Jump to content

Concerned at Program downloaded onto my laptop - unknown source and purpose


SAFC365

Recommended Posts

Hi, this is my first post here so I hope I'm using the forum correctly.

 

Norton highlighted a newly downloaded program yesterday and said it was safe. I asked to view details and it has no details for its origin or use. Very few people in the Norton Community had the program.

 

I ran Malwarebytes and it found no threats (free version, up to date).

 

The program is named $RXW9EFN.exe

 

Is this something I should be concerned about? How do such programs get downloaded onto my laptop?

 

Thanks in advance.

Link to post
Share on other sites

Hello and welcome to Malwarebytes.org

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!



Let me see those logs in your reply....

Thank you,

Kevin...
 

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/10/2015

Scan Time: 4:03 PM

Logfile: 

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.11.10.05

Rootkit Database: v2015.11.04.02

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: chria

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 459486

Time Elapsed: 1 hr, 45 min, 11 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015

Ran by chria (administrator) on CHRIS-HP (10-11-2015 17:54:16)

Running from C:\Users\chria\Desktop

Loaded Profiles: chria (Available Profiles: chria & DefaultAppPool)

Platform: Windows 10 Home (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

() C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\System32\wscript.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportInjService_x64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe

(Spotify Ltd) C:\Users\chria\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

() C:\Users\chria\AppData\Local\Amazon Music\Amazon Music Helper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe

(Microsoft Corporation) C:\Windows\System32\wuapihost.exe

(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe

(Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602168 2010-06-30] (Hewlett-Packard Company)

HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-10] ()

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Run: [HP Officejet 7500 E910 (NET)] => C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Run: [spotify Web Helper] => C:\Users\chria\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-24] (Spotify Ltd)

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Run: [Amazon Music] => C:\Users\chria\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] ()

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\RunOnce: [uninstall C:\Users\chria\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_18\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\chria\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_18\amd64"

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Policies\system: [DisableLockWorkstation] 0

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Policies\system: [DisableChangePassword] 0

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Policies\Explorer: [NoInstrumentation] 1

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [805888 2015-07-10] (Microsoft Corporation)

ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2010-07-12] (EasyBits Software Corp.)

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)

ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)

ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{6cf43e3d-1f03-446f-a01c-bc6c92c2bf9b}: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{b51a030b-ae15-45fe-a375-688c3cdb6c04}: [DhcpNameServer] 192.168.42.129

Tcpip\..\Interfaces\{df99829b-113d-4298-9058-bfc0fcb660fa}: [DhcpNameServer] 192.168.0.1

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM -> DefaultScope {0D845E2A-B0CA-4ADF-8E75-492717C79DDF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM -> {0D845E2A-B0CA-4ADF-8E75-492717C79DDF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM -> {48D7463C-EE6B-42F2-8885-6B0462E0FFB7} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM -> {D301F133-3F70-4E3B-8D64-67FD7666EB7E} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 

SearchScopes: HKLM-x32 -> {0D845E2A-B0CA-4ADF-8E75-492717C79DDF} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

SearchScopes: HKLM-x32 -> {48D7463C-EE6B-42F2-8885-6B0462E0FFB7} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

SearchScopes: HKLM-x32 -> {D301F133-3F70-4E3B-8D64-67FD7666EB7E} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

SearchScopes: HKU\S-1-5-21-3947331719-1870262477-1151247576-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-21-3947331719-1870262477-1151247576-1001 -> {D301F133-3F70-4E3B-8D64-67FD7666EB7E} URL = 

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-12-04] (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-12-04] (Oracle Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\chria\AppData\Roaming\Mozilla\Firefox\Profiles\7vdwtha8.default

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] ()

FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-12-04] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-12-04] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2011-07-26] (GARMIN Corp.)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-29] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-29] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-29] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-29] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-29] (Apple Inc.)

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-22] [not signed]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [not signed]

FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon

FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon [2015-11-10] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\coFFAddon

 

Chrome: 

=======

CHR Profile: C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]

CHR Extension: (Google Docs) - C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]

CHR Extension: (Google Drive) - C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (Rapport) - C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-07-01]

CHR Extension: (YouTube) - C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

CHR Extension: (Adblock Plus) - C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-24]

CHR Extension: (Google Search) - C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]

CHR Extension: (Google Sheets) - C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]

CHR Extension: (Google Docs Offline) - C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-22]

CHR Extension: (Norton Identity Safe) - C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-12]

CHR Extension: (Chrome Web Store Payments) - C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]

CHR Extension: (Gmail) - C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]

CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-02]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-02]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-06-30] ()

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-05] (Microsoft Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\NIS.exe [282016 2015-09-24] (Symantec Corporation)

R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

R2 OneSyncSvc_Session20; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)

R2 OneSyncSvc_Session20; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)

U2 OneSyncSvc_Session21; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)

U2 OneSyncSvc_Session21; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)

S3 PimIndexMaintenanceSvc_Session20; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)

S3 PimIndexMaintenanceSvc_Session20; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)

U3 PimIndexMaintenanceSvc_Session21; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)

U3 PimIndexMaintenanceSvc_Session21; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-10-18] (IBM Corp.)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-24] (Realtek Semiconductor)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)

S3 UnistoreSvc_Session20; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)

S3 UnistoreSvc_Session20; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)

U3 UnistoreSvc_Session21; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)

U3 UnistoreSvc_Session21; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)

S3 UserDataSvc_Session20; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)

S3 UserDataSvc_Session20; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)

U3 UserDataSvc_Session21; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)

U3 UserDataSvc_Session21; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-05] (Microsoft Corporation)

R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-05] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\BASHDefs\20151102.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605040.018\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-08-27] (Symantec Corporation)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()

R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\IPSDefs\20151107.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-10] (Malwarebytes)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-05] (Microsoft Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20151110.001\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.0.124\Definitions\VirusDefs\20151110.001\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)

R1 RapportCerberus_1507072; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507072.sys [959416 2015-09-21] (IBM Corp.)

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [500184 2015-10-18] (IBM Corp.)

S3 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [139896 2015-10-18] (IBM Corp.)

S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [394584 2015-10-18] (IBM Corp.)

