Jump to content

sleepyguy22

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

 Content Type 

Posts posted by sleepyguy22

    malwareytes won't install; browsers won't connect

    in Resolved Malware Removal Logs

    Posted

    I've been doing desktop support for 10 years... I've never seen one like this.

    Chrome, firefox, thunderbird, and other internet apps won't connect. (DNS error.)  IE 32 bit loads then crashes. Symantec cannot open. Windows Defender runs a clean quick scan. Malware bytes install returns "runtime error at (92:100); Could not call proc." AdwCleaner runs clean. Zoek dissapears after downloading. I'm happy to try any steps again. Winscp returns "unable to initialise WinSock"

    The only thing that works as expected is IE 64 bit - this is the only way I am able to connect.

     

    Upload of FRST.txt and Additions.txt both fail. Appologies for the wall of text, I must paste!

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-11-2016 01
    Ran by econsa (administrator) on ECON-53PL4V1 (22-11-2016 16:31:43)
    Running from C:\Users\econsa\Downloads
    Loaded Profiles: econsa (Available Profiles: econsa & mw2230)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Iron Mountain Incorporated) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
    (UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
    (Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_23_0_0_207_ActiveX.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe


    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2010-10-04] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exe
    HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-01-27] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2012-01-19] (Intel Corporation)
    HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [AgentUiRunKey] => C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe [239104 2010-09-08] (Iron Mountain Incorporated)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    Startup: C:\Users\mw2230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-11-10]
    ShortcutTarget: Dropbox.lnk -> C:\Users\econsa\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
    Startup: C:\Users\mw2230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-01-21]
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 128.59.1.4 128.59.1.3
    Tcpip\..\Interfaces\{ABD8CE4C-3E58-4B2D-AC2E-63D258112377}: [DhcpNameServer] 128.59.1.4 128.59.1.3

    Internet Explorer:
    ==================
    HKU\S-1-5-21-749059332-1400100359-1105022304-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-749059332-1400100359-1105022304-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {E6387D5E-5882-49F9-928D-D5004A25BE8A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {E6387D5E-5882-49F9-928D-D5004A25BE8A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-749059332-1400100359-1105022304-1000 -> DefaultScope {E6387D5E-5882-49F9-928D-D5004A25BE8A} URL =
    BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll => No File
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
    BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll => No File
    BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\bin\IPS\IPSBHO.DLL [2014-09-12] (Symantec Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-12] (Oracle Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-12] (Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
    Toolbar: HKU\S-1-5-21-749059332-1400100359-1105022304-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://mckinseylearning.webex.com/client/WBXclient-T29L10NSP6-58/training/ieatgpc1.cab
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File

