Jump to content

superflyte

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ok, sorry. I inherited this PC from work, so will get it checked and have that taken off. Thanks again.
  2. Just re-read it, you said copy and paste, so here it is Thanks Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015 Ran by Troy (administrator) on TROY-PC (09-10-2015 20:36:32) Running from C:\Users\Troy\Desktop Loaded Profiles: Troy (Available Profiles: Troy) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\GROOVE.EXE (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Autodesk Inc.) C:\Users\Troy\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2816336 2012-05-09] (ELAN Microelectronics Corp.) HKLM\...\Run: [bLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated) HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-05-28] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [477064 2013-12-22] (Autodesk Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36710768 2015-10-02] (Dropbox, Inc.) HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-08] (Brother Industries, Ltd.) HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2013-03-22] (Brother Industries, Ltd.) HKLM-x32\...\Run: [brHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1392360826-2740171010-1702370230-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1392360826-2740171010-1702370230-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-19] (Autodesk, Inc.) HKU\S-1-5-21-1392360826-2740171010-1702370230-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-1392360826-2740171010-1702370230-1000\...\Run: [backUp2163991258] => C:\Users\Troy\AppData\Roaming\BackUp2163991258.exe [454656 2011-03-01] () HKU\S-1-5-21-1392360826-2740171010-1702370230-1000\...\Policies\Explorer: [] HKU\S-1-5-21-1392360826-2740171010-1702370230-1000\...\MountPoints2: {c9967296-62f0-11e3-90a0-c485086ff774} - D:\Setup.exe HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-02-19] (Autodesk, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-10-02] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2014-09-02] ShortcutTarget: CineForm Status.lnk -> C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro) Startup: C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkyDrive Pro.lnk [2015-07-08] ShortcutTarget: SkyDrive Pro.lnk -> C:\Program Files\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 203.29.125.2 203.29.125.66 Tcpip\..\Interfaces\{213050C4-564A-42C2-9AF1-820E9E134276}: [DhcpNameServer] 203.29.125.2 203.29.125.66 Internet Explorer: ================== HKU\S-1-5-21-1392360826-2740171010-1702370230-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-13] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-13] (Oracle Corporation) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01] (Microsoft Corporation.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\h3g7lpjc.default FF Homepage: www.google.com FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll [2013-03-24] () FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\windows\system32\npDeployJava1.dll [2013-03-22] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll [2013-03-24] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-07] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-07] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-13] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-13] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-02-16] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-06-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-06-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-06-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-06-17] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-06-17] (Apple Inc.) FF Extension: FlashGot - C:\Users\Troy\AppData\Roaming\Mozilla\Firefox\Profiles\h3g7lpjc.