R3 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [489272 2015-10-18] (IBM Corp.)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)

R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605040.018\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)

R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605040.018\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-24] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605040.018\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)

S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)

U3 aswMBR; C:\Users\chria\AppData\Local\Temp\aswMBR.sys [57048 2015-11-10] ()

U3 idsvc; no ImagePath

S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

U3 wpcsvc; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-10 17:54 - 2015-11-10 17:55 - 00028918 _____ C:\Users\chria\Desktop\FRST.txt

2015-11-10 17:54 - 2015-11-10 17:54 - 00000000 ____D C:\FRST

2015-11-10 17:52 - 2015-11-10 17:53 - 02198528 _____ (Farbar) C:\Users\chria\Desktop\FRST64.exe

2015-11-10 17:39 - 2015-11-10 17:39 - 00016148 _____ C:\WINDOWS\system32\CHRIS-HP_chria_HistoryPrediction.bin

2015-11-09 17:31 - 2015-11-09 17:31 - 00000948 _____ C:\Users\chria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk

2015-11-09 17:31 - 2015-11-09 17:31 - 00000900 _____ C:\Users\chria\Desktop\Start Tor Browser.lnk

2015-11-06 08:16 - 2015-11-06 08:41 - 00006590 _____ C:\Users\chria\Downloads\Church - Financial Report as at 31.10.15.ods

2015-10-30 09:57 - 2015-10-27 23:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2015-10-30 09:57 - 2015-10-21 12:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-10-30 09:57 - 2015-10-21 05:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-10-30 09:56 - 2015-10-27 23:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2015-10-30 09:56 - 2015-10-21 12:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll

2015-10-30 09:56 - 2015-10-21 12:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2015-10-30 09:56 - 2015-10-21 12:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2015-10-30 09:56 - 2015-10-21 12:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2015-10-30 09:56 - 2015-10-21 11:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2015-10-30 09:56 - 2015-10-21 11:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll

2015-10-30 09:56 - 2015-10-21 11:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-10-30 09:56 - 2015-10-21 11:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2015-10-30 09:56 - 2015-10-21 11:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2015-10-30 09:56 - 2015-10-21 11:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll

2015-10-30 09:56 - 2015-10-21 11:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll

2015-10-30 09:56 - 2015-10-21 11:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2015-10-30 09:56 - 2015-10-21 05:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2015-10-30 09:56 - 2015-10-21 05:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2015-10-30 09:56 - 2015-10-21 05:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2015-10-30 09:56 - 2015-10-21 05:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2015-10-30 09:56 - 2015-10-21 04:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll

2015-10-30 09:55 - 2015-10-21 12:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys

2015-10-30 09:55 - 2015-10-21 11:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2015-10-30 09:55 - 2015-10-21 11:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2015-10-30 09:55 - 2015-10-21 11:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll

2015-10-30 09:55 - 2015-10-21 11:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2015-10-30 09:55 - 2015-10-21 11:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2015-10-30 09:55 - 2015-10-21 11:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll

2015-10-30 09:55 - 2015-10-21 11:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll

2015-10-30 09:55 - 2015-10-21 05:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll

2015-10-30 09:55 - 2015-10-21 05:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2015-10-30 09:55 - 2015-10-21 05:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll

2015-10-30 09:55 - 2015-10-21 04:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2015-10-30 09:55 - 2015-10-21 04:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll

2015-10-30 09:06 - 2015-10-30 09:07 - 06762072 _____ (Piriform Ltd) C:\Users\chria\Downloads\ccsetup511.exe

2015-10-14 08:24 - 2015-10-14 08:24 - 00000000 ____D C:\WINDOWS\PCHEALTH

2015-10-14 08:11 - 2015-10-06 03:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2015-10-14 08:11 - 2015-10-06 02:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2015-10-14 08:11 - 2015-10-01 04:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-10-14 08:11 - 2015-09-25 04:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

2015-10-14 08:11 - 2015-09-25 03:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2015-10-14 08:11 - 2015-09-25 03:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

2015-10-14 08:11 - 2015-09-25 03:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2015-10-14 08:11 - 2015-09-25 03:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-10-14 08:11 - 2015-09-25 03:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2015-10-14 08:11 - 2015-09-25 03:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2015-10-14 08:11 - 2015-09-25 03:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2015-10-14 08:11 - 2015-09-25 03:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-10-14 08:11 - 2015-09-25 03:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2015-10-14 08:11 - 2015-09-25 03:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll

2015-10-14 08:11 - 2015-09-25 03:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll

2015-10-14 08:11 - 2015-09-25 02:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll

2015-10-14 08:11 - 2015-09-25 02:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2015-10-14 08:11 - 2015-09-25 02:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-10-14 08:11 - 2015-09-25 02:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-10-14 08:11 - 2015-09-25 02:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2015-10-14 08:11 - 2015-09-25 02:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll

2015-10-14 08:11 - 2015-09-25 02:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2015-10-14 08:10 - 2015-10-10 07:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2015-10-14 08:10 - 2015-10-01 04:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2015-10-14 08:10 - 2015-10-01 04:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2015-10-14 08:10 - 2015-10-01 04:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2015-10-14 08:10 - 2015-10-01 04:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2015-10-14 08:10 - 2015-10-01 03:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2015-10-14 08:10 - 2015-09-25 04:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2015-10-14 08:10 - 2015-09-25 03:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2015-10-14 08:10 - 2015-09-25 03:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll

2015-10-14 08:10 - 2015-09-25 03:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll

2015-10-14 08:10 - 2015-09-25 03:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-10-14 08:10 - 2015-09-25 03:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2015-10-14 08:10 - 2015-09-25 03:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-10-14 08:10 - 2015-09-25 03:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2015-10-14 08:10 - 2015-09-25 03:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2015-10-14 08:10 - 2015-09-25 03:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2015-10-14 08:10 - 2015-09-25 03:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll

2015-10-14 08:10 - 2015-09-25 02:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll

2015-10-14 08:10 - 2015-09-25 02:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll

2015-10-14 08:10 - 2015-09-25 02:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll

2015-10-14 08:10 - 2015-09-25 02:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll

2015-10-14 08:10 - 2015-09-25 02:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll

2015-10-14 08:10 - 2015-09-25 02:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll

2015-10-14 08:10 - 2015-09-25 02:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll

2015-10-14 08:10 - 2015-09-25 02:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-10-14 08:10 - 2015-09-25 02:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2015-10-14 08:10 - 2015-09-25 02:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-10-14 08:10 - 2015-09-25 02:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2015-10-14 08:10 - 2015-09-25 02:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2015-10-14 08:10 - 2015-09-25 02:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2015-10-14 08:10 - 2015-09-25 02:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll

2015-10-14 08:10 - 2015-09-25 02:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll

2015-10-14 08:10 - 2015-09-25 02:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll

2015-10-14 08:10 - 2015-09-25 02:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll

2015-10-14 08:10 - 2015-09-25 02:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll

2015-10-14 08:10 - 2015-09-25 02:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll

2015-10-12 12:31 - 2015-10-12 12:31 - 00056146 _____ C:\Users\chria\Downloads\1509 Finance Report.xlsx

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-11-10 17:37 - 2015-10-02 20:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security

2015-11-10 17:15 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\sru

2015-11-10 16:03 - 2014-04-04 08:39 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-11-10 09:15 - 2011-05-09 14:44 - 00000000 ____D C:\Users\chria\AppData\Local\CrashDumps

2015-11-10 08:59 - 2013-06-19 09:56 - 04745728 _____ (AVAST Software) C:\Users\chria\Desktop\aswMBR.exe

2015-11-10 07:37 - 2015-07-10 09:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

2015-11-09 17:55 - 2014-11-23 13:49 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit

2015-11-09 12:38 - 2015-10-05 13:54 - 00000000 ____D C:\Users\chria\Documents\Job applications

2015-11-09 12:32 - 2012-06-18 17:35 - 00000000 ____D C:\Users\chria\Documents\ACE trustees minutes and papers

2015-11-09 12:32 - 2012-06-18 17:35 - 00000000 ____D C:\Users\chria\Documents\ACE minutes and papers

2015-11-09 12:12 - 2013-04-22 10:47 - 00000000 ____D C:\Users\chria\AppData\Roaming\HpUpdate

2015-11-07 12:09 - 2014-05-02 08:52 - 00002085 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk

2015-11-07 12:00 - 2014-06-19 19:20 - 00000000 ____D C:\Users\chria\Documents\St James PCC

2015-11-06 16:26 - 2014-10-30 11:02 - 00000000 ____D C:\Users\chria\Documents\bike insurance

2015-11-06 09:09 - 2011-08-06 18:39 - 00000000 ____D C:\Users\chria\AppData\Roaming\SoftGrid Client

2015-11-04 09:20 - 2014-04-30 06:22 - 00000000 ____D C:\Users\chria\Documents\St James future

2015-11-02 11:58 - 2012-05-16 18:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-11-02 11:57 - 2013-09-14 08:34 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-11-02 11:25 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-11-02 11:20 - 2013-09-14 08:34 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-31 12:23 - 2015-08-04 17:05 - 01006528 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-10-31 12:18 - 2013-08-23 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

2015-10-31 12:14 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-10-31 12:13 - 2015-07-10 09:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2015-10-31 12:10 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser

2015-10-31 12:01 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-10-30 18:08 - 2015-08-09 17:47 - 00000000 ____D C:\Users\chria\AppData\Local\NPE

2015-10-30 09:22 - 2014-12-25 11:37 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2015-10-30 09:10 - 2010-12-29 17:54 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk

2015-10-23 07:46 - 2014-04-04 08:39 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-10-23 07:46 - 2014-04-04 08:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-10-23 07:46 - 2014-04-04 08:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-10-21 09:28 - 2015-08-04 17:07 - 00000000 ____D C:\Users\chria

2015-10-18 15:06 - 2015-06-03 12:58 - 00139896 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys

2015-10-18 15:06 - 2012-02-28 18:10 - 00394584 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys

2015-10-16 09:26 - 2014-01-17 20:59 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-10-16 03:10 - 2015-10-07 08:46 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-10-16 03:10 - 2015-10-07 08:46 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-10-14 08:41 - 2013-07-10 17:45 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-10-14 08:30 - 2012-04-02 19:15 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-10-14 08:30 - 2010-12-29 17:52 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-10-14 08:23 - 2009-07-14 02:34 - 00000478 _____ C:\WINDOWS\win.ini

2015-10-12 12:31 - 2012-08-14 17:18 - 00000000 ____D C:\Users\chria\Documents\ACE Finance report

 

==================== Files in the root of some directories =======

 

2014-05-08 14:07 - 2014-05-08 14:07 - 6103040 _____ () C:\Program Files (x86)\GUT1A35.tmp

2014-11-13 08:26 - 2014-11-13 08:26 - 6000640 _____ () C:\Program Files (x86)\GUTCD8C.tmp

2012-09-24 15:43 - 2012-09-24 15:43 - 0000232 _____ () C:\Users\chria\AppData\Roaming\fixpermissions.bat

2013-06-17 15:12 - 2013-06-21 23:25 - 0000005 _____ () C:\Users\chria\AppData\Roaming\WBPU-TTL.DAT

2013-01-30 15:31 - 2013-03-03 20:17 - 0007168 _____ () C:\Users\chria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2011-10-15 09:18 - 2015-05-22 07:25 - 0007609 _____ () C:\Users\chria\AppData\Local\resmon.resmoncfg

2011-01-05 20:06 - 2011-01-06 19:18 - 0001940 _____ () C:\Users\chria\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

2013-04-22 10:46 - 2013-04-22 10:46 - 0000057 _____ () C:\ProgramData\Ament.ini

2010-08-17 08:47 - 2010-08-17 08:47 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log

2010-07-12 00:34 - 2010-07-12 00:34 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log

2010-08-17 08:47 - 2010-08-17 08:47 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log

2010-07-12 00:27 - 2010-07-12 00:28 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

2010-08-17 08:46 - 2010-08-17 08:46 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log

2010-08-17 08:47 - 2010-08-17 08:47 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log

2010-07-12 00:27 - 2010-07-12 00:27 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

2010-07-12 00:28 - 2010-07-12 00:34 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

2010-08-17 08:47 - 2010-08-17 08:48 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-08-04 19:21

 

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015

Ran by chria (2015-11-10 17:57:12)

Running from C:\Users\chria\Desktop

Windows 10 Home (X64) (2015-08-04 17:53:42)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-3947331719-1870262477-1151247576-500 - Administrator - Disabled)

chria (S-1-5-21-3947331719-1870262477-1151247576-1001 - Administrator - Enabled) => C:\Users\chria

DefaultAccount (S-1-5-21-3947331719-1870262477-1151247576-503 - Limited - Disabled)

Guest (S-1-5-21-3947331719-1870262477-1151247576-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3947331719-1870262477-1151247576-1003 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)

Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)

Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden

Amazon MP3 Downloader 1.0.10 (HKLM-x32\...\Amazon MP3 Downloader) (Version:  - )

Amazon Music (HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)

Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)

Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden

Any Video Converter 5.7.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)

Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)

BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) Hidden

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.1.5122 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2511 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)

Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden

ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden

Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden

Garmin ANT Agent (HKLM\...\{20B0E07B-12EA-4BAB-A3B1-E17D7568EB6F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin (HKLM-x32\...\{8ED02445-D491-414C-A56D-2ED6BBB7239A}) (Version: 3.0.1 - Garmin Ltd or its subsidiaries)

Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)

HP Documentation (HKLM-x32\...\{7C36414C-DC87-4943-A525-BC1717BA17C9}) (Version: 1.1.1.0 - Hewlett-Packard)

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)

HP Officejet 7500 E910 Basic Device Software (HKLM\...\{7CF50183-026B-418D-A26C-A254290BD824}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Officejet 7500 E910 Help (HKLM-x32\...\{24DC9885-E759-4BD2-8A20-D4AC509A7FDE}) (Version: 140.0.93.93 - Hewlett Packard)

HP Officejet 7500 E910 Product Improvement Study (HKLM\...\{CC9F7DAB-5F9B-43B1-882C-1CC2A231EF40}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)

HP Quick Launch (HKLM-x32\...\{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}) (Version: 2.1.5 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)

HP Software Framework (HKLM-x32\...\{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}) (Version: 4.0.39.1 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}) (Version: 5.1.10.7 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)

iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)

Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)

Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)

Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden

LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)

Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version:  - EasyBits Software AS)

Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

MediaImpression 3.1 for PENTAX (HKLM-x32\...\{C0A25D74-1A95-40ED-AA67-E6F21D9C8A38}) (Version: 3.1.1.118 - ArcSoft)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 x64 繁體中文 (HKLM\...\{A423B3FB-C9E6-4953-9A83-2A5F45CAF466}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 繁體中文 (HKLM-x32\...\{0BE37B03-93EF-4B46-A4F3-30ED22569D1A}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft Sync Framework Runtime v1.0 (x64) (HKLM\...\{53D7A054-4598-4947-A159-E8FCC77720AB}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Sync Framework Services v1.0 (x64) (HKLM\...\{32508A23-C9EA-4D29-83CA-97A42A13701E}) (Version: 1.0.1215.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)

Mozilla Firefox 37.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-GB)) (Version: 37.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.2 - Mozilla)

Nike+ Connect (HKLM-x32\...\Nike+ Connect) (Version: 2.0 - Nike)

Nike+ Connect (HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Nike+ Connect) (Version: 2.0 - Nike)

Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.4.24 - Symantec Corporation)

Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)

PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden

Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden

PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)

PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Rapport (Version: 3.5.1205.20 - Trusteer) Hidden

Rapport (x32 Version: 3.5.1507.83 - Trusteer) Hidden

Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Software (HKLM-x32\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.10.0329 - REALTEK Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden

Rosetta Stone Ltd Services (HKLM-x32\...\{2110AF8F-F6E9-4712-A185-1B839C60822E}) (Version: 2.2.1.1 - Rosetta Stone Ltd.)

Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)

RtVOsd (HKLM\...\{091A0130-A82F-4A6D-9C61-3BBBB3289030}) (Version: 1.0.6 - Realtek Semiconductor Corp.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Spotify (HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)

Todoist (HKLM-x32\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.6.4.0 - Doist Ltd.)

Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.83 - Trusteer)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)

Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices  (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== Restore Points =========================

 

21-09-2015 09:48:16 Installed Rapport

05-10-2015 09:26:39 Windows Update

14-10-2015 08:16:35 Windows Update

20-10-2015 14:40:44 Windows Update

31-10-2015 11:54:13 Windows Update

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 02:34 - 2013-06-21 09:50 - 00000027 ____N C:\WINDOWS\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {06A63DE8-8C8D-4418-9BE8-40647CAF5ADD} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\WSCStub.exe [2015-09-24] (Symantec Corporation)

Task: {06A719F1-118E-4E98-BF86-D1ACC78947F2} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe

Task: {0925A72C-ACC4-4247-8AE1-D61138E7E911} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)

Task: {0B5470AD-121C-406A-A5FA-687883B2A012} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {0C9EF4E1-06CB-41CF-98C2-740C8F5AD9B8} - System32\Tasks\{9261A411-D2ED-4A9A-9FD4-F585E4CFE9CE} => pcalua.exe -a "C:\Users\chria\Downloads\Spotify Installer (3).exe" -d C:\Users\chria\Downloads

Task: {0EFE62F6-AF0F-4624-B0D3-6EEEA722D892} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)

Task: {12C2C85B-4AA5-4E24-BFA8-DED2F0F68EC0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {1387C09C-70A4-4AAA-8213-2B7A53FBFB90} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

Task: {16F2AF1E-6198-4996-A40F-C6B97B004267} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {1B8DF39C-BF07-4955-9C1F-86843D891B5D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-18] (Adobe Systems Incorporated)

Task: {278E7EEA-8714-4557-A93B-654D0DD537F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {2B53C828-04E5-4BF4-9A12-619D7DBCC6D2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

Task: {2C73F4E8-2ABD-468C-813F-95A173515C48} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)

Task: {44496BCE-609D-475F-958E-9BF6F6A98562} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe

Task: {487CD85E-DF7A-436F-8340-A568AD5E246A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {54111DFF-D9B5-468C-BC1C-298CAAEFCD8E} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: {5ABAC342-EDC4-4EBD-9BA7-2D9C9143E748} - System32\Tasks\{8A6E5CC6-F3B5-48FB-A4B8-4B2BF597D066} => pcalua.exe -a C:\Users\chria\Downloads\vstor_redist.exe -d C:\Users\chria\Downloads

Task: {5B838E2C-BA14-4E23-B5CC-98A95424F30D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

Task: {6C5D6E6A-BC9B-4CDF-86CE-103BC86AB656} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)

Task: {6C9EB83E-C37B-40F9-B650-CF1E4BC86216} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {6EF3FCD0-B268-48CB-9BDB-72CF265C2985} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {6F6E28F3-6A65-47AC-B6FB-F6F1A77BA685} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-14] (Microsoft Corporation)

Task: {80DF0CBE-CDD5-4252-ADBF-E52EE9B04BD0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)

Task: {81328354-2228-4083-99FB-05D9C1538074} - System32\Tasks\DSite => C:\Users\chria\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION

Task: {82451574-1B2B-4219-A2C0-A02983CB97B9} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

Task: {87B066FF-8977-4C40-AAE7-CCCA84AE42E8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

Task: {8CF53F72-517A-475D-8EC0-D3FC9C781BA1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {8E00E160-88C7-4F4A-8E61-0E94863886A4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {90545BA1-17C7-480E-9E7C-340E0D406821} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {9103465D-3D9F-4B9D-A9FD-8A6050D27C57} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

Task: {930C09E2-B016-4E70-9082-6EAD17D9E185} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {94902AF1-6E50-464D-AEC7-B71F2C594D32} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {9D7884E9-7EC9-4251-8067-55801DA3185A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

Task: {9DFC6306-87F5-43D1-8C45-18E771939133} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {9F669FDE-5141-4C04-B94C-052F22819345} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)

Task: {A810F008-8627-489A-9CFC-B0C89C9A2F13} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)

Task: {A837A03E-F35A-4352-A5F7-AB5DED09A025} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {A98C4649-A77F-4AC3-B68B-03503DA3F209} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()

Task: {A9CC675C-9B5B-4892-AB1E-42EC3D38369F} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)

Task: {ACD81386-CBE4-425E-A8C9-4D126F122303} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe

Task: {AEDB4F1C-4C8F-4624-9D3C-6058194CAE3E} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {C78C9619-B6BE-4F30-8749-425AAEAB051E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {D83A2065-100C-4262-96B2-EB9ED75DB6A1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

Task: {D88F31D6-EE70-464B-B825-1ADC2D9EFBC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-11-15] (Hewlett-Packard Company)

Task: {D9089C90-C276-4677-A440-58123681FA09} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

Task: {DC1E79B6-A04E-40C4-8250-649F9CCB5F0A} - System32\Tasks\HPCustParticipation HP Officejet 7500 E910 => C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

Task: {E6990BC6-E0D9-409F-B11E-25D78DFDF21B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {E990AB22-F605-4FC9-9804-A6E8F30F2E03} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

Task: {EBC2C24C-62D2-451D-A65A-889FCF32088E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