    FireFox:
    ========
    FF DefaultProfile: xkijo1ql.default
    FF ProfilePath: C:\Users\econsa\AppData\Roaming\Mozilla\Firefox\Profiles\xkijo1ql.default [2016-11-22]
    FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension => not found
    FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-06-25] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2011-09-28] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2011-09-28] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-12] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-08-12] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR Profile: C:\Users\econsa\AppData\Local\Google\Chrome\User Data\Default [2016-11-22]
    CHR Extension: (Docs) - C:\Users\econsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-22]
    CHR Extension: (Google Drive) - C:\Users\econsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-22]
    CHR Extension: (YouTube) - C:\Users\econsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-22]
    CHR Extension: (Gmail) - C:\Users\econsa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-22]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AgentService; C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [7595424 2010-09-08] (Iron Mountain Incorporated)
    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-06-21] (Macrovision Europe Ltd.) [File not signed]
    S2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe [144496 2014-09-12] (Symantec Corporation)
    S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe [394592 2014-09-12] (Symantec Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\BASHDefs\20161116.005\BHDrvx64.sys [1854712 2016-08-18] (Symantec Corporation)
    R1 ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\ccSetx64.sys [162392 2014-09-12] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-10-04] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-10-04] (Symantec Corporation)
    R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\IPSDefs\20161118.011\IDSvia64.sys [1012952 2016-11-01] (Symantec Corporation)
    R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1980648 2010-10-04] (Realtek Semiconductor Corp.)
    R2 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2010-09-08] ()
    R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20161118.009\ENG64.SYS [138456 2016-05-16] (Symantec Corporation)
    R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Data\Definitions\VirusDefs\20161118.009\EX64.SYS [2148056 2016-05-16] (Symantec Corporation)
    R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSP64.SYS [880856 2014-09-12] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SRTSPX64.SYS [37592 2014-09-12] (Symantec Corporation)
    S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\SyDvCtrl64.sys [36952 2014-09-12] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0500010.01F\symefasi.sys [1611992 2015-03-04] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-03-04] (Symantec Corporation)
    R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\Ironx64.SYS [266968 2014-09-12] (Symantec Corporation)
    R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0114D9\1388.105\x64\SYMNETS.SYS [593112 2014-09-12] (Symantec Corporation)
    R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [159552 2015-03-04] (Symantec Corporation)
    R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [107504 2014-09-12] (Symantec Corporation)
    U5 TsUsbGD; C:\Windows\System32\Drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-22 16:31 - 2016-11-22 16:31 - 02412544 _____ (Farbar) C:\Users\econsa\Downloads\FRST64.exe
    2016-11-22 16:31 - 2016-11-22 16:31 - 00017362 _____ C:\Users\econsa\Downloads\FRST.txt
    2016-11-22 16:24 - 2016-11-22 16:30 - 00000000 ____D C:\Users\econsa\AppData\LocalLow\Mozilla
    2016-11-22 16:24 - 2016-11-22 16:25 - 00000000 ____D C:\Users\econsa\AppData\Roaming\Skype
    2016-11-22 16:24 - 2016-11-22 16:24 - 00000000 ____D C:\Users\econsa\AppData\Roaming\Mozilla
    2016-11-22 16:24 - 2016-11-22 16:24 - 00000000 ____D C:\Users\econsa\AppData\Local\Mozilla
    2016-11-22 16:18 - 2016-11-22 16:31 - 00000000 ____D C:\FRST
    2016-11-22 16:12 - 2016-11-22 16:12 - 04335672 _____ C:\Users\econsa\Downloads\zoek.rar
    2016-11-22 16:11 - 2016-11-22 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2016-11-22 16:11 - 2016-11-22 16:11 - 00000000 ____D C:\Program Files (x86)\7-Zip
    2016-11-22 16:09 - 2016-11-22 16:10 - 00000083 _____ C:\Users\econsa\Desktop\New Text Document.txt
    2016-11-22 16:08 - 2016-11-22 16:09 - 00000000 ____D C:\Users\econsa\Downloads\zoek
    2016-11-22 16:08 - 2016-11-22 16:08 - 04186040 _____ C:\Users\econsa\Downloads\zoek.zip
    2016-11-22 16:06 - 2016-11-22 15:39 - 22851472 _____ (Malwarebytes ) C:\Users\econsa\Desktop\mbam-setup-2.2.1.1043.exe
    2016-11-22 15:45 - 2016-11-22 15:45 - 00000000 ____D C:\Users\econsa\AppData\Local\Google