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-05-19] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [576904 2013-12-22] (Autodesk Inc.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed] S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-15] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-15] (Dropbox, Inc.) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-08] () R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation) R2 mitsijm2015; C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [968480 2013-10-12] (Autodesk, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] () R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed] S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [37888 2013-03-02] () [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-07] (Intel Corporation) R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [100352 2011-10-08] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [216064 2011-10-08] (Renesas Electronics Corporation) S3 BS2163991258; \??\C:\Users\Troy\AppData\Local\Temp\Low\NTFS.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-09 20:21 - 2015-10-09 20:36 - 00024427 _____ C:\Users\Troy\Desktop\FRST.txt 2015-10-09 20:21 - 2015-10-09 20:21 - 02194944 _____ (Farbar) C:\Users\Troy\Desktop\FRST64.exe 2015-10-09 20:07 - 2015-10-09 20:07 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Troy\Desktop\uSeRiNiT.exe 2015-10-09 20:01 - 2015-10-09 20:01 - 00281544 _____ C:\windows\Minidump\100915-5662-01.dmp 2015-10-09 18:32 - 2015-10-09 18:32 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Troy\Desktop\mbam-setup-2.1.8.1057.exe 2015-10-09 18:25 - 2015-10-09 18:30 - 00000000 ____D C:\Program Files (x86)\Panda Security 2015-10-09 18:23 - 2015-10-09 18:28 - 00000000 ____D C:\ProgramData\Panda Security 2015-10-09 16:54 - 2015-10-09 20:36 - 00000000 ____D C:\FRST 2015-10-09 16:39 - 2015-10-09 16:39 - 06383209 _____ C:\Users\Troy\Downloads\mbam-chameleon-3.1.25.0.zip 2015-10-09 10:44 - 2015-10-09 10:44 - 00000000 ____D C:\Users\Troy\AppData\Local\{8DB56C01-94B1-458C-AEAA-E2D38C5DA69E} 2015-10-08 15:23 - 2015-10-08 15:23 - 00000000 ____D C:\Users\Troy\AppData\Local\{4CA10027-92D2-4780-96B8-04DD2BA06B9E} 2015-10-08 15:22 - 2015-10-08 15:22 - 00000000 ____D C:\Users\Troy\AppData\Local\{409AACD4-7F2C-46D0-ADF3-D3182536AF3E} 2015-10-07 21:28 - 2015-10-09 16:41 - 00000000 ____D C:\Users\Troy\Desktop\Freyssinet Decks Parts 2015-10-06 11:48 - 2015-10-06 11:48 - 00000000 ____D C:\Users\Troy\AppData\Local\{94C7891B-9259-4456-9DB5-203C41C8BC71} 2015-10-06 09:33 - 2015-10-06 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-10-02 14:39 - 2015-10-02 14:39 - 00000000 ____D C:\Users\Troy\AppData\Local\{E6112704-5744-4E56-BD3E-9D0DABF1CF27} 2015-10-02 13:51 - 2015-08-26 18:37 - 134753440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2015-10-01 12:53 - 2015-10-01 12:53 - 00000201 ____H C:\Users\Troy\Desktop\Drawing3.dwl2 2015-10-01 12:53 - 2015-10-01 12:53 - 00000051 ____H C:\Users\Troy\Desktop\Drawing3.dwl 2015-10-01 08:40 - 2015-10-07 14:13 - 00753294 _____ C:\Users\Troy\Desktop\Koombana Fishing Platform.dwg 2015-10-01 08:40 - 2015-10-01 08:40 - 00719335 _____ C:\Users\Troy\Desktop\Koombana Fishing Platform1.dwg 2015-09-30 15:20 - 2015-09-30 15:20 - 00000000 ____D C:\Users\Troy\AppData\Local\{B61A5DFF-CB1C-4403-A961-4060491B0F98} 2015-09-30 12:02 - 2015-09-30 12:02 - 00000000 ____D C:\Users\Troy\AppData\Local\{7A43FFB4-4740-41A9-9792-0F20201EB526} 2015-09-30 12:01 - 