\program files\Autodesk\Inventor 2016\Moldflow\bin\mitsijm.exe;c:\program files\Autodesk\Inventor 2016\Moldflow\bin\mitsijm.exe [x] S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe;c:\windows \SYSNATIVE\svchost.exe [x] S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\wi ndows\SYSNATIVE\DRIVERS\NETw5s64.sys [x] S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys;c:\w indows\SYSNATIVE\Drivers\VMC326.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys ;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . Contents of the 'Scheduled Tasks' folder . 2016-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2014-08-23 08:24] . 2016-05-20 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004Core.job - c:\users\So Fresh\AppData\Local\Dropbox\Update\DropboxUpdate.e xe [2015-06-19 00:22] . 2016-06-06 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004UA.job - c:\users\So Fresh\AppData\Local\Dropbox\Update\DropboxUpdate.e xe [2015-06-19 00:22] . 2016-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004Core.job - c:\users\So Fresh\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-06 15:03] . 2016-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2229191350-1810342362-1993344431-1004UA.job - c:\users\So Fresh\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-06 15:03] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2016-06-02 17:56 920784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2015-09-28 22:11 1852432 ----a-w- c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2015-09-28 22:11 1852432 ----a-w- c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncSharedSyncing] @="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}" [HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}] 2015-09-28 22:11 1852432 ----a-w- c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Su garSyncSynced] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2015-09-28 22:11 1852432 ----a-w- c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-10 8123936] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2015-08-26 3113592] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-05-11 176952] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.ca/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local mSearchAssistant = www.google.com IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB FF - ProfilePath - c:\users\Skynet\AppData\Roaming\Mozilla\Firefox\Pr ofiles\o2l3kqvi.default\ FF - ExtSQL: !HIDDEN! 2011-09-19 13:15; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_20_0_0_306_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_20_0_0_306_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_20_0_0_306_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_20_0_0_306_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _20_0_0_306.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.20" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _20_0_0_306.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _20_0_0_306.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _20_0_0_306.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security] @Denied: (Full) (Everyone) . Completion time: 2016-06-06 16:12:38 ComboFix-quarantined-files.txt 2016-06-06 20:12 . Pre-Run: 36,856,889,344 bytes free Post-Run: 36,048,683,008 bytes free . - - End Of File - - 17897D51B6FEE26009B91C08177D2582 61A349592C4728853F4A90FF78F7628E |
#12
|
||||
|
||||
Hi again, Thanks for the Logs.
Please do the following Step 1: MalwareBytes Anti-Rootkit scan:
The MBAR folder in the list you find. Click once. Now click the OK button. Click the OK button again. Then Next and click on the Uptade button Now click on the scan button
RogueKiller scan:
|
#13
|
|||
|
|||
mbar-log-2016-06-08
Hello,
Nice to hear from you! Quote:
|
#14
|
|||
|
|||
system-log
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.18314 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.527000 GHz Memory total: 4257857536, free: 2370076672 Downloaded database version: v2016.06.08.05 Downloaded database version: v2016.05.27.01 Downloaded database version: v2016.05.25.01 ======================================= Initializing... Driver version: 0.3.0.4 ------------ Kernel report ------------ 06/08/2016 10:56:02 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\System32\Drivers\aswVmm.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\drivers\aswSP.sys \SystemRoot\system32\drivers\aswSnx.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\drivers\aswKbd.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\aswRdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \??\C:\Windows\system32\Drivers\SABI.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\Drivers\ElbyCDIO.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\NETw5s64.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\yk62x64.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\VClone.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\VMC326.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\aswMonFlt.sys \SystemRoot\system32\drivers\aswStm.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\aksdf.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\aswHwid.sys \??\C:\Windows\system32\drivers\hardlock.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\drivers\ipnat.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\urlmon.dll \Windows\System32\msvcrt.dll \Windows\System32\user32.dll \Windows\System32\oleaut32.dll \Windows\System32\comdlg32.dll \Windows\System32\rpcrt4.dll \Windows\System32\psapi.dll \Windows\System32\shell32.dll \Windows\System32\ws2_32.dll \Windows\System32\msctf.dll \Windows\System32\imagehlp.dll \Windows\System32\wininet.dll \Windows\System32\ole32.dll \Windows\System32\sechost.dll \Windows\System32\normaliz.dll \Windows\System32\Wldap32.dll \Windows\System32\kernel32.dll \Windows\System32\advapi32.dll \Windows\System32\clbcatq.dll \Windows\System32\lpk.dll \Windows\System32\nsi.dll \Windows\System32\usp10.dll \Windows\System32\gdi32.dll \Windows\System32\iertutil.dll \Windows\System32\shlwapi.dll \Windows\System32\setupapi.dll \Windows\System32\difxapi.dll \Windows\System32\imm32.dll \Windows\System32\KernelBase.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\userenv.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\msasn1.dll \Windows\System32\profapi.dll ----------- End ----------- Done! Scan started Database versions: main: v2016.06.08.05 rootkit: v2016.05.27.