    2016-11-22 15:42 - 2016-11-22 16:11 - 00000000 ____D C:\AdwCleaner
    2016-11-22 15:41 - 2016-11-22 15:41 - 03910208 _____ C:\Users\mw2230\Desktop\AdwCleaner.exe
    2016-11-22 15:41 - 2016-11-22 15:41 - 03910208 _____ C:\Users\econsa\Desktop\AdwCleaner.exe
    2016-11-22 15:38 - 2016-11-22 15:39 - 22851472 _____ (Malwarebytes ) C:\Users\mw2230\Downloads\mbam-setup-2.2.1.1043.exe
    2016-11-22 15:38 - 2016-11-22 15:38 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-11-22 15:38 - 2016-11-22 15:38 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-11-22 15:38 - 2016-11-22 15:38 - 00000000 ____D C:\Users\mw2230\AppData\LocalLow\Mozilla
    2016-11-22 15:38 - 2016-11-22 15:38 - 00000000 ____D C:\Users\mw2230\AppData\Local\Mozilla
    2016-11-22 15:38 - 2016-11-22 15:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-11-22 13:09 - 2016-11-22 13:09 - 00000000 __SHD C:\found.001
    2016-11-10 15:53 - 2016-11-10 15:53 - 00000000 ____D C:\Users\mw2230\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-11-10 01:15 - 2016-10-07 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-11-10 01:15 - 2016-10-07 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-11-10 01:15 - 2016-10-07 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-11-10 01:15 - 2016-10-07 10:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-11-09 14:47 - 2016-11-09 14:47 - 02675419 _____ C:\Users\mw2230\Documents\KSW_1116.pdf
    2016-11-01 11:02 - 2016-11-01 11:02 - 00703741 _____ C:\Users\mw2230\Downloads\Statement_Oct 2016.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-11-22 16:31 - 2012-06-09 01:26 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-11-22 16:24 - 2016-03-10 11:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2016-11-22 16:24 - 2015-07-02 10:37 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
    2016-11-22 16:24 - 2015-07-02 10:37 - 00000000 ____D C:\ProgramData\Skype
    2016-11-22 16:22 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-11-22 16:22 - 2009-07-13 23:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-11-22 16:03 - 2009-07-14 00:13 - 00798526 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-11-22 16:03 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2016-11-22 16:00 - 2012-09-10 14:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-11-22 15:57 - 2012-09-10 14:48 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-11-22 15:57 - 2012-06-21 12:59 - 00000548 _____ C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job
    2016-11-22 15:56 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-11-22 15:45 - 2012-10-15 10:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-11-22 15:45 - 2012-06-21 12:13 - 00109968 _____ C:\Users\econsa\AppData\Local\GDIPFONTCACHEV1.DAT
    2016-11-22 15:39 - 2015-06-30 14:22 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-749059332-1400100359-1105022304-1001UA.job
    2016-11-22 15:38 - 2012-06-21 15:00 - 00000000 ____D C:\Users\mw2230\AppData\Roaming\Mozilla
    2016-11-22 13:39 - 2015-06-30 14:22 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-749059332-1400100359-1105022304-1001Core.job
    2016-11-22 13:18 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
    2016-11-18 17:29 - 2012-06-21 13:39 - 00000000 ____D C:\ProgramData\Symantec
    2016-11-18 11:01 - 2012-09-10 14:49 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-11-18 11:01 - 2012-09-10 14:49 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-11-18 10:43 - 2015-07-02 10:37 - 00000000 ____D C:\Users\mw2230\AppData\Roaming\Skype
    2016-11-18 10:43 - 2012-09-10 13:03 - 00000000 ___RD C:\Users\mw2230\Dropbox
    2016-11-11 17:45 - 2012-06-21 14:54 - 00000000 ____D C:\Users\mw2230\AppData\Roaming\WinEdt
    2016-11-10 15:53 - 2012-09-10 13:01 - 00000000 ____D C:\Users\mw2230\AppData\Roaming\Dropbox
    2016-11-10 04:11 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2016-11-10 03:06 - 2013-08-14 02:03 - 00000000 ____D C:\Windows\system32\MRT
    2016-11-10 03:01 - 2012-06-21 12:32 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-11-09 13:34 - 2015-06-30 14:22 - 00003894 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-749059332-1400100359-1105022304-1001UA
    2016-11-09 13:34 - 2015-06-30 14:22 - 00003498 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-749059332-1400100359-1105022304-1001Core
    2016-11-09 13:31 - 2012-06-09 01:26 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-11-09 13:31 - 2012-06-09 01:26 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-11-09 13:31 - 2012-06-09 01:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-11-09 13:31 - 2012-06-09 01:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-11-09 13:31 - 2012-06-09 01:26 - 00000000 ____D C:\Windows\system32\Macromed
    2016-10-26 16:29 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======