2015-09-30 12:01 - 00000000 ____D C:\Users\Troy\AppData\Local\{0FDF2E10-F81C-4639-A033-3E34D1F5F022} 2015-09-30 12:00 - 2015-09-30 12:00 - 00000000 ____D C:\Users\Troy\AppData\Local\{7BBF3483-EA0C-4AAD-B50E-C255D4688AAD} 2015-09-29 14:05 - 2015-10-08 09:32 - 00022308 _____ C:\windows\system32\CFG2163991258 2015-09-29 13:48 - 2015-09-29 13:48 - 00262144 _____ C:\windows\Minidump\092915-9937-01.dmp 2015-09-29 13:47 - 2015-09-29 13:47 - 00000469 _____ C:\Users\Troy\AppData\LocalLow\536985003.tmp 2015-09-29 13:46 - 2015-09-29 13:46 - 00000394 _____ C:\Users\Troy\AppData\LocalLow\536959809.tmp 2015-09-29 13:46 - 2015-09-29 13:46 - 00000384 _____ C:\Users\Troy\AppData\LocalLow\536930730.tmp 2015-09-29 13:45 - 2015-10-09 20:02 - 00000399 _____ C:\Users\Troy\AppData\LocalLow\L2163991258 2015-09-29 13:45 - 2015-09-29 13:45 - 00006651 _____ C:\Users\Troy\AppData\LocalLow\536903539.tmp 2015-09-29 13:45 - 2015-09-29 13:45 - 00000342 _____ C:\Users\Troy\AppData\LocalLow\536905723.tmp 2015-09-29 13:45 - 2015-09-29 13:45 - 00000028 _____ C:\Users\Troy\AppData\LocalLow\536877784.tmp 2015-09-24 12:07 - 2015-09-24 12:07 - 00000000 ____D C:\Users\Troy\AppData\Local\{3B56612F-887B-4252-866B-EAB9FA2EA95D} 2015-09-23 13:13 - 2015-09-23 13:13 - 00000000 ____D C:\Users\Troy\AppData\Local\{9D1B9880-3993-4DE8-A244-74EB2D6D6696} 2015-09-22 13:34 - 2015-09-22 15:42 - 00009105 _____ C:\Users\Troy\Desktop\Nutrition.xlsx 2015-09-22 13:18 - 2015-10-07 09:41 - 00020946 _____ C:\Users\Troy\Desktop\SALES TRACKING SHEET - Troy Beros.xlsx 2015-09-21 19:22 - 2015-09-29 13:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-09-17 09:21 - 2015-09-17 09:21 - 00000000 ____D C:\Users\Troy\AppData\Local\{42A67656-AEFC-43D3-963C-C3D35532E513} 2015-09-15 10:45 - 2015-09-15 10:45 - 00000000 ____D C:\Users\Troy\AppData\Local\{F4888B6C-20A3-4574-A2C3-8A14A32EE26C} 2015-09-15 10:44 - 2015-09-15 10:44 - 00000000 ____D C:\Users\Troy\AppData\Local\{794D1E68-17D8-4AAD-8E8F-7EC215301643} 2015-09-09 23:47 - 2015-09-09 23:53 - 00000000 ____D C:\Users\Troy\Desktop\For Teakle Composites ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-09 20:36 - 2013-03-23 23:38 - 00000000 ____D C:\Users\Troy\AppData\Roaming\uTorrent 2015-10-09 20:26 - 2015-07-15 09:48 - 00000904 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job 2015-10-09 20:12 - 2013-07-16 23:23 - 11183616 ___SH C:\Users\Troy\Desktop\Thumbs.db 2015-10-09 20:11 - 2015-06-24 13:37 - 00004950 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Troy-PC-Troy Troy-PC 2015-10-09 20:08 - 2009-07-14 14:45 - 00021216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-10-09 20:08 - 2009-07-14 14:45 - 00021216 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-10-09 20:06 - 2009-07-14 15:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI 2015-10-09 20:04 - 2012-05-23 09:12 - 01973967 _____ C:\windows\WindowsUpdate.log 2015-10-09 20:01 - 2015-07-15 09:48 - 00000900 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job 2015-10-09 20:01 - 2014-02-19 18:58 - 00000000 ____D C:\windows\Minidump 2015-10-09 20:01 - 2013-07-17 18:29 - 00000000 ___RD C:\Users\Troy\Dropbox 2015-10-09 20:01 - 2013-07-17 18:26 - 00000000 ____D C:\Users\Troy\AppData\Roaming\Dropbox 2015-10-09 20:01 - 2012-05-23 09:10 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2015-10-09 20:01 - 2009-07-14 15:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-10-09 20:01 - 2009-07-14 14:51 - 00144061 _____ C:\windows\setupact.log 2015-10-09 18:33 - 2013-03-23 23:57 - 00000000 ____D C:\Program Files\KMSpico 2015-10-09 18:31 - 2013-03-22 21:30 - 00269904 _____ C:\Users\Troy\AppData\Local\GDIPFONTCACHEV1.DAT 2015-10-09 18:31 - 2009-07-14 