August 15th, 2016, 03:12 PM
#1
[RESOLVED] AdChoices problem
The website is not allowing me to post the logs
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by sriwa (15-08-2016 14:52:44)
Running from C:\Users\sriwa\Downloads
Windows 10 Pro Version 1511 (X64) (2016-06-28 16:26:33)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1644789618-2606114323-4026453079-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1644789618-2606114323-4026453079-503 - Limited - Disabled)
Guest (S-1-5-21-1644789618-2606114323-4026453079-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1644789618-2606114323-4026453079-1005 - Limited - Enabled)
sriwa (S-1-5-21-1644789618-2606114323-4026453079-1001 - Administrator - Enabled) => C:\Users\sriwa
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security Suite (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C5D8EEB2-EDBC-4375-829D-BE50547C8890}) (Version: 1.3 - Eyeo GmbH)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 8.0.2.0 - RedFox)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.01 - NCH Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nero 2016 (HKLM-x32\...\{7E55E10F-82E5-4E11-B051-5D1DF76102FF}) (Version: 17.0.00900 - Nero AG)
Nero 2016 Content Pack (HKLM-x32\...\{006F5CFF-ED35-41AF-9B2A-F52B0F545BF4}) (Version: 17.0.00200 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation)
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1220 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WinX DVD Ripper Platinum 7.5.15 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1644789618-2606114323-4026453079-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\sriwa\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {4855CF16-0E2B-43DC-8AAF-FFE1F37AFCF4} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {61A47308-8B73-43CA-99DF-EA85403616C3} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {840BBF8C-6430-4265-8BAB-C02421ACBF5E} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {85B533DA-4FAB-435E-92D5-A5788D48E85C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-06-16] (Symantec Corporation)
Task: {90F0AF18-1896-468D-A74F-ECA9590FD6EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-04] (Google Inc.)
Task: {A929E77B-F05F-423C-8A15-4911C36C9483} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
Task: {E77643F5-3D5A-46F1-9151-7F6554D1805B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-04] (Google Inc.)
Task: {F06C5192-8763-419F-B8A7-6F0939B00445} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\WSCStub.exe [2016-06-16] (Symantec Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\sriwa\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-07-13 06:09 - 2016-07-01 00:48 - 02656408 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-07-13 06:09 - 2016-07-01 00:48 - 02656408 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-06-28 12:32 - 2016-06-28 12:32 - 00959168 _____ () C:\Users\sriwa\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-07-13 06:09 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-28 13:08 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 06:13 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 06:09 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 06:09 - 2016-06-30 23:22 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-13 06:09 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 06:09 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-13 06:09 - 2016-06-30 23:21 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 03:18 - 2015-10-30 05:07 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 03:18 - 2015-10-30 05:07 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 03:18 - 2015-10-30 05:07 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 03:18 - 2015-10-30 05:07 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 03:18 - 2015-10-30 05:07 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 03:18 - 2015-10-30 05:07 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 03:18 - 2015-10-30 05:07 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 03:18 - 2015-10-30 05:07 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 03:18 - 2015-10-30 05:07 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-06-28 13:20 - 2016-06-28 13:21 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.11.7081.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll
2016-06-28 13:23 - 2016-06-28 13:23 - 04108184 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.0.1606.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2015-10-30 05:12 - 2015-10-30 05:12 - 03128832 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.11.7081.0_x64__8wekyb3d8bbwe\Avatars.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 02941440 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll
2016-06-28 12:32 - 2016-06-28 12:32 - 00679624 _____ () C:\Users\sriwa\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-08-13 07:57 - 2016-06-20 14:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2016-08-13 07:57 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\...\hola.org -> hxxp://hola.org
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 03:24 - 2015-10-30 03:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sriwa\OneDrive\Pictures\Saved Pictures\hd-wallpapers-for-windows-10-WI17.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A6A15A85-8C84-4801-8701-44A576203F12}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7EF4373F-E7FE-433E-86A5-FA04E957C658}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{29E5F1D3-5228-4DDB-9C88-EBB3BED7D852}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{BAA7969D-92B6-49BF-950C-08DFEE91234D}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{CC90C011-BD09-41D8-AF9E-A6BFFE7CDD5A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{809AEBDE-B699-4698-B278-5E85F5710B13}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
25-07-2016 12:33:35 Scheduled Checkpoint
06-08-2016 07:31:15 Scheduled Checkpoint
08-08-2016 08:57:32 Installed Adblock Plus for IE (32-bit and 64-bit)
09-08-2016 18:57:26 Installed Adblock Plus for IE (32-bit and 64-bit)
11-08-2016 15:52:57 Snagit 13
==================== Faulty Device Manager Devices =============
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Intel(R) Management Engine Interface
Description: Intel(R) Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/15/2016 12:12:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 10:42:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 10:36:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 10:30:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 10:24:27 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 10:23:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 10:22:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 09:15:43 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 08:24:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 12:08:04 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
System errors:
=============
Error: (08/15/2016 02:09:21 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x00040185, FWSTS1: 0x16440006).
Error: (08/15/2016 02:09:06 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x00040185, FWSTS1: 0x16440006).
Error: (08/15/2016 02:08:50 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x00040185, FWSTS1: 0x16440006).
Error: (08/15/2016 02:08:34 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x00040185, FWSTS1: 0x16440006).
Error: (08/15/2016 02:08:17 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x00040185, FWSTS1: 0x16440006).
Error: (08/15/2016 02:07:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_204041 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/15/2016 02:07:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_204041 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/15/2016 02:07:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_204041 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/15/2016 02:07:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_204041 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (08/15/2016 12:34:07 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x00040185, FWSTS1: 0x16440006).