Task: {EDD0FA50-EA7C-48FB-96FB-0F503D4DE684} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {EF1751EB-57E5-4D3E-A0E6-0CF1B7567333} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {EFF9D2B4-7184-4141-B61F-5730FAB14CA2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {F075CD63-7773-49F3-98B3-387C333FDB8A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {F9AB58DF-EF7C-46BA-B0CD-A614D1E1CB69} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe

Task: {FC20022F-E05A-4360-9879-57DA22A8EB1D} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\DSite.job => C:\Users\chria\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-08-05 01:49 - 2015-08-05 01:49 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll

2015-09-21 10:31 - 2015-08-11 09:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll

2010-06-30 02:00 - 2010-06-30 02:00 - 00027192 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

2010-06-18 23:26 - 2010-06-18 23:26 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll

2015-10-02 23:24 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-10-02 23:24 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2015-10-02 23:21 - 2015-09-17 05:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2015-07-10 10:59 - 2015-07-10 10:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll

2015-10-02 23:25 - 2015-09-17 05:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2015-10-02 23:20 - 2015-09-17 05:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2015-10-02 23:20 - 2015-09-17 05:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2015-10-02 23:24 - 2015-09-17 05:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2014-06-14 13:13 - 2015-07-21 05:02 - 05887808 _____ () C:\Users\chria\AppData\Local\Amazon Music\Amazon Music Helper.exe

2015-07-21 17:02 - 2015-07-21 17:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

2010-02-10 01:58 - 2010-02-10 01:58 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

2010-02-10 01:58 - 2010-02-10 01:58 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

2010-02-10 01:58 - 2010-02-10 01:58 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll

2010-02-10 01:58 - 2010-02-10 01:58 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll

2010-02-10 01:58 - 2010-02-10 01:58 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll

2010-02-10 01:58 - 2010-02-10 01:58 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll

2010-02-10 01:58 - 2010-02-10 01:58 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

2010-02-10 01:58 - 2010-02-10 01:58 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll

2015-10-24 09:01 - 2015-10-20 14:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll

2015-10-24 09:01 - 2015-10-20 14:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:07BF512B

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\chria\Documents\Undergraduate Primary Course\LLS340 - Employability Module\portfolio\draft portfolio\happiness values ayn rand quote.jpg

DNS Servers: 192.168.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^Users^chria^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupreg: Amazon Music => "C:\Users\chria\AppData\Local\Amazon Music\Amazon Music Helper.exe"

MSCONFIG\startupreg: ANT Agent => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

MSCONFIG\startupreg: gStart => C:\Program Files (x86)\Garmin\Training Center\gStart.exe

MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

MSCONFIG\startupreg: Nike+ Connect => "C:\Users\chria\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Response Desktop Menu => "C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe"

MSCONFIG\startupreg: ResponseConnectorService => "C:\Program Files (x86)\SMART Technologies\Education Software\response-connector-server\NodeLauncher.exe"

MSCONFIG\startupreg: sbsdk-server => "C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\sbsdk-server\NodeLauncher.exe"

MSCONFIG\startupreg: SMART Board Service => "C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" -d

MSCONFIG\startupreg: SMART Board Tools => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe"

MSCONFIG\startupreg: SMART Floating Tools => "C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\FloatingTools.exe"

MSCONFIG\startupreg: SMART Ink => "C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTInk.exe" -a

MSCONFIG\startupreg: SMART Tray Tools => "C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSystemMenu.exe"

MSCONFIG\startupreg: SMARTClassroomCoordinator.exe => "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe"

MSCONFIG\startupreg: SMARTNotification => "C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTNotification.exe"

MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\chria\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808

FirewallRules: [{0A5C6B92-230D-478B-8B40-5FE38C212B94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{B0C20971-0C3A-4265-B429-704D2C9A10A2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{0637ACB9-C94C-4D44-A5D1-E22B64239351}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{9DE3CE7F-D3CC-47AC-B647-1C3296EB042E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{56252BEF-713A-4FAD-9780-6AF68B0BFE1E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{7381902A-7505-4AD0-8F48-F6CEEA5BBE40}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E60C1A91-EAF3-4AD2-B57C-B93D7D0A20D5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{2E8BC26E-DC24-4499-A26A-AE7A09F18BA4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE

FirewallRules: [uDP Query User{7BA72B70-69EB-4766-A27F-DF923559CF05}C:\users\chria\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\chria\appdata\roaming\acestream\engine\ace_engine.exe

FirewallRules: [TCP Query User{60CB4E51-FD5F-4566-9B0C-6DC50E17598E}C:\users\chria\appdata\roaming\acestream\engine\ace_engine.exe] => (Block) C:\users\chria\appdata\roaming\acestream\engine\ace_engine.exe

FirewallRules: [{84DAFDA3-BA42-4060-B103-3BB9FEB33429}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{EE61D5D7-7A33-4193-AFA5-DDDD3859FBFF}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe

FirewallRules: [{EE3995C3-E3A2-470F-AA2C-4CBF8906108E}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\DeviceSetup.exe

FirewallRules: [{629581E3-D656-4178-BC78-55530587493A}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\SendAFax.exe

FirewallRules: [{EDFA08ED-AA9A-4F12-860F-EE415003769E}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\DigitalWizards.exe

FirewallRules: [{4C144BCF-FDC7-43E1-A6EC-229BD75E02D6}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\FaxApplications.exe

FirewallRules: [uDP Query User{B2F64D8C-AE54-4817-94AA-4951B00DD736}C:\users\chria\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\chria\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{C364BF6D-C3E9-4C9B-949F-132174E6469B}C:\users\chria\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\chria\appdata\roaming\spotify\spotify.exe

FirewallRules: [uDP Query User{AFC89B12-07BA-4832-B81C-4A26F64414DC}C:\users\chria\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\chria\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{9AA08D37-51B4-4BEE-B132-386B79B761EB}C:\users\chria\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\chria\appdata\roaming\spotify\spotify.exe

FirewallRules: [{45ACFC31-C93C-49F9-9054-095A95AFA6D6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{88078227-A536-4690-ACB1-F4AAF4C408BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{E0CB4B7F-2237-4E96-AF17-117237DECD9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{C9EF9563-0A1A-41C2-B551-87618D15D979}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{55BBD3F7-4213-4BCD-ABEB-DB7E1698BE01}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe

FirewallRules: [{299FFF33-B711-43A7-8F58-74EA138A37CA}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe

FirewallRules: [{E27EA7BD-E4F9-4365-B8D7-C355333C78D5}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe

FirewallRules: [{F114653F-984D-4165-84D2-B294C35F6DFA}] => (Allow) C:\Program Files (x86)\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe

FirewallRules: [{1B464109-DD0C-4231-A73B-6603BAE22F5F}] => (Allow) LPort=1900

FirewallRules: [{B488049A-574F-4885-A444-A3FB99302F27}] => (Allow) LPort=2869

FirewallRules: [{D10551E7-FA19-4599-B9E8-CF1C024BDEDC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{384B7DA9-2E31-410C-886A-929E7A532E0F}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\Programs\My First Browser\MyFirstBrowser.exe