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80057e2700, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80057e2150, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80057e2700, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004a7d050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: A5AC1090 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 29360128 Partition is bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 29362176 Numsec = 251840512 Partition is bootable Partition file system is NTFS Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 281202688 Numsec = 343934976 Partition is not bootable Partition file system is NTFS Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Scan Interrupted Scan Interrupted Scan Interrupted Scan Interrupted Scan Interrupted ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.18314 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.527000 GHz Memory total: 4257857536, free: 1968447488 Downloaded database version: v2016.06.08.05 Downloaded database version: v2016.05.27.01 Downloaded database version: v2016.05.25.01 ======================================= Initializing... Driver version: 0.3.0.4 ------------ Kernel report ------------ 06/08/2016 12:12:44 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\System32\Drivers\aswVmm.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\drivers\aswSP.sys \SystemRoot\system32\drivers\aswSnx.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\drivers\aswKbd.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\aswRdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \??\C:\Windows\system32\Drivers\SABI.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\Drivers\ElbyCDIO.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\NETw5s64.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\yk62x64.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\serscan.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\VClone.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\LHidFilt.Sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\LMouFilt.Sys \SystemRoot\System32\Drivers\VMC326.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\aswMonFlt.sys \SystemRoot\system32\drivers\aswStm.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\aksdf.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\aswHwid.sys \??\C:\Windows\system32\drivers\hardlock.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\System32\drivers\ipnat.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\oleaut32.dll \Windows\System32\setupapi.dll \Windows\System32\wininet.dll \Windows\System32\advapi32.dll \Windows\System32\urlmon.dll \Windows\System32\nsi.dll \Windows\System32\kernel32.dll \Windows\System32\comdlg32.dll \Windows\System32\iertutil.dll \Windows\System32\user32.dll \Windows\System32\psapi.dll \Windows\System32\msvcrt.dll \Windows\System32\imm32.dll \Windows\System32\shell32.dll \Windows\System32\clbcatq.dll \Windows\System32\shlwapi.dll \Windows\System32\ole32.dll \Windows\System32\usp10.dll \Windows\System32\imagehlp.dll \Windows\System32\Wldap32.dll \Windows\System32\normaliz.dll \Windows\System32\lpk.dll \Windows\System32\difxapi.dll \Windows\System32\sechost.dll \Windows\System32\ws2_32.dll \Windows\System32\msctf.dll \Windows\System32\gdi32.dll \Windows\System32\rpcrt4.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\devobj.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\KernelBase.dll \Windows\System32\wintrust.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\userenv.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\msasn1.dll \Windows\System32\profapi.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! Scan started Database versions: main: v2016.06.08.05 rootkit: v2016.05.27.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8005801060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005801b20, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005801060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80047aa050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: A5AC1090 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 29360128 Partition is bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 29362176 Numsec = 251840512 Partition is bootable Partition file system is NTFS Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 281202688 Numsec = 343934976 Partition is not bootable Partition file system is NTFS Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 320072933376 bytes Sector size: 512 bytes Done! File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D0C8C295149E175A3A98A7BD239CD5189CCD3D6F.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D0C8C295149E175A3A98A7BD239CD5189CCD3D6F.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D0C8C295149E175A3A98A7BD239CD5189CCD3D6F.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D0C8C295149E175A3A98A7BD239CD5189CCD3D6F.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D0C8C295149E175A3A98A7BD239CD5189CCD3D6F.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D0C8C295149E175A3A98A7BD239CD5189CCD3D6F.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D0C8C295149E175A3A98A7BD239CD5189CCD3D6F.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D0C8C295149E175A3A98A7BD239CD5189CCD3D6F.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D0C8C295149E175A3A98A7BD239CD5189CCD3D6F.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D0C8C295149E175A3A98A7BD239CD5189CCD3D6F.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D0C8C295149E175A3A98A7BD239CD5189CCD3D6F.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D0C8C295149E175A3A98A7BD239CD5189CCD3D6F.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-D0C8C295149E175A3A98A7BD239CD5189CCD3D6F.bin.83" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-29362176-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-281202688-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished |
#15
|
|||
|
|||
RogueKiller Scan Report
I download the 64bit version from their website, since the link you provided was for 32bit only.
Quote:
|
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Very slow laptop, virus or malware | Peter Mac | Malware Removal | 6 | June 19th, 2019 04:32 PM |
old mac book slow want to rule out malware | marliz | Malware Removal | 2 | July 29th, 2016 07:38 PM |
Something eating up RAM, want to rule out Malware. | mobious_1 | Malware Removal | 48 | September 16th, 2013 08:12 AM |
Seeking assistance to delete malware - Laptop very slow - HJT Log attached | kiwifella | Malware Removal | 1 | September 5th, 2010 03:13 AM |
pc very slow, possible malware? | Dragomago | Malware Removal | 13 | April 4th, 2008 12:47 PM |
All times are GMT +1. The time now is 12:02 PM.