CodeIntegrity:
===================================
Date: 2016-08-13 16:50:42.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-11 04:56:13.197
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-13 14:14:22.906
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-13 12:14:30.941
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-05 15:45:34.705
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-30 18:24:36.472
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-30 09:08:56.577
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-30 08:48:07.036
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-29 10:20:15.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-29 10:15:51.511
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 38%
Total physical RAM: 4016.03 MB
Available physical RAM: 2479.18 MB
Total Virtual: 4720.03 MB
Available Virtual: 3271.62 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.27 GB) (Free:435.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 89B933C0)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
August 15th, 2016, 03:14 PM
#2
can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
Ran by sriwa (administrator) on GEOFFS-I5-WIN10 (15-08-2016 14:52:04)
Running from C:\Users\sriwa\Downloads
Loaded Profiles: sriwa (Available Profiles: sriwa)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\n360.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\n360.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.11.7081.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Farbar) C:\Users\sriwa\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\RedFox\AnyDVD\AnyDVD.exe [194080 2016-05-26] (RedFox)
HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-07-21] (SUPERAntiSpyware)
HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{463cf34b-9832-4922-80d4-0f5bbab0d7b8}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Handler: WSWSVCUchrome - No CLSID Value
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1644789618-2606114323-4026453079-1001 -> hxxp://www.microsoft.com/
FireFox:
========
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-07-08] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-07-21]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
Chrome:
=======
CHR Profile: C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-10]
CHR Extension: (Google Drive) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-10]
CHR Extension: (YouTube) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-10]
CHR Extension: (Norton Security Toolbar) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-07-10]
CHR Extension: (Google Sheets) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-04]
CHR Extension: (Google Docs Offline) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-10]
CHR Extension: (Norton Identity Safe) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-04]
CHR Extension: (Gmail) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-10]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-17]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\N360.exe [289080 2016-06-17] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160810.001\BHDrvx64.sys [1832176 2016-06-27] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [34512 2016-08-13] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-04-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160812.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
S3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1607000.04C\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-07-16] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160721.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160721.001\EX64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
August 15th, 2016, 03:19 PM
#3
Part 2
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-15 14:52 - 2016-08-15 14:52 - 00012962 _____ C:\Users\sriwa\Downloads\FRST.txt
2016-08-15 14:51 - 2016-08-15 14:52 - 00000000 ____D C:\FRST
2016-08-15 14:50 - 2016-08-15 14:50 - 01744896 _____ (Farbar) C:\Users\sriwa\Downloads\FRST.exe
2016-08-15 14:45 - 2016-08-15 14:51 - 02394624 _____ (Farbar) C:\Users\sriwa\Downloads\FRST64 (1).exe
2016-08-15 14:44 - 2016-08-15 14:44 - 02394624 _____ (Farbar) C:\Users\sriwa\Downloads\FRST64.exe
2016-08-15 14:10 - 2016-08-15 14:10 - 00000000 ___HD C:\OneDriveTemp
2016-08-15 09:52 - 2016-08-15 10:03 - 03784256 _____ C:\Users\sriwa\Downloads\AdwCleaner (1).exe
2016-08-14 09:49 - 2016-08-14 09:49 - 00000000 ____D C:\Users\sriwa\AppData\Local\Nero_AG
2016-08-13 23:25 - 2016-08-13 23:25 - 01642232 _____ (NCH Software) C:\Users\sriwa\Downloads\debutpsetup.exe
2016-08-13 16:45 - 2016-08-13 16:45 - 00001167 _____ C:\Users\sriwa\AppData\Roaming\trace_FilterInstaller.txt
2016-08-13 16:45 - 2016-08-13 16:45 - 00000000 _____ C:\Users\sriwa\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-08-13 15:41 - 2016-08-13 16:07 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2016-08-13 15:41 - 2016-08-13 15:47 - 00000000 ____D C:\Users\sriwa\AppData\Roaming\NCH Software
2016-08-13 15:41 - 2016-08-13 15:41 - 00002285 _____ C:\Users\sriwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2016-08-13 15:41 - 2016-08-13 15:41 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2016-08-13 15:41 - 2016-08-13 15:41 - 00001313 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2016-08-13 15:41 - 2016-08-13 15:41 - 00001199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2016-08-13 15:41 - 2016-08-13 15:41 - 00001187 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2016-08-13 15:41 - 2016-08-13 15:41 - 00000000 ____D C:\ProgramData\NCH Software
2016-08-13 15:40 - 2016-08-13 15:41 - 00000000 ____D C:\Program Files (x86)\NCH Software
2016-08-13 15:40 - 2016-08-13 15:40 - 00034512 _____ C:\Windows\system32\Drivers\debutfilterx64.sys
2016-08-13 07:57 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2016-08-13 07:56 - 2016-08-14 08:40 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-08-12 12:18 - 2016-08-12 12:19 - 00000127 _____ C:\Users\sriwa\Desktop\XFinity.url
2016-08-10 15:57 - 2016-08-10 15:57 - 00000000 ____D C:\Users\sriwa\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2016-08-10 15:48 - 2016-08-13 23:20 - 00000000 ____D C:\Users\sriwa\Documents\Wondershare Video Converter Ultimate
2016-08-10 15:48 - 2016-08-10 15:48 - 00000000 ____D C:\Users\sriwa\AppData\Roaming\Wondershare Video Converter Ultimate
2016-08-10 15:47 - 2016-08-13 08:25 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2016-08-10 15:47 - 2016-08-10 15:47 - 00000000 ____D C:\Users\sriwa\Documents\Wondershare MediaServer
2016-08-10 15:47 - 2015-02-27 14:54 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio.sys
2016-08-10 15:46 - 2016-08-14 08:40 - 00000000 ____D C:\ProgramData\Wondershare
2016-08-10 15:46 - 2016-08-10 15:46 - 00817296 _____ C:\Users\sriwa\Downloads\video-converter-ultimate_setup_full975.exe
2016-08-10 15:45 - 2016-08-14 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-08-10 15:45 - 2016-08-10 15:57 - 00000000 ____D C:\Users\sriwa\Documents\Wondershare Filmora
2016-08-10 15:45 - 2016-08-10 15:56 - 00001123 _____ C:\Users\sriwa\Documents\starburn.txt
2016-08-10 15:45 - 2016-08-10 15:45 - 00000000 ____D C:\Users\sriwa\AppData\Local\Wondershare
2016-08-10 15:44 - 2016-08-10 15:47 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-08-10 15:43 - 2016-08-10 15:44 - 01206416 _____ C:\Users\sriwa\Downloads\filmora-sonc_setup_full1901.exe
2016-08-10 14:30 - 2016-08-10 15:36 - 00000000 ____D C:\Users\sriwa\Documents\Snagit
2016-08-10 14:30 - 2016-08-10 14:31 - 00000000 ____D C:\Users\sriwa\AppData\Roaming\TechSmith
2016-08-10 14:30 - 2016-08-10 14:30 - 00000000 ____D C:\Users\sriwa\AppData\Local\TechSmith
2016-08-10 14:29 - 2016-08-11 15:53 - 00000000 ____D C:\ProgramData\TechSmith
2016-08-10 14:26 - 2016-08-10 14:28 - 91067736 _____ (TechSmith Corporation) C:\Users\sriwa\Downloads\snagit.exe
2016-08-10 13:34 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-08-10 13:34 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-08-10 13:34 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-08-10 13:34 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-10 13:34 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-08-10 13:34 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2016-08-10 13:34 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-10 13:34 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-08-10 13:34 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-08-10 13:34 - 2016-08-03 06:22 - 01322760 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-08-10 13:34 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-08-10 13:34 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-08-10 13:34 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-08-10 13:34 - 2016-08-03 06:22 - 00058408 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-08-10 13:34 - 2016-08-03 06:21 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-08-10 13:34 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 13:34 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-08-10 13:34 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-08-10 13:34 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-08-10 13:34 - 2016-08-03 06:20 - 00692136 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-08-10 13:34 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-08-10 13:34 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 13:34 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-08-10 13:34 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-08-10 13:34 - 2016-08-03 06:13 - 00393056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-08-10 13:34 - 2016-08-03 06:11 - 00422744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-08-10 13:34 - 2016-08-03 05:51 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe
2016-08-10 13:34 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-08-10 13:34 - 2016-08-03 05:46 - 22384128 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-08-10 13:34 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-08-10 13:34 - 2016-08-03 05:44 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2016-08-10 13:34 - 2016-08-03 05:44 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2016-08-10 13:34 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-08-10 13:34 - 2016-08-03 05:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2016-08-10 13:34 - 2016-08-03 05:41 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2016-08-10 13:34 - 2016-08-03 05:40 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-08-10 13:34 - 2016-08-03 05:40 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll
2016-08-10 13:34 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2016-08-10 13:34 - 2016-08-03 05:40 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-08-10 13:34 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-08-10 13:34 - 2016-08-03 05:39 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2016-08-10 13:34 - 2016-08-03 05:38 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-08-10 13:34 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-08-10 13:34 - 2016-08-03 05:37 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2016-08-10 13:34 - 2016-08-03 05:36 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 13:34 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-08-10 13:34 - 2016-08-03 05:36 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-08-10 13:34 - 2016-08-03 05:35 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-08-10 13:34 - 2016-08-03 05:35 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2016-08-10 13:34 - 2016-08-03 05:34 - 00383488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 13:34 - 2016-08-03 05:33 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-08-10 13:34 - 2016-08-03 05:33 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-08-10 13:34 - 2016-08-03 05:31 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-08-10 13:34 - 2016-08-03 05:31 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2016-08-10 13:34 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
2016-08-10 13:34 - 2016-08-03 05:30 - 24613888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 13:34 - 2016-08-03 05:30 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 13:34 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-08-10 13:34 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-08-10 13:34 - 2016-08-03 05:29 - 02127360 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 13:34 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2016-08-10 13:34 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-08-10 13:34 - 2016-08-03 05:29 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 13:34 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-08-10 13:34 - 2016-08-03 05:28 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-10 13:34 - 2016-08-03 05:28 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-08-10 13:34 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-08-10 13:34 - 2016-08-03 05:27 - 01752576 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 13:34 - 2016-08-03 05:27 - 01717760 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-08-10 13:34 - 2016-08-03 05:27 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-08-10 13:34 - 2016-08-03 05:20 - 13390336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 13:34 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-08-10 13:34 - 2016-08-03 05:18 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-08-10 13:34 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 13:34 - 2016-08-03 05:17 - 02175488 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-08-10 13:34 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-08-10 13:34 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-08-10 13:34 - 2016-08-03 05:16 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-08-10 13:34 - 2016-08-03 05:16 - 01732096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 13:34 - 2016-08-03 05:15 - 07833088 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-08-10 13:34 - 2016-08-03 05:14 - 04895232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 13:34 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-08-10 13:34 - 2016-08-03 05:13 - 03025920 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 13:34 - 2016-08-03 05:13 - 02280960 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-10 13:34 - 2016-08-03 05:12 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2016-08-10 13:34 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-08-10 13:34 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2016-08-10 13:34 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-08-10 13:34 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-08-10 13:34 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.dll
2016-08-10 13:34 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 13:34 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-08-10 13:34 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-08-10 13:34 - 2016-08-03 01:30 - 21123320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-08-10 13:34 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-08-10 13:34 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-08-10 13:34 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe
2016-08-10 13:34 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2016-08-10 13:34 - 2016-08-03 00:47 - 13018112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 13:34 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 13:34 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 13:34 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2016-08-10 13:34 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IdCtrls.dll
2016-08-10 13:34 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 13:34 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 13:34 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-08-10 13:34 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2016-08-10 13:34 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtutil.exe
2016-08-10 13:34 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 13:34 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 13:34 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-08-10 13:34 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 13:34 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 13:34 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-08-10 13:34 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 13:34 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-08-10 13:34 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-08-10 13:34 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-08-10 13:34 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-10 13:34 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 13:34 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 13:34 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 13:34 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2016-08-10 13:34 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-08-10 13:34 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-08-10 13:34 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 13:34 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 13:34 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-08-10 13:34 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2016-08-10 13:11 - 2016-08-10 13:11 - 00000000 ____D C:\Users\sriwa\AppData\Local\Chromium
2016-08-10 13:09 - 2016-08-10 13:10 - 00665984 _____ (Hola Networks Ltd.) C:\Users\sriwa\Downloads\Hola-Setup.exe
2016-08-09 18:57 - 2016-08-15 09:03 - 00000000 ____D C:\Users\sriwa\AppData\LocalLow\Adblock Plus for IE
2016-08-09 18:57 - 2016-08-09 18:57 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2016-07-31 11:06 - 2016-08-15 10:05 - 00000000 ____D C:\AdwCleaner
2016-07-31 10:54 - 2016-08-10 13:41 - 10254432 _____ (MyTurboPC.com) C:\Users\sriwa\Downloads\Myturbopc_C756E7B9-2704-4FA0-AB2F-35A7DEBDBCD4_.exe
2016-07-31 10:47 - 2016-07-31 10:48 - 10840360 _____ (ParetoLogic, Inc.) C:\Users\sriwa\Downloads\RegCureProSetup_AE408F4F-6EF3-40A8-9AF9-24B1A3FEB92B_.exe
2016-07-21 10:05 - 2016-08-15 14:14 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2016-07-21 10:00 - 2016-07-21 10:00 - 00003398 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-07-21 10:00 - 2016-07-21 10:00 - 00002413 _____ C:\Users\Public\Desktop\Norton 360.lnk
2016-07-16 15:21 - 2016-07-16 15:21 - 00000000 ____D C:\ProgramData\Sophos
2016-07-16 15:20 - 2016-07-16 15:20 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-07-16 15:20 - 2016-07-16 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-07-16 15:20 - 2016-07-16 15:20 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-07-16 14:55 - 2016-07-16 14:55 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-07-16 14:54 - 2016-07-16 14:54 - 00000000 ____D C:\ProgramData\RogueKiller
2016-07-16 14:54 - 2016-07-16 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-07-16 14:41 - 2016-07-16 15:20 - 154808336 _____ (Sophos Limited) C:\Users\sriwa\Downloads\Sophos Virus Removal Tool.exe
2016-07-16 14:40 - 2016-07-16 14:40 - 00899584 _____ (Farbar) C:\Users\sriwa\Downloads\FSS.exe
2016-07-16 14:38 - 2016-07-16 14:38 - 00852798 _____ C:\Users\sriwa\Downloads\SecurityCheck.exe