FirewallRules: [{E7C365B7-D7C7-4A0B-B580-72297E31841F}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\Programs\My First Browser\MyFirstBrowser.exe

FirewallRules: [{96847A59-CFC2-404F-AE45-560FB2B09D52}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE

FirewallRules: [{DEAD66D4-96CA-488F-AAD0-5C018788660F}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [{AE61EBEE-9DE2-4C0E-B82A-DF4857070465}] => (Allow) svchost.exe

FirewallRules: [{1B3CF6E2-9761-4841-8567-99E55D97AAFE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{E2D5811D-E725-45A1-A75F-DE6EA35AE2D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{72C8CF90-1A49-4E10-9728-89D7EBB4553D}] => (Allow) C:\Users\chria\AppData\Local\Temp\7zS26CB\HPDiagnosticCoreUI.exe

FirewallRules: [{1BD71866-6949-4931-947C-7C3747EBC476}] => (Allow) C:\Users\chria\AppData\Local\Temp\7zS26CB\HPDiagnosticCoreUI.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/10/2015 03:13:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRIS-HP)

Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/10/2015 02:30:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRIS-HP)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/10/2015 01:39:37 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program chrome.exe version 46.0.2490.80 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

 

Process ID: e78

 

Start Time: 01d11bbc9c612350

 

Termination Time: 4294967295

 

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

Report Id: 7b00dab8-87b0-11e5-9bd5-6431505e3ce9

 

Faulting package full name: 

 

Faulting package-relative application ID:

 

Error: (11/10/2015 11:06:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRIS-HP)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/10/2015 09:41:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRIS-HP)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/10/2015 09:12:13 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e

Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c599e1

Exception code: 0xc0000005

Fault offset: 0x0007c48a

Faulting process id: 0x1f28

Faulting application start time: 0xaswMBR.exe0

Faulting application path: aswMBR.exe1

Faulting module path: aswMBR.exe2

Report Id: aswMBR.exe3

Faulting package full name: aswMBR.exe4

Faulting package-relative application ID: aswMBR.exe5

 

Error: (11/10/2015 09:08:19 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: aswMBR.exe, version: 0.9.9.1771, time stamp: 0x5147644e

Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c599e1

Exception code: 0xc0000005

Fault offset: 0x0007c48a

Faulting process id: 0x122c

Faulting application start time: 0xaswMBR.exe0

Faulting application path: aswMBR.exe1

Faulting module path: aswMBR.exe2

Report Id: aswMBR.exe3

Faulting package full name: aswMBR.exe4

Faulting package-relative application ID: aswMBR.exe5

 

Error: (11/10/2015 07:16:25 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.10240.16384, time stamp: 0x559f38cb

Faulting module name: MosHostCore.dll, version: 10.0.10240.16384, time stamp: 0x559f3908

Exception code: 0xc0000005

Fault offset: 0x00000000000096f2

Faulting process id: 0x1124

Faulting application start time: 0xsvchost.exe_MapsBroker0

Faulting application path: svchost.exe_MapsBroker1

Faulting module path: svchost.exe_MapsBroker2

Report Id: svchost.exe_MapsBroker3

Faulting package full name: svchost.exe_MapsBroker4

Faulting package-relative application ID: svchost.exe_MapsBroker5

 

Error: (11/09/2015 10:22:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRIS-HP)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

Error: (11/09/2015 03:32:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CHRIS-HP)

Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

 

 

System errors:

=============

Error: (11/10/2015 05:55:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 

%%1053

 

Error: (11/10/2015 05:50:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 

%%1053

 

Error: (11/10/2015 05:45:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 

%%1053

 

Error: (11/10/2015 05:40:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 

%%1053

 

Error: (11/10/2015 05:35:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 

%%1053

 

Error: (11/10/2015 05:30:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 

%%1053

 

Error: (11/10/2015 05:25:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 

%%1053

 

Error: (11/10/2015 05:20:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 

%%1053

 

Error: (11/10/2015 05:15:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Microsoft Account Sign-in Assistant service failed to start due to the following error: 

%%1053

 

Error: (11/10/2015 05:14:28 PM) (Source: DCOM) (EventID: 10005) (User: CHRIS-HP)

Description: 1053UsoSvcUnavailable{B91D5831-B1BD-4608-8198-D72E155020F7}

 

 

CodeIntegrity:

===================================

  Date: 2015-08-05 16:38:43.229

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-08-05 16:38:43.158

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-08-05 16:38:43.075

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-08-05 16:38:42.925

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-08-05 16:38:42.860

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-08-05 16:38:42.811

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-08-05 16:38:40.128

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-08-05 16:38:39.061

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-08-05 16:25:43.179

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

 

  Date: 2015-08-05 16:25:42.638

  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz

Percentage of memory in use: 60%

Total physical RAM: 3998.91 MB

Available physical RAM: 1567.46 MB

Total Virtual: 8094.91 MB

Available Virtual: 4791.8 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:449.16 GB) (Free:238.19 GB) NTFS ==>[system with boot components (obtained from drive)]

Drive d: (RECOVERY) (Fixed) (Total:16.31 GB) (Free:2.34 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 80F49AF4)

Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=449.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=16.3 GB) - (Type=07 NTFS)

Link to post
Share on other sites

RogueKiller V10.11.5.0 [Nov  9 2015] (Free) by Adlice Software





 

Operating System : Windows 10 (10.0.10240) 64 bits version

Started in : Normal mode

User : chria [Administrator]

Started from : C:\Users\chria\Desktop\RogueKiller.exe

Mode : Scan -- Date : 11/10/2015 18:37:42

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 2 ¤¤¤

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3947331719-1870262477-1151247576-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3947331719-1870262477-1151247576-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 3 ¤¤¤

[PUP][Folder] C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC} -> Found

[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Found

[PUP][Folder] C:\ProgramData\{B3E4AC03-E4D6-4B87-BD2D-22E100E3AE90} -> Found

 

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0:  +++++

--- User ---

[MBR] e9ad51843b741f3cbd4c3da0de069089

[bSP] 08778f2fc16bd2bcbacd9ff6de98387e : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 459938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 942362624 | Size: 16698 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 976560128 | Size: 103 MB

User = LL1 ... OK

User = LL2 ... OK
Link to post
Share on other sites

I do not see the file in question in your logs, do you recall the navigational address of $RXW9EFN.exe

 

I find no information regarding that file, if the file is still available maybe is worthwhile upload to virustotal to be checked out....

 

Continue please;

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

 
Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Next,

 

grayhitmanpro_16px.png Scan with HitmanPro

In any case don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!

Please download HitmanPro by SurfRight and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on grayhitmanpro_16px.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button. You must agree with the terms of EULA (if asked).
  • Check the box beside No, I only want to perform a one-time scan to check this computer.
  • Click on the Next button.
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore.
  • If there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro!