    2012-06-21 13:32 - 2012-06-21 13:32 - 0000600 _____ () C:\Users\econsa\AppData\Roaming\winscp.rnd

    Some files in TEMP:
    ====================
    C:\Users\mw2230\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnhzmqr.dll
    C:\Users\mw2230\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
    C:\Users\mw2230\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
    C:\Users\mw2230\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
    C:\Users\mw2230\AppData\Local\Temp\libeay32.dll
    C:\Users\mw2230\AppData\Local\Temp\mssinstaller.exe
    C:\Users\mw2230\AppData\Local\Temp\msvcr120.dll
    C:\Users\mw2230\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\mw2230\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-11-18 11:13

    ==================== End of FRST.txt ============================

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
    Ran by econsa (22-11-2016 16:31:59)
    Running from C:\Users\econsa\Downloads
    Windows 7 Professional Service Pack 1 (X64) (2012-06-21 17:13:04)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-749059332-1400100359-1105022304-500 - Administrator - Disabled)
    econsa (S-1-5-21-749059332-1400100359-1105022304-1000 - Administrator - Enabled) => C:\Users\econsa
    Guest (S-1-5-21-749059332-1400100359-1105022304-501 - Limited - Disabled)
    mw2230 (S-1-5-21-749059332-1400100359-1105022304-1001 - Administrator - Enabled) => C:\Users\mw2230

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Symantec Endpoint Protection (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    FW: Symantec Endpoint Protection (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
    Adobe Acrobat 9 Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
    Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
    Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
    ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.010.0127.2257 - )
    BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
    ccc-core-static (x32 Version: 2010.0127.2258.41203 - ATI) Hidden
    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
    Connected Backup/PC Agent (HKLM-x32\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.4 - Iron Mountain)
    CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4822 - CyberLink Corp.)
    Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    GPL Ghostscript (HKLM\...\GPL Ghostscript) (Version: 9.02 - Artifex Software Inc.)
    GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Identity Protection Technology 1.2.22.0 (HKLM-x32\...\{387B63A5-5016-1015-B06B-A9A1030E3125}) (Version: 1.2.22.0 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.40.1161 - Intel Corporation)
    Intel(R) Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
    Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    MATLAB R2012a (HKLM\...\Matlab R2012a) (Version: 7.14 - The MathWorks, Inc.)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
    Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0 - Mozilla)
    Mozilla Thunderbird 45.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.4.0 (x86 en-US)) (Version: 45.4.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    PC-CCID (Version: 2.0.0 - Gemalto) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
    Skins (x32 Version: 2010.0127.2258.41203 - ATI) Hidden
    Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
    SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
    Symantec Endpoint Protection (HKLM\...\{A5DCF955-5D4A-471D-8CB3-DCFDF5C5DEE7}) (Version: 12.1.5337.5000 - Symantec Corporation)
    Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
    Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinEdt (HKLM-x32\...\WinEdt_is1) (Version:  - WinEdt Team)
    WinSCP 4.3.8 (HKLM-x32\...\winscp3_is1) (Version: 4.3.8 - Martin Prikryl)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1853A2EB-ABF1-4AB2-B601-66093A242229} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {2425EF2C-2827-40D2-AEAE-D533AA037478} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-749059332-1400100359-1105022304-1001Core => C:\Users\mw2230\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-09] (Dropbox, Inc.)
    Task: {2E948928-A532-4FC4-BCA0-F23FC4A02E31} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-749059332-1400100359-1105022304-1001UA => C:\Users\mw2230\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-09] (Dropbox, Inc.)
    Task: {3AC47D99-B266-4BDD-A442-8F5718B18169} - System32\Tasks\MATLAB R2012a Startup Accelerator => C:\Program Files\MATLAB\R2012a\bin\win64\MATLABStartupAccelerator.exe [2011-12-29] ()
    Task: {41CE73A9-7206-4581-8381-D98DE3BCB049} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-09] (Adobe Systems Incorporated)
    Task: {D4E9D367-4F2B-4B2E-8C10-77133C879BDD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-749059332-1400100359-1105022304-1001Core.job => C:\Users\mw2230\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-749059332-1400100359-1105022304-1001UA.job => C:\Users\mw2230\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\MATLAB R2012a Startup Accelerator.job => C:\Program Files\MATLAB\R2012a\bin\win64\MATLABStartupAccelerator.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2008-12-09 17:02 - 2008-12-09 17:02 - 00016384 ____R () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2012-06-09 01:36 - 2012-06-09 01:36 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2012-06-22 02:06 - 2012-06-22 02:06 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\76632f5376aa57887b9cd7a5662c6d4f\IsdiInterop.ni.dll
    2012-06-09 01:36 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{5A2B9522-769B-49C3-9B8E-C708A1FEF279}.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-749059332-1400100359-1105022304-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\econsa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 128.59.1.4 - 128.59.1.3
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{54279149-9200-47F8-A906-8608BFF68271}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
    FirewallRules: [{A71D90A1-7B68-4E5E-801B-E6119427B3F3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
    FirewallRules: [{CC998E29-B168-418A-BF51-6F12005C5ADB}] => (Allow) LPort=61117
    FirewallRules: [{B4416DA0-D1D5-47E5-8DF0-64078BC8A5F7}] => (Allow) LPort=61116
    FirewallRules: [{41A3FDC9-74FB-44C2-BE47-CF2176D7DB8E}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    FirewallRules: [{CA84A942-B195-4313-9A56-112F3F898882}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    FirewallRules: [{657F6021-A567-433E-AFD2-294EE813C480}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
    FirewallRules: [{CA3C2C02-7FC4-41F6-B3A3-0DA433FB526F}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
    FirewallRules: [{5EF63363-D7A8-4BD4-A549-A5F6584089D4}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    FirewallRules: [{DFF1970C-7DC8-4F61-94B6-C2E3386B2BEE}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    FirewallRules: [{8CEE04DE-0C2D-4341-9481-99CC01E7CE48}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe
    FirewallRules: [{1B4FBBB2-E94D-41D8-9447-018D0F6BF00B}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe
    FirewallRules: [{6AAA9003-E28B-4CF9-9773-461B0F9A3563}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe
    FirewallRules: [{C164F803-D941-412B-A7D8-52857C4F4478}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe
    FirewallRules: [{6DC261B7-1686-4E03-B001-3608AD3091A8}] => (Allow) C:\Users\mw2230\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{DD14D834-88E4-40CD-8CC9-D395EFD4E292}] => (Allow) C:\Users\mw2230\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{9BD60082-04FF-4933-9910-DED598B5BD9C}C:\users\mw2230\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mw2230\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{54DAD09C-724D-4C36-9612-218EC61EFFCD}C:\users\mw2230\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mw2230\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{904ED723-B7E0-4E96-A2E6-8CF8605BDB83}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe
    FirewallRules: [{F9C99F94-3FB0-46B8-8530-8F02AF50C833}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\Smc.exe
    FirewallRules: [{E5FA8BBC-3095-4BB3-A701-478975138BBA}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
    FirewallRules: [{9BF771A8-5B4F-4E14-9E10-222F1ED022CA}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin64\snac64.exe
    FirewallRules: [{B1747A01-F237-4E4A-B931-89F079F97A19}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{0161A643-7499-435B-8FF7-62E05EBF3BAD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{4465D902-38BB-4B7A-8F51-5CFEBED0B5DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5E7F0E53-97E2-4459-B605-754B13840048}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Restore Points =========================