2016-07-16 14:27 - 2016-07-16 14:27 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\sriwa\Downloads\rkill.exe
2016-07-16 14:26 - 2016-07-16 15:14 - 01610560 _____ (Malwarebytes) C:\Users\sriwa\Downloads\JRT.exe
2016-07-16 14:24 - 2016-07-16 14:24 - 05659291 _____ (Swearware) C:\Users\sriwa\Downloads\ComboFix.exe
2016-07-16 14:23 - 2016-07-16 14:44 - 03712064 _____ C:\Users\sriwa\Downloads\AdwCleaner.exe
2016-07-16 14:21 - 2016-07-16 14:54 - 31211544 _____ (Adlice Software ) C:\Users\sriwa\Downloads\Rogue Killer.exe
==================== One Month Modified files and folders ========
August 15th, 2016, 03:19 PM
#4
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-15 14:42 - 2016-07-04 16:26 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-15 14:16 - 2016-06-28 12:22 - 00834360 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-15 14:16 - 2015-10-30 03:21 - 00000000 ____D C:\Windows\INF
2016-08-15 14:10 - 2016-07-04 16:26 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-15 14:10 - 2016-06-28 12:32 - 00000000 ___RD C:\Users\sriwa\OneDrive
2016-08-15 14:09 - 2016-06-28 15:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-15 14:07 - 2015-10-30 02:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-08-15 13:51 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\AppReadiness
2016-08-15 13:03 - 2016-06-29 11:11 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-08-15 11:08 - 2016-06-28 12:43 - 00004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AD81D5D1-39A1-431E-A462-EAD2FA0973FD}
2016-08-15 10:21 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-15 10:11 - 2016-07-01 13:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-14 17:42 - 2016-07-01 11:25 - 00000000 ____D C:\Users\sriwa\AppData\Local\Nero
2016-08-14 13:57 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\rescache
2016-08-14 09:32 - 2016-06-28 12:28 - 00000000 ____D C:\Users\sriwa
2016-08-14 09:28 - 2016-07-01 11:07 - 00000000 ____D C:\Users\sriwa\AppData\Roaming\Nero
2016-08-14 08:52 - 2016-07-01 11:25 - 00000000 ____D C:\Users\sriwa\Documents\NeroVideo
2016-08-13 20:43 - 2016-06-29 13:30 - 00000000 ____D C:\Users\sriwa\AppData\Local\CrashDumps
2016-08-13 16:54 - 2016-06-28 12:29 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-13 16:50 - 2016-06-28 15:14 - 00343648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-13 16:50 - 2015-10-30 02:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-08-13 16:46 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-13 16:46 - 2015-10-30 03:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-08-13 16:46 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-08-11 15:54 - 2016-07-01 10:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-10 16:20 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-08-10 16:20 - 2015-10-30 03:11 - 00000000 ____D C:\Windows\CbsTemp
2016-08-10 16:19 - 2016-06-28 13:10 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 16:17 - 2016-06-28 13:10 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 17:42 - 2016-07-04 16:27 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 17:42 - 2016-07-04 16:27 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-31 11:08 - 2016-07-04 16:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-07-30 09:37 - 2016-07-04 16:26 - 00004002 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-30 09:37 - 2016-07-04 16:26 - 00003770 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-21 12:20 - 2015-10-30 03:24 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-07-21 10:00 - 2016-06-28 17:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2016-07-21 10:00 - 2016-06-28 17:19 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2016-07-17 02:58 - 2016-06-28 17:20 - 00101112 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-07-17 02:58 - 2016-06-28 17:20 - 00008270 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
==================== Files in the root of some directories =======
2016-07-31 10:48 - 2016-07-31 10:55 - 0000115 _____ () C:\Users\sriwa\AppData\Roaming\LogFile.txt
2016-08-13 16:45 - 2016-08-13 16:45 - 0001167 _____ () C:\Users\sriwa\AppData\Roaming\trace_FilterInstaller.txt
2016-08-13 16:45 - 2016-08-13 16:45 - 0000000 _____ () C:\Users\sriwa\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
Some files in TEMP:
====================
C:\Users\sriwa\AppData\Local\Temp\kernel32.dll
C:\Users\sriwa\AppData\Local\Temp\libeay32.dll
C:\Users\sriwa\AppData\Local\Temp\msvcr120.dll
C:\Users\sriwa\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-08 09:24
==================== End of FRST.txt ============================
August 15th, 2016, 10:15 PM
#5
Please, observe following rules:
Read all of my instructions very carefully . Your mistakes during cleaning process may have very serious consequences, like unbootable computer.If you're stuck, or you're not sure about certain step, always ask before doing anything else. Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest. Never run more than one scan at a time. Keep updating me regarding your computer behavior, good, or bad. The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know. If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum. I close my topics if you have not replied in 5 days . If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
==============================
Download RogueKiller from one of the following links and save it to your Desktop:
Link 1
Link 2
Close all the running programs Double click on downloaded setup.exe file to install the program. Click on Start Scan button. Click on another Start Scan button. Wait until the Status box shows Scan Finished Click on Delete . Wait until the Status box shows Deleting Finished . Click on Report and copy/paste the content of the Notepad into your next reply. RKreport.txt could also be found on your desktop.If more than one log is produced post all logs.
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program. Click Finish . On the Dashboard, click the 'Update Now >> ' link After the update completes, click the 'Scan Now >> ' button. Or, on the Dashboard, click the Scan Now >> button. If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. In most cases, a restart will be required. Wait for the prompt to restart the computer to appear , then click on Yes.
If you already have MBAM 2.0 installed:
On the Dashboard, click the 'Update Now >> ' link After the update completes, click the 'Scan Now >> ' button. Or, on the Dashboard, click the Scan Now >> button. If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected. In most cases, a restart will be required. Wait for the prompt to restart the computer to appear , then click on Yes.
How to get logs:
(Export log to save as txt)
After the restart once you are back at your desktop, open MBAM once more. Click on the History tab > Application Logs . Double click on the Scan Log which shows the Date and time of the scan just performed. Click 'Export' . Click 'Text file (*.txt)' In the Save File dialog box which appears, click on Desktop. In the File name: box type a name for your scan log. A message box named 'File Saved ' should appear stating "Your file has been successfully exported ". Click Ok Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
After the restart once you are back at your desktop, open MBAM once more. Click on the History tab > Application Logs . Double click on the Scan Log which shows the Date and time of the scan just performed. Click 'Copy to Clipboard ' Paste the contents of the clipboard into your reply.
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers. Double click on adwcleaner.exe to run the tool. Click on Scan button. When the scan has finished click on Clean button. Your computer will be rebooted automatically. A text file will open after the restart. Please post the contents of that logfile with your next reply. You can find the logfile at C:\AdwCleaner[S1].txt as well.
Please download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message.
August 16th, 2016, 11:39 AM
#6
RogueKiller V12.4.4.0 (x64) [Aug 16 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : sriwa [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 08/16/2016 10:18:31
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | DelaypluginInstall : C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [x][x][x] -> Deleted
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1644789618-2606114323-4026453079-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm )
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1644789618-2606114323-4026453079-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm )
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] a13b7048c803ffc48674cf7f7df589d9
[BSP] f8a1ccb356d6ecd86302c5d8bb8a05ad : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 476438 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 8/16/2016
Scan Time: 10:24 AM
Logfile: mbam1log.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.08.16.08
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 10
CPU: x64
File System: NTFS
User: sriwa
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 289150
Time Elapsed: 5 min, 43 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
# AdwCleaner v6.000 - Logfile created 16/08/2016 at 11:12:04
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-15.2 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : sriwa - GEOFFS-I5-WIN10
# Running from : C:\Users\sriwa\Desktop\adwcleaner_6.000.exe
# Mode: Scan
# Support : https://toolslib.net/forum
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
No malicious task found.
***** [ Registry ] *****
No malicious registry element found.