Navigate to C:\ProgramData\HitmanPro\Logs, open the report and include it it your next reply.

  • Click on the Next button.
  • Click on the Save Log button.
  • Save that file to your desktop.



Please include that logfile in your next reply.

Don't forget to re-enable your security software!
 

let me see those logs....

 

Thank you,

 

Kevin....

 

 

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015

Ran by chria (2015-11-10 21:18:39) Run:1

Running from C:\Users\chria\Desktop

Loaded Profiles: chria (Available Profiles: chria & DefaultAppPool)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Start

CloseProcesses:

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Policies\system: [DisableLockWorkstation] 0

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Policies\system: [DisableChangePassword] 0

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\...\Policies\Explorer: [NoInstrumentation] 1

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

U3 aswMBR; C:\Users\chria\AppData\Local\Temp\aswMBR.sys [57048 2015-11-10] ()

U3 idsvc; no ImagePath

S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

U3 wpcsvc; no ImagePath

Task: {12C2C85B-4AA5-4E24-BFA8-DED2F0F68EC0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {278E7EEA-8714-4557-A93B-654D0DD537F5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {6C9EB83E-C37B-40F9-B650-CF1E4BC86216} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {81328354-2228-4083-99FB-05D9C1538074} - System32\Tasks\DSite => C:\Users\chria\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION

C:\Users\chria\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe

Task: {8CF53F72-517A-475D-8EC0-D3FC9C781BA1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {8E00E160-88C7-4F4A-8E61-0E94863886A4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {C78C9619-B6BE-4F30-8749-425AAEAB051E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {E6990BC6-E0D9-409F-B11E-25D78DFDF21B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {EDD0FA50-EA7C-48FB-96FB-0F503D4DE684} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {EF1751EB-57E5-4D3E-A0E6-0CF1B7567333} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {EFF9D2B4-7184-4141-B61F-5730FAB14CA2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {F075CD63-7773-49F3-98B3-387C333FDB8A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: C:\WINDOWS\Tasks\DSite.job => C:\Users\chria\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe <==== ATTENTION

AlternateDataStreams: C:\ProgramData\Temp:07BF512B

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

File: C:\Users\chria\AppData\Roaming\fixpermissions.bat

EmptyTemp:

End

*****************

 

Processes closed successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\EnableShellExecuteHooks => value removed successfully

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value removed successfully

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableChangePassword => value removed successfully

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInstrumentation => value removed successfully

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully

HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully

HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully

HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key removed successfully

HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => key not found. 

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

"HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully

aswMBR => service removed successfully

idsvc => service removed successfully

wfpcapture => service removed successfully

wpcsvc => service removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12C2C85B-4AA5-4E24-BFA8-DED2F0F68EC0}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12C2C85B-4AA5-4E24-BFA8-DED2F0F68EC0}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{278E7EEA-8714-4557-A93B-654D0DD537F5}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{278E7EEA-8714-4557-A93B-654D0DD537F5}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C9EB83E-C37B-40F9-B650-CF1E4BC86216}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C9EB83E-C37B-40F9-B650-CF1E4BC86216}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81328354-2228-4083-99FB-05D9C1538074}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81328354-2228-4083-99FB-05D9C1538074}" => key removed successfully

C:\WINDOWS\System32\Tasks\DSite => moved successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite" => key removed successfully

"C:\Users\chria\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe" => not found.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8CF53F72-517A-475D-8EC0-D3FC9C781BA1}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CF53F72-517A-475D-8EC0-D3FC9C781BA1}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E00E160-88C7-4F4A-8E61-0E94863886A4}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E00E160-88C7-4F4A-8E61-0E94863886A4}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C78C9619-B6BE-4F30-8749-425AAEAB051E}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C78C9619-B6BE-4F30-8749-425AAEAB051E}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E6990BC6-E0D9-409F-B11E-25D78DFDF21B}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6990BC6-E0D9-409F-B11E-25D78DFDF21B}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EDD0FA50-EA7C-48FB-96FB-0F503D4DE684}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDD0FA50-EA7C-48FB-96FB-0F503D4DE684}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF1751EB-57E5-4D3E-A0E6-0CF1B7567333}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF1751EB-57E5-4D3E-A0E6-0CF1B7567333}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EFF9D2B4-7184-4141-B61F-5730FAB14CA2}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFF9D2B4-7184-4141-B61F-5730FAB14CA2}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F075CD63-7773-49F3-98B3-387C333FDB8A}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F075CD63-7773-49F3-98B3-387C333FDB8A}" => key removed successfully

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully

C:\WINDOWS\Tasks\DSite.job => moved successfully

C:\ProgramData\Temp => ":07BF512B" ADS removed successfully.

C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.

 

========================= File: C:\Users\chria\AppData\Roaming\fixpermissions.bat ========================

 

File not signed

MD5: CFB69F7CF636EFD4BFBD848DDCAE0CB3

Creation and modification date: 2012-09-24 15:43 - 2012-09-24 15:43

Size: 0000232

Attributes: ----A

Company Name: 

Internal Name: 

Original Name: 

Product: 

Description: 

File Version: 

Product Version: 

Copyright: 

 

====== End of File: ======

 

EmptyTemp: => 756.6 MB temporary data Removed.

 

 

The system needed a reboot.

 

==== End of Fixlog 21:19:21 ====

Link to post
Share on other sites

# AdwCleaner v5.019 - Logfile created 10/11/2015 at 21:41:47

# Updated 08/11/2015 by Xplode

# Database : 2015-11-09.1 [server]

# Operating system : Windows 10 Home  (x64)

# Username : chria - CHRIS-HP

# Running from : C:\Users\chria\Desktop\AdwCleaner.exe

# Option : Cleaning


 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\_acestream_cache_

[-] Folder Deleted : C:\ProgramData\Registry Helper

[-] Folder Deleted : C:\ProgramData\Driver Manager

[-] Folder Deleted : C:\Users\chria\AppData\Local\apn

[-] Folder Deleted : C:\Users\chria\AppData\LocalLow\.acestream

[-] Folder Deleted : C:\Users\chria\AppData\Roaming\registry mechanic

[-] Folder Deleted : C:\Users\chria\AppData\Roaming\acestream

[-] Folder Deleted : C:\Users\chria\AppData\Roaming\.acestream

[-] Folder Deleted : C:\WINDOWS\SysNative\Store

 

***** [ Files ] *****

 

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

[-] Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\registry helper service

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}

[-] Key Deleted : HKCU\SOFTWARE\Classes\acestream

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

[-] Key Deleted : HKCU\Software\ilivid

[-] Key Deleted : HKCU\Software\YahooPartnerToolbar

[-] Key Deleted : HKLM\SOFTWARE\DriverTuner_Init

[-] Key Deleted : HKLM\SOFTWARE\DriverTuner

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

 

***** [ Web browsers ] *****

 

[-] [C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : kpckgflgdapkpabemgkielbefdildaio

 

*************************

 

:: "Tracing" keys removed

:: Winsock settings cleared

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2470 bytes] ##########

Link to post
Share on other sites

For NIS disable go here: http://www.ehow.com/how_5924675_disable-norton-internet-security.html

 

To find file:

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe     <<-   64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe   <<-  32 bit

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind$RXW9EFN.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.


Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Thanks,

 

Kevin...

Link to post
Share on other sites

The original file in question has gone, so we can discount any issues there...

 

For NIS following is a quote from their website, there should be no need to isolate the firewall...

 

If you need to disable antivirus & or Firewall : Right-click on Norton product icon in tray notification area > Disable Autoprotect & or Disable smart firewall> Choose a time frame for each.

 

Cheers,

 

Kevin..

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.6.4 (09.28.2015:1)

OS: Windows 10 Home x64

Ran by chria on Wed 11/11/2015 at 10:47:55.27

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Tasks

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

Successfully deleted: [File] C:\Program Files (x86)\GUT1A35.tmp

Successfully deleted: [File] C:\Program Files (x86)\GUTCD8C.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\sho1AD3.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\sho2A9D.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\sho38DB.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\sho5086.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\sho54AD.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\sho7ED6.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\sho7FD9.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\sho8CF0.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\sho9089.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\sho95B9.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\sho9CAD.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\shoA851.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\shoDC6A.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\shoDE3D.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\shoDEE4.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\shoE9F2.tmp

Successfully deleted: [File] C:\WINDOWS\SysWOW64\shoF062.tmp

 

 

 

~~~ Folders

 

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{26962138-86B6-4EFB-8912-4A9FD315B626}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{27370FB1-0F33-4E73-A8E6-23297B91892F}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{2E21A621-66E7-4861-A597-77FA47D63CBB}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{384BB2D6-15C4-4313-A88A-E3B7EF24E307}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{3C466165-CA0D-4089-A9D6-E07CA738DBA9}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{611CEA87-BC80-4A64-AEFC-7098F9DA8BF4}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{649AC623-5146-4F50-9D52-21A5EB85942D}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{707F77B5-D3A9-46F4-B447-7269CF452F5D}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{7DBB08A2-49AC-41C6-B84C-C0E26AC5191E}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{83A7AB76-A608-4C84-8B35-9B5A1B824BE9}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{852ACCDF-2D35-4959-A1CA-C6972A9001D2}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{8589AB04-0D1D-4C6F-BCFF-64FAF43001A0}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{967D5FB7-2C9E-422F-AC28-DE4C71BBB2F2}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{9C53A7AA-537B-49B3-9AEF-6EADCA8C5F99}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{A767CEE3-617D-4E1A-A736-78CE63357D73}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{A9AD8885-404A-422A-853F-4A00EB5D5862}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{AD699E14-C45A-45C1-A456-51E8CB2CDEC0}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{B6B58A36-9170-430D-B96E-F5AECC162BE8}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{BCA18E4A-2E6A-400F-8E58-98465D47D6F7}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{BCE8DACD-8DED-4044-B787-7F4BED690995}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{C20819F5-B7A6-48DC-9020-C1E5F569A76A}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{D32DD83E-5597-4F2D-B8E5-88C833F881CF}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{DB8FD599-5702-47FD-BBAC-168507F16EA2}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{DC345672-1B94-4ACA-B292-95846FDC52E3}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{E967B1DD-8BD9-4589-9277-98AE60DE30A9}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{EB822795-FC6F-4E51-934F-C7B4AAA46686}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{EF02A903-B80B-4863-9627-B86F05839AC1}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{EFF2731F-A9DA-4AE7-A9ED-4B59EAFAE463}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{F3B7CF22-D95B-4C1C-A9A0-620A8EFE99A0}

Successfully deleted: [Empty Folder] C:\Users\chria\Appdata\Local\{FF078BAF-C301-4B2B-938B-19E1196E6891}

 

 

 

~~~ Chrome

 

 

[C:\Users\chria\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

 

[C:\Users\chria\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

 

[C:\Users\chria\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

 

[C:\Users\chria\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[]

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 11/11/2015 at 11:04:47.52

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites


HitmanPro 3.7.10.251
www.hitmanpro.com
 
   Computer name . . . . : CHRIS-HP
   Windows . . . . . . . : 10.0.0.10240.X64/2
   User name . . . . . . : CHRIS-HP\chria
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-11-11 13:08:22
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 21m 4s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 10
 
   Objects scanned . . . : 3,225,315
   Files scanned . . . . : 306,116
   Remnants scanned  . . : 1,468,979 files / 1,450,220 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\chria\AppData\Local\Amazon Music\Amazon Music Helper.exe
      Size . . . . . . . : 5,887,808 bytes
      Age  . . . . . . . : 515.0 days (2014-06-14 13:13:29)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : B2DF285CD6A5C646614BBDA3655764DB67CA2F90F8B423484B15D095D70F099D
      RSA Key Size . . . : 2048
      Parent Name  . . . : C:\Windows\explorer.exe
      Authenticode . . . : Self-signed
      Running processes  : 6016
      Fuzzy  . . . . . . : 24.0
         Program is code self-signed.
         This program is actively listening for inbound network connections.
         Uses the Windows Registry to run each time the user logs on.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
      Startup
         HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Amazon Music
      Network Ports
         127.0.0.1:18800
 
   C:\Users\chria\Desktop\FRST64.exe
      Size . . . . . . . : 2,198,528 bytes
      Age  . . . . . . . : 0.8 days (2015-11-10 17:52:39)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6E8BF313C850728328088C2DC10FB5369B9C938F71F58EC7EB8D51374EB1CA51
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\chria\Desktop\FRST64.exe
          1.6s C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.0.124\CmnClnt\ccSubSDK\{A815F22F-193B-4E38-95A2-83C027EABF0E}
 
 
Potential Unwanted Programs _________________________________________________
 
   HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player)
   HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player)
 
Cookies _____________________________________________________________________
 
   C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Cookies:addthis.com
   C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\chria\AppData\Local\Google\Chrome\User Data\Default\Cookies:skimresources.com
 
 

Link to post
Share on other sites

Thanks for the log, continue please:

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Post that log, let me know if you have any remaining issues or concerns...

 

Thank you,

 

Kevin..
 

 

Fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015

Ran by chria (2015-11-11 16:45:21) Run:2

Running from C:\Users\chria\Desktop

Loaded Profiles: chria & DefaultAppPool (Available Profiles: chria & DefaultAppPool)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Start

CloseProcesses

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113}

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe

EmptyTemp:

End

*****************

 

CloseProcesses => Error: No automatic fix found for this entry.

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\SOFTWARE\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} => Error: No automatic fix found for this entry.

HKU\S-1-5-21-3947331719-1870262477-1151247576-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe => Error: No automatic fix found for this entry.

EmptyTemp: => 427.1 MB temporary data Removed.

 

 

The system needed a reboot.

 

==== End of Fixlog 16:45:35 ====

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.