    19-10-2016 02:00:17 Software Distribution Service 3.0
    19-10-2016 11:10:29 Software Distribution Service 3.0
    20-10-2016 02:00:17 Software Distribution Service 3.0
    20-10-2016 05:56:51 Software Distribution Service 3.0
    21-10-2016 00:46:13 Software Distribution Service 3.0
    21-10-2016 02:00:16 Software Distribution Service 3.0
    21-10-2016 18:45:02 Software Distribution Service 3.0
    01-11-2016 10:02:07 Software Distribution Service 3.0
    01-11-2016 18:45:45 Software Distribution Service 3.0
    10-11-2016 01:14:20 Software Distribution Service 3.0
    10-11-2016 03:00:26 Software Distribution Service 3.0
    10-11-2016 20:19:41 Software Distribution Service 3.0
    11-11-2016 03:00:16 Software Distribution Service 3.0
    11-11-2016 15:30:11 Software Distribution Service 3.0
    11-11-2016 17:59:12 Software Distribution Service 3.0
    18-11-2016 10:47:01 Software Distribution Service 3.0
    18-11-2016 19:17:02 Software Distribution Service 3.0
    22-11-2016 13:22:02 Software Distribution Service 3.0
    22-11-2016 15:48:52 Software Distribution Service 3.0

    ==================== Faulty Device Manager Devices =============

    Name: PS/2 Compatible Mouse
    Description: PS/2 Compatible Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/22/2016 04:29:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16737 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1110