***** [ Web browsers ] *****
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1492 Bytes] - [31/07/2016 11:07:45]
C:\AdwCleaner\AdwCleaner[C2].txt - [2440 Bytes] - [15/08/2016 10:05:48]
C:\AdwCleaner\AdwCleaner[S1].txt - [1442 Bytes] - [31/07/2016 11:06:20]
C:\AdwCleaner\AdwCleaner[S2].txt - [2475 Bytes] - [15/08/2016 10:04:30]
C:\AdwCleaner\AdwCleaner[S3].txt - [1274 Bytes] - [16/08/2016 11:12:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1347 Bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro x64
Ran by sriwa (Administrator) on Tue 08/16/2016 at 11:26:48.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/16/2016 at 11:28:45.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
August 16th, 2016, 09:23 PM
#7
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
Double click to run it. Make sure you checkmark Addition.txt box. Press Scan button. Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
August 17th, 2016, 01:02 PM
#8
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-08-2016
Ran by sriwa (administrator) on GEOFFS-I5-WIN10 (17-08-2016 12:58:19)
Running from C:\Users\sriwa\Downloads
Loaded Profiles: sriwa (Available Profiles: sriwa)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\n360.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\n360.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.11.7293.0_x64__8wekyb3d8bbwe\Solitaire.exe
(AnvSoft) C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\AVCUltimate.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\RedFox\AnyDVD\AnyDVD.exe [194080 2016-05-26] (RedFox)
HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-07-21] (SUPERAntiSpyware)
HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{463cf34b-9832-4922-80d4-0f5bbab0d7b8}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-12-16] (Adblock Plus)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-12-16] (Adblock Plus)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Handler: WSWSVCUchrome - No CLSID Value
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-1644789618-2606114323-4026453079-1001 -> hxxp://www.microsoft.com/
FireFox:
========
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-07-08] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-07-21]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
Chrome:
=======
CHR Profile: C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-10]
CHR Extension: (Google Drive) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-10]
CHR Extension: (YouTube) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-10]
CHR Extension: (Norton Security Toolbar) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-07-10]
CHR Extension: (Google Sheets) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-04]
CHR Extension: (Google Docs Offline) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-10]
CHR Extension: (Norton Identity Safe) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-04]
CHR Extension: (Gmail) - C:\Users\sriwa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-10]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-17]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\N360.exe [289080 2016-06-17] (Symantec Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160810.001\BHDrvx64.sys [1832176 2016-06-27] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R3 debutfilter; C:\Windows\system32\DRIVERS\debutfilterx64.sys [34512 2016-08-13] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-04-27] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160816.002\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
S3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [202032 2016-01-19] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1607000.04C\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-17] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-16] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WsAudio_Device; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2015-02-27] (Wondershare)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160721.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160721.001\EX64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
August 17th, 2016, 01:05 PM
#9
If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-17 12:57 - 2016-08-17 12:57 - 00000000 ____D C:\Users\sriwa\Downloads\FRST-OlderVersion
2016-08-17 11:52 - 2016-08-17 11:52 - 00000000 ____D C:\Users\sriwa\Documents\Any Video Converter Ultimate
2016-08-17 11:49 - 2016-08-17 12:00 - 00000000 ____D C:\Users\sriwa\AppData\Roaming\Anvsoft
2016-08-17 11:49 - 2016-08-17 11:49 - 00001361 _____ C:\Users\sriwa\Desktop\Any Video Converter Ultimate.lnk
2016-08-17 11:49 - 2016-08-17 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2016-08-17 11:49 - 2016-08-17 11:49 - 00000000 ____D C:\Program Files (x86)\AnvSoft
2016-08-17 11:49 - 2011-11-28 14:51 - 00033872 _____ (AnvSoft Inc.) C:\Windows\system32\Drivers\anvsnddrv.sys
2016-08-16 13:54 - 2016-08-16 13:54 - 00000122 _____ C:\Users\sriwa\Desktop\Virtual Dr.url
2016-08-16 11:28 - 2016-08-16 11:28 - 00000554 _____ C:\Users\sriwa\Desktop\JRT.txt
2016-08-16 11:08 - 2016-08-16 11:08 - 00001043 _____ C:\mbam1log.txt
2016-08-16 09:47 - 2016-08-16 10:22 - 00000000 ____D C:\Program Files\RogueKiller
2016-08-16 09:47 - 2016-08-16 09:47 - 00000899 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-08-16 09:45 - 2016-08-16 11:26 - 01610560 _____ (Malwarebytes) C:\Users\sriwa\Desktop\JRT (1).exe
2016-08-16 09:45 - 2016-08-16 11:10 - 03784256 _____ C:\Users\sriwa\Desktop\adwcleaner_6.000.exe
2016-08-16 09:44 - 2016-08-16 09:46 - 34636056 _____ (Adlice Software ) C:\Users\sriwa\Desktop\RogueKiller.exe
2016-08-16 09:41 - 2016-08-16 09:41 - 03784256 _____ C:\Users\sriwa\Downloads\adwcleaner_6.000.exe
2016-08-16 09:41 - 2016-08-16 09:41 - 01610560 _____ (Malwarebytes) C:\Users\sriwa\Downloads\JRT (1).exe
2016-08-16 09:36 - 2016-08-16 09:36 - 34636056 _____ (Adlice Software ) C:\Users\sriwa\Downloads\setup.exe
2016-08-15 21:42 - 2016-08-15 21:43 - 00000143 _____ C:\Users\sriwa\Desktop\Neato online Label Design.url
2016-08-15 14:52 - 2016-08-17 12:58 - 00012720 _____ C:\Users\sriwa\Downloads\FRST.txt
2016-08-15 14:52 - 2016-08-15 14:53 - 00026468 _____ C:\Users\sriwa\Downloads\Addition.txt
2016-08-15 14:51 - 2016-08-17 12:58 - 00000000 ____D C:\FRST
2016-08-15 14:44 - 2016-08-17 12:57 - 02394624 _____ (Farbar) C:\Users\sriwa\Downloads\FRST64.exe
2016-08-15 14:10 - 2016-08-15 14:10 - 00000000 ___HD C:\OneDriveTemp
2016-08-15 09:52 - 2016-08-15 10:03 - 03784256 _____ C:\Users\sriwa\Downloads\AdwCleaner (1).exe
2016-08-14 09:49 - 2016-08-14 09:49 - 00000000 ____D C:\Users\sriwa\AppData\Local\Nero_AG
2016-08-13 23:25 - 2016-08-13 23:25 - 01642232 _____ (NCH Software) C:\Users\sriwa\Downloads\debutpsetup.exe
2016-08-13 16:45 - 2016-08-13 16:45 - 00001167 _____ C:\Users\sriwa\AppData\Roaming\trace_FilterInstaller.txt
2016-08-13 16:45 - 2016-08-13 16:45 - 00000000 _____ C:\Users\sriwa\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-08-13 15:41 - 2016-08-13 16:07 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2016-08-13 15:41 - 2016-08-13 15:47 - 00000000 ____D C:\Users\sriwa\AppData\Roaming\NCH Software
2016-08-13 15:41 - 2016-08-13 15:41 - 00002285 _____ C:\Users\sriwa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2016-08-13 15:41 - 2016-08-13 15:41 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
2016-08-13 15:41 - 2016-08-13 15:41 - 00001313 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2016-08-13 15:41 - 2016-08-13 15:41 - 00001199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2016-08-13 15:41 - 2016-08-13 15:41 - 00001187 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2016-08-13 15:41 - 2016-08-13 15:41 - 00000000 ____D C:\ProgramData\NCH Software
2016-08-13 15:40 - 2016-08-13 15:41 - 00000000 ____D C:\Program Files (x86)\NCH Software
2016-08-13 15:40 - 2016-08-13 15:40 - 00034512 _____ C:\Windows\system32\Drivers\debutfilterx64.sys
2016-08-13 07:57 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2016-08-13 07:56 - 2016-08-14 08:40 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-08-12 12:18 - 2016-08-12 12:19 - 00000127 _____ C:\Users\sriwa\Desktop\XFinity.url