14:45 - 05367568 _____ C:\windows\system32\FNTCACHE.DAT 2015-10-09 18:30 - 2010-11-21 13:47 - 00772128 _____ C:\windows\PFRO.log 2015-10-09 16:41 - 2015-06-02 01:32 - 00000000 ____D C:\Users\Troy\Desktop\CE 2015-10-09 16:41 - 2013-12-15 20:34 - 00000000 ____D C:\Users\Troy\Desktop\SEAGRATE 2015-10-09 16:41 - 2013-12-01 22:32 - 00000000 ____D C:\Users\Troy\Documents\Outlook Files 2015-10-09 16:29 - 2015-08-20 22:38 - 00013245 _____ C:\windows\BRRBCOM.INI 2015-10-09 12:52 - 2012-05-23 09:10 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2015-10-07 19:34 - 2013-12-13 05:43 - 00000000 ____D C:\Users\Troy\AppData\Local\cache 2015-10-07 13:58 - 2013-03-24 16:43 - 00000060 _____ C:\windows\wpd99.drv 2015-10-06 09:33 - 2015-07-15 09:48 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-10-01 19:29 - 2013-03-24 16:43 - 00000000 ____D C:\ProgramData\pdf995 2015-10-01 15:41 - 2015-08-03 21:45 - 00000000 ___RD C:\Users\Troy\OneDrive - Compe 1 2015-09-30 11:59 - 2015-07-10 17:26 - 00000000 ____D C:\Users\Troy\Desktop\M5 2015-09-30 09:51 - 2014-04-01 21:44 - 00000000 ____D C:\Users\Troy\Desktop\Ralt RT23 2015-09-30 09:51 - 2013-12-05 04:06 - 00000000 ____D C:\Users\Troy\Desktop\Hawaii and other 2015-09-30 06:15 - 2015-06-21 21:31 - 00011076 _____ C:\Users\Troy\Desktop\Australian Pultrusion Payments for Composite Engineering Parity.xlsx 2015-09-29 13:48 - 2014-09-15 05:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-09-23 20:49 - 2015-01-11 19:16 - 00000000 ____D C:\Users\Troy\Desktop\To be sold 2015-09-23 09:13 - 2015-07-24 13:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak 2015-09-22 16:16 - 2013-09-27 21:36 - 00000000 ____D C:\Users\Troy\Documents\My Received Files 2015-09-21 15:23 - 2013-03-25 20:56 - 00000000 ____D C:\Users\Troy\Desktop\Rawson Surfboards Australia 2015-09-21 15:03 - 2009-07-14 13:20 - 00000000 ____D C:\windows\system32\NDF 2015-09-17 08:49 - 2014-03-01 11:50 - 00000000 ____D C:\Users\Troy\AppData\Local\Windows Live 2015-09-15 10:21 - 2015-07-14 09:51 - 00000000 ____D C:\Users\Troy\Desktop\Content for Website TEMP landing page ==================== Files in the root of some directories ======= 2014-03-26 12:08 - 2014-03-26 20:57 - 0000132 _____ () C:\Users\Troy\AppData\Roaming\Adobe BMP Format CS6 Prefs 2013-11-02 22:20 - 2013-11-02 22:26 - 0000132 _____ () C:\Users\Troy\AppData\Roaming\Adobe PNG Format CS6 Prefs 2012-05-23 09:34 - 2011-03-01 18:05 - 0454656 _____ () C:\Users\Troy\AppData\Roaming\BackUp2163991258.exe 2015-06-01 07:30 - 2015-07-05 23:47 - 0006258 _____ () C:\Users\Troy\AppData\Roaming\Comma Separated Values.EML 2014-12-16 11:10 - 2014-12-16 11:10 - 0361984 ____T () C:\ProgramData\9C301A06F.zot 2013-12-13 05:20 - 2013-12-13 05:20 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some files in TEMP: ==================== C:\Users\Troy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd1n5b8.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-10-01 09:16 ==================== End of FRST.txt ============================
  3. Hi, Thanks for the reply. I've attached both FRST and ADDITION logs to this post (I thought I read somewhere you don't like copy and pasting logs to posts? FRST.txt Addition.txt
  4. Hi, I've tried at least 5 or 6 different malware removal tools, but can't get any to run. I tried Chameleon, but all 13 options just came up with 'Tested' and a tick, but no box. I have run FARBAR RECOVERY SCAN TOOL, and have 2 sets of scan results (FRST and ADDITION). I've tried running all the various malware removal tools in Safe Mode with no success (including Chameleon) I'd appreciate any help you can offer.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.