    Start Time: 01d2450770c68a6e

    Termination Time: 0

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id: b994f8ec-b0fa-11e6-82f8-5cf9dd703fae

    Error: (11/22/2016 04:29:12 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (11/22/2016 04:29:12 PM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    Error: (11/22/2016 04:25:58 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Skype.exe, version: 7.28.0.101, time stamp: 0x57d6eb55
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319
    Exception code: 0xe0fafac4
    Fault offset: 0x0000b9bc
    Faulting process id: 0x1160
    Faulting application start time: 0x01d2450703b64e8f
    Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
    Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
    Report Id: 4197e39f-b0fa-11e6-82f8-5cf9dd703fae

    Error: (11/22/2016 04:25:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Skype.exe, version: 7.28.0.101, time stamp: 0x57d6eb55
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319
    Exception code: 0xe0fafac4
    Fault offset: 0x0000b9bc
    Faulting process id: 0x1300
    Faulting application start time: 0x01d24506e105763f
    Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
    Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
    Report Id: 1f7e9836-b0fa-11e6-82f8-5cf9dd703fae

    Error: (11/22/2016 04:15:33 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ccSvcHst.exe, version: 12.11.3.11, time stamp: 0x53713b15
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319
    Exception code: 0xc06d007e
    Fault offset: 0x0000b9bc
    Faulting process id: 0xcb8
    Faulting application start time: 0x01d245058f9d964b
    Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
    Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
    Report Id: cd864f71-b0f8-11e6-82f8-5cf9dd703fae

    Error: (11/22/2016 04:09:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 9.0.8112.16737 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: b24

    Start Time: 01d24504b1de4dfa

    Termination Time: 16

    Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

    Report Id: f3b07e96-b0f7-11e6-82f8-5cf9dd703fae

    Error: (11/22/2016 03:58:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (11/22/2016 03:57:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ccSvcHst.exe, version: 12.11.3.11, time stamp: 0x53713b15
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319
    Exception code: 0xc06d007e
    Fault offset: 0x0000b9bc
    Faulting process id: 0xd0c
    Faulting application start time: 0x01d24502f9a0e6d1
    Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
    Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
    Report Id: 3790b479-b0f6-11e6-82f8-5cf9dd703fae

    Error: (11/22/2016 03:57:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ccSvcHst.exe, version: 12.11.3.11, time stamp: 0x53713b15
    Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp: 0x4e211319
    Exception code: 0xc06d007e
    Fault offset: 0x0000b9bc
    Faulting process id: 0xfa0
    Faulting application start time: 0x01d24502f93be35c
    Faulting application path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe
    Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
    Report Id: 3726714e-b0f6-11e6-82f8-5cf9dd703fae


    System errors:
    =============
    Error: (11/22/2016 04:25:01 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Server service terminated with the following error:
    The specified procedure could not be found.

    Error: (11/22/2016 04:15:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Symantec Endpoint Protection service terminated unexpectedly.  It has done this 6 time(s).

    Error: (11/22/2016 04:12:23 PM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume OS.

    Error: (11/22/2016 04:12:23 PM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume OS.

    Error: (11/22/2016 04:12:23 PM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume OS.

    Error: (11/22/2016 04:12:23 PM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume OS.

    Error: (11/22/2016 04:12:23 PM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume OS.

    Error: (11/22/2016 04:00:58 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY)
    Description: 0x8000002a41\??\C:\Windows\System32\config\COMPONENTS

    Error: (11/22/2016 03:59:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The Intel(R) Management and Security Application User Notification Service service depends on the Intel(R) Management and Security Application Local Management Service service which failed to start because of the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (11/22/2016 03:59:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.


    ==================== Memory info ===========================

    Processor: Intel(R) Xeon(R) CPU E31225 @ 3.10GHz
    Percentage of memory in use: 18%
    Total physical RAM: 16341.02 MB
    Available physical RAM: 13252.59 MB
    Total Virtual: 32680.22 MB
    Available Virtual: 29495.05 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:237.7 GB) (Free:41.25 GB) NTFS
    Drive d: (DATAPART1) (Fixed) (Total:465.75 GB) (Free:462.58 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: 80DA3C9A)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=237.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 80DA3CB0)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.