2016-08-10 15:57 - 2016-08-10 15:57 - 00000000 ____D C:\Users\sriwa\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2016-08-10 15:48 - 2016-08-17 11:56 - 00000000 ____D C:\Users\sriwa\Documents\Wondershare Video Converter Ultimate
2016-08-10 15:48 - 2016-08-10 15:48 - 00000000 ____D C:\Users\sriwa\AppData\Roaming\Wondershare Video Converter Ultimate
2016-08-10 15:47 - 2016-08-13 08:25 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2016-08-10 15:47 - 2016-08-10 15:47 - 00000000 ____D C:\Users\sriwa\Documents\Wondershare MediaServer
2016-08-10 15:47 - 2015-02-27 14:54 - 00031080 _____ (Wondershare) C:\Windows\system32\Drivers\VirtualAudio.sys
2016-08-10 15:46 - 2016-08-14 08:40 - 00000000 ____D C:\ProgramData\Wondershare
2016-08-10 15:46 - 2016-08-10 15:46 - 00817296 _____ C:\Users\sriwa\Downloads\video-converter-ultimate_setup_full975.exe
2016-08-10 15:45 - 2016-08-14 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-08-10 15:45 - 2016-08-10 15:57 - 00000000 ____D C:\Users\sriwa\Documents\Wondershare Filmora
2016-08-10 15:45 - 2016-08-10 15:56 - 00001123 _____ C:\Users\sriwa\Documents\starburn.txt
2016-08-10 15:45 - 2016-08-10 15:45 - 00000000 ____D C:\Users\sriwa\AppData\Local\Wondershare
2016-08-10 15:44 - 2016-08-10 15:47 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-08-10 15:43 - 2016-08-10 15:44 - 01206416 _____ C:\Users\sriwa\Downloads\filmora-sonc_setup_full1901.exe
2016-08-10 14:30 - 2016-08-10 15:36 - 00000000 ____D C:\Users\sriwa\Documents\Snagit
2016-08-10 14:30 - 2016-08-10 14:31 - 00000000 ____D C:\Users\sriwa\AppData\Roaming\TechSmith
2016-08-10 14:30 - 2016-08-10 14:30 - 00000000 ____D C:\Users\sriwa\AppData\Local\TechSmith
2016-08-10 14:29 - 2016-08-11 15:53 - 00000000 ____D C:\ProgramData\TechSmith
2016-08-10 14:26 - 2016-08-10 14:28 - 91067736 _____ (TechSmith Corporation) C:\Users\sriwa\Downloads\snagit.exe
2016-08-10 13:34 - 2016-08-03 07:14 - 01505984 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-08-10 13:34 - 2016-08-03 07:14 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-08-10 13:34 - 2016-08-03 07:14 - 00050368 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-08-10 13:34 - 2016-08-03 06:36 - 07469408 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-08-10 13:34 - 2016-08-03 06:36 - 00099680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-08-10 13:34 - 2016-08-03 06:36 - 00037744 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2016-08-10 13:34 - 2016-08-03 06:30 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-08-10 13:34 - 2016-08-03 06:23 - 00693600 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-08-10 13:34 - 2016-08-03 06:23 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-08-10 13:34 - 2016-08-03 06:22 - 01322760 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-08-10 13:34 - 2016-08-03 06:22 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-08-10 13:34 - 2016-08-03 06:22 - 00465248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-08-10 13:34 - 2016-08-03 06:22 - 00331616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-08-10 13:34 - 2016-08-03 06:22 - 00058408 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-08-10 13:34 - 2016-08-03 06:21 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-08-10 13:34 - 2016-08-03 06:21 - 03675512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 13:34 - 2016-08-03 06:21 - 00566112 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-08-10 13:34 - 2016-08-03 06:21 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-08-10 13:34 - 2016-08-03 06:20 - 01540224 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-08-10 13:34 - 2016-08-03 06:20 - 00692136 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-08-10 13:34 - 2016-08-03 06:19 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-08-10 13:34 - 2016-08-03 06:19 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 13:34 - 2016-08-03 06:13 - 01988448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-08-10 13:34 - 2016-08-03 06:13 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-08-10 13:34 - 2016-08-03 06:13 - 00393056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-08-10 13:34 - 2016-08-03 06:11 - 00422744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-08-10 13:34 - 2016-08-03 05:51 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe
2016-08-10 13:34 - 2016-08-03 05:51 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-08-10 13:34 - 2016-08-03 05:46 - 22384128 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-08-10 13:34 - 2016-08-03 05:44 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-08-10 13:34 - 2016-08-03 05:44 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2016-08-10 13:34 - 2016-08-03 05:44 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2016-08-10 13:34 - 2016-08-03 05:43 - 16985088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-08-10 13:34 - 2016-08-03 05:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2016-08-10 13:34 - 2016-08-03 05:41 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2016-08-10 13:34 - 2016-08-03 05:40 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\VEDataLayerHelpers.dll
2016-08-10 13:34 - 2016-08-03 05:40 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\bthserv.dll
2016-08-10 13:34 - 2016-08-03 05:40 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2016-08-10 13:34 - 2016-08-03 05:40 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2016-08-10 13:34 - 2016-08-03 05:39 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-08-10 13:34 - 2016-08-03 05:39 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2016-08-10 13:34 - 2016-08-03 05:38 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-08-10 13:34 - 2016-08-03 05:38 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-08-10 13:34 - 2016-08-03 05:37 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2016-08-10 13:34 - 2016-08-03 05:36 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 13:34 - 2016-08-03 05:36 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-08-10 13:34 - 2016-08-03 05:36 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-08-10 13:34 - 2016-08-03 05:35 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-08-10 13:34 - 2016-08-03 05:35 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2016-08-10 13:34 - 2016-08-03 05:34 - 00383488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 13:34 - 2016-08-03 05:33 - 00339968 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-08-10 13:34 - 2016-08-03 05:33 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-08-10 13:34 - 2016-08-03 05:31 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-08-10 13:34 - 2016-08-03 05:31 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2016-08-10 13:34 - 2016-08-03 05:31 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\wevtutil.exe
2016-08-10 13:34 - 2016-08-03 05:30 - 24613888 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 13:34 - 2016-08-03 05:30 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 13:34 - 2016-08-03 05:30 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-08-10 13:34 - 2016-08-03 05:29 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-08-10 13:34 - 2016-08-03 05:29 - 02127360 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 13:34 - 2016-08-03 05:29 - 01500160 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2016-08-10 13:34 - 2016-08-03 05:29 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-08-10 13:34 - 2016-08-03 05:29 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 13:34 - 2016-08-03 05:28 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-08-10 13:34 - 2016-08-03 05:28 - 00848896 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-08-10 13:34 - 2016-08-03 05:28 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-08-10 13:34 - 2016-08-03 05:27 - 07536640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-08-10 13:34 - 2016-08-03 05:27 - 01752576 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 13:34 - 2016-08-03 05:27 - 01717760 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-08-10 13:34 - 2016-08-03 05:27 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-08-10 13:34 - 2016-08-03 05:20 - 13390336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 13:34 - 2016-08-03 05:18 - 06974464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-08-10 13:34 - 2016-08-03 05:18 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-08-10 13:34 - 2016-08-03 05:18 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 13:34 - 2016-08-03 05:17 - 02175488 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-08-10 13:34 - 2016-08-03 05:16 - 05123072 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-08-10 13:34 - 2016-08-03 05:16 - 03589120 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-08-10 13:34 - 2016-08-03 05:16 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-08-10 13:34 - 2016-08-03 05:16 - 01732096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 13:34 - 2016-08-03 05:15 - 07833088 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-08-10 13:34 - 2016-08-03 05:14 - 04895232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 13:34 - 2016-08-03 05:14 - 01997824 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-08-10 13:34 - 2016-08-03 05:13 - 03025920 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 13:34 - 2016-08-03 05:13 - 02280960 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-08-10 13:34 - 2016-08-03 05:12 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2016-08-10 13:34 - 2016-08-03 05:11 - 04171264 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-08-10 13:34 - 2016-08-03 01:52 - 00034088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wldp.dll
2016-08-10 13:34 - 2016-08-03 01:34 - 00501592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-08-10 13:34 - 2016-08-03 01:34 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-08-10 13:34 - 2016-08-03 01:33 - 00051128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsNativeApi.dll
2016-08-10 13:34 - 2016-08-03 01:31 - 02921368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 13:34 - 2016-08-03 01:31 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-08-10 13:34 - 2016-08-03 01:31 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-08-10 13:34 - 2016-08-03 01:30 - 21123320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-08-10 13:34 - 2016-08-03 01:30 - 00465760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-08-10 13:34 - 2016-08-03 01:30 - 00255168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-08-10 13:34 - 2016-08-03 00:57 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe
2016-08-10 13:34 - 2016-08-03 00:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2016-08-10 13:34 - 2016-08-03 00:47 - 13018112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 13:34 - 2016-08-03 00:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 13:34 - 2016-08-03 00:44 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 13:34 - 2016-08-03 00:42 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2016-08-10 13:34 - 2016-08-03 00:40 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IdCtrls.dll
2016-08-10 13:34 - 2016-08-03 00:39 - 19351040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 13:34 - 2016-08-03 00:37 - 00335872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 13:34 - 2016-08-03 00:37 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-08-10 13:34 - 2016-08-03 00:35 - 00286208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2016-08-10 13:34 - 2016-08-03 00:35 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wevtutil.exe
2016-08-10 13:34 - 2016-08-03 00:34 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 13:34 - 2016-08-03 00:34 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 13:34 - 2016-08-03 00:33 - 18677760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-08-10 13:34 - 2016-08-03 00:33 - 02050048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 13:34 - 2016-08-03 00:33 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 13:34 - 2016-08-03 00:32 - 12585984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-08-10 13:34 - 2016-08-03 00:32 - 01526272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 13:34 - 2016-08-03 00:32 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-08-10 13:34 - 2016-08-03 00:32 - 00434688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-08-10 13:34 - 2016-08-03 00:31 - 06743040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-08-10 13:34 - 2016-08-03 00:31 - 00705536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-08-10 13:34 - 2016-08-03 00:29 - 12133376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 13:34 - 2016-08-03 00:28 - 03663360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 13:34 - 2016-08-03 00:25 - 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 13:34 - 2016-08-03 00:25 - 04078080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2016-08-10 13:34 - 2016-08-03 00:23 - 05660672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-08-10 13:34 - 2016-08-03 00:23 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-08-10 13:34 - 2016-08-03 00:22 - 02501120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 13:34 - 2016-08-03 00:22 - 01502208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 13:34 - 2016-08-03 00:21 - 01708032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-08-10 13:34 - 2016-08-03 00:19 - 02180096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2016-08-10 13:11 - 2016-08-10 13:11 - 00000000 ____D C:\Users\sriwa\AppData\Local\Chromium
2016-08-10 13:09 - 2016-08-10 13:10 - 00665984 _____ (Hola Networks Ltd.) C:\Users\sriwa\Downloads\Hola-Setup.exe
2016-08-09 18:57 - 2016-08-15 09:03 - 00000000 ____D C:\Users\sriwa\AppData\LocalLow\Adblock Plus for IE
2016-08-09 18:57 - 2016-08-09 18:57 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2016-07-31 11:06 - 2016-08-16 11:12 - 00000000 ____D C:\AdwCleaner
2016-07-31 10:54 - 2016-08-10 13:41 - 10254432 _____ (MyTurboPC.com) C:\Users\sriwa\Downloads\Myturbopc_C756E7B9-2704-4FA0-AB2F-35A7DEBDBCD4_.exe
2016-07-31 10:47 - 2016-07-31 10:48 - 10840360 _____ (ParetoLogic, Inc.) C:\Users\sriwa\Downloads\RegCureProSetup_AE408F4F-6EF3-40A8-9AF9-24B1A3FEB92B_.exe
2016-07-21 10:05 - 2016-08-17 08:24 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360
2016-07-21 10:00 - 2016-07-21 10:00 - 00003398 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-07-21 10:00 - 2016-07-21 10:00 - 00002413 _____ C:\Users\Public\Desktop\Norton 360.lnk
==================== One Month Modified files and folders ========
August 17th, 2016, 01:05 PM
#10
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-17 12:42 - 2016-07-04 16:26 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-17 12:18 - 2016-06-29 11:11 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-08-17 11:49 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\AppReadiness
2016-08-17 11:49 - 2015-10-30 03:21 - 00000000 ____D C:\Windows\INF
2016-08-17 10:10 - 2016-06-28 12:43 - 00004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AD81D5D1-39A1-431E-A462-EAD2FA0973FD}
2016-08-17 09:42 - 2016-07-04 16:26 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-17 05:18 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-16 11:27 - 2016-06-28 12:32 - 00000000 ___RD C:\Users\sriwa\OneDrive
2016-08-16 11:13 - 2016-07-01 13:36 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-16 09:48 - 2016-07-16 14:55 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-08-16 09:47 - 2016-07-16 14:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-08-16 08:57 - 2016-06-28 12:22 - 00834360 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-15 14:09 - 2016-06-28 15:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-15 14:07 - 2015-10-30 02:28 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-08-14 17:42 - 2016-07-01 11:25 - 00000000 ____D C:\Users\sriwa\AppData\Local\Nero
2016-08-14 13:57 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\rescache
2016-08-14 09:32 - 2016-06-28 12:28 - 00000000 ____D C:\Users\sriwa
2016-08-14 09:28 - 2016-07-01 11:07 - 00000000 ____D C:\Users\sriwa\AppData\Roaming\Nero
2016-08-14 08:52 - 2016-07-01 11:25 - 00000000 ____D C:\Users\sriwa\Documents\NeroVideo
2016-08-13 20:43 - 2016-06-29 13:30 - 00000000 ____D C:\Users\sriwa\AppData\Local\CrashDumps
2016-08-13 16:54 - 2016-06-28 12:29 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-13 16:50 - 2016-06-28 15:14 - 00343648 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-13 16:50 - 2015-10-30 02:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-08-13 16:46 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-13 16:46 - 2015-10-30 03:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-08-13 16:46 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-08-11 15:54 - 2016-07-01 10:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-10 16:20 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2016-08-10 16:20 - 2015-10-30 03:11 - 00000000 ____D C:\Windows\CbsTemp
2016-08-10 16:19 - 2016-06-28 13:10 - 00000000 ____D C:\Windows\system32\MRT
2016-08-10 16:17 - 2016-06-28 13:10 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-08 17:42 - 2016-07-04 16:27 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 17:42 - 2016-07-04 16:27 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-31 11:08 - 2016-07-04 16:26 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-07-30 09:37 - 2016-07-04 16:26 - 00004002 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-30 09:37 - 2016-07-04 16:26 - 00003770 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-21 12:20 - 2015-10-30 03:24 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-07-21 10:00 - 2016-06-28 17:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2016-07-21 10:00 - 2016-06-28 17:19 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
==================== Files in the root of some directories =======
2016-07-31 10:48 - 2016-07-31 10:55 - 0000115 _____ () C:\Users\sriwa\AppData\Roaming\LogFile.txt
2016-08-13 16:45 - 2016-08-13 16:45 - 0001167 _____ () C:\Users\sriwa\AppData\Roaming\trace_FilterInstaller.txt
2016-08-13 16:45 - 2016-08-13 16:45 - 0000000 _____ () C:\Users\sriwa\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
Some files in TEMP:
====================
C:\Users\sriwa\AppData\Local\Temp\dllnt_dump.dll
C:\Users\sriwa\AppData\Local\Temp\kernel32.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-08 09:24
==================== End of FRST.txt ============================
August 17th, 2016, 01:07 PM
#11
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by sriwa (17-08-2016 12:58:57)
Running from C:\Users\sriwa\Downloads
Windows 10 Pro Version 1511 (X64) (2016-06-28 16:26:33)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1644789618-2606114323-4026453079-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1644789618-2606114323-4026453079-503 - Limited - Disabled)
Guest (S-1-5-21-1644789618-2606114323-4026453079-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1644789618-2606114323-4026453079-1005 - Limited - Enabled)
sriwa (S-1-5-21-1644789618-2606114323-4026453079-1001 - Administrator - Enabled) => C:\Users\sriwa
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Norton Security Suite (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C5D8EEB2-EDBC-4375-829D-BE50547C8890}) (Version: 1.3 - Eyeo GmbH)
Any Video Converter Ultimate 5.7.0 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 8.0.2.0 - RedFox)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 3.01 - NCH Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nero 2016 (HKLM-x32\...\{7E55E10F-82E5-4E11-B051-5D1DF76102FF}) (Version: 17.0.00900 - Nero AG)
Nero 2016 Content Pack (HKLM-x32\...\{006F5CFF-ED35-41AF-9B2A-F52B0F545BF4}) (Version: 17.0.00200 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.2000 - Nero AG)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation)
Prerequisite installer (x32 Version: 17.0.0002 - Nero AG) Hidden
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1220 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
WinX DVD Ripper Platinum 7.5.15 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version: - Digiarty Software, Inc.)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1644789618-2606114323-4026453079-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\sriwa\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {4855CF16-0E2B-43DC-8AAF-FFE1F37AFCF4} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {4F3B692E-A332-4B65-A550-64F6BC75D601} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-06-16] (Symantec Corporation)
Task: {61A47308-8B73-43CA-99DF-EA85403616C3} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {90F0AF18-1896-468D-A74F-ECA9590FD6EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-04] (Google Inc.)
Task: {A929E77B-F05F-423C-8A15-4911C36C9483} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-06-04] (Nero AG)
Task: {BD2A849E-F072-4F5C-880A-E6137E382072} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {E77643F5-3D5A-46F1-9151-7F6554D1805B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-04] (Google Inc.)
Task: {F06C5192-8763-419F-B8A7-6F0939B00445} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.7.0.76\WSCStub.exe [2016-06-16] (Symantec Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\sriwa\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-07-13 06:09 - 2016-07-01 00:48 - 02656408 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-07-13 06:09 - 2016-07-01 00:48 - 02656408 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-06-28 12:32 - 2016-06-28 12:32 - 00959168 _____ () C:\Users\sriwa\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-08-13 07:57 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-07-13 06:09 - 2016-06-30 23:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-28 13:08 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 06:13 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 10256384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-07-13 06:09 - 2016-06-30 23:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 06:09 - 2016-06-30 23:22 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-13 06:09 - 2016-06-30 23:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 06:09 - 2016-06-30 23:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-06-28 13:20 - 2016-06-28 13:21 - 00173056 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.11.7293.0_x64__8wekyb3d8bbwe\CellNativeClientUniversal.dll
2016-06-28 13:23 - 2016-06-28 13:23 - 04108184 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.0.1606.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2015-10-30 05:12 - 2015-10-30 05:12 - 03128832 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.11.7293.0_x64__8wekyb3d8bbwe\Avatars.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 02941440 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2016-06-28 13:43 - 2016-06-28 13:43 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll
2016-08-17 11:49 - 2013-12-24 14:46 - 00362029 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\sqlite3.dll
2016-08-17 11:49 - 2014-04-22 02:09 - 00195086 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\avdevice-55.dll
2016-08-17 11:49 - 2014-04-22 02:09 - 12445710 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\avcodec-55.dll
2016-08-17 11:49 - 2014-04-22 02:09 - 00304654 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\avutil-52.dll
2016-08-17 11:49 - 2014-04-22 02:09 - 01824270 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\avformat-55.dll
2016-08-17 11:49 - 2014-04-22 02:09 - 01224206 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\avfilter-3.dll
2016-08-17 11:49 - 2014-04-22 02:09 - 00098318 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\swresample-0.dll
2016-08-17 11:49 - 2014-04-22 02:09 - 00407054 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\swscale-2.dll
2016-08-17 11:49 - 2013-12-24 14:47 - 00027136 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\SDL_ttf.dll
2016-08-17 11:49 - 2013-12-24 14:46 - 00303616 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\SDL.dll
2016-08-17 11:49 - 2013-12-24 14:47 - 00051200 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\SDL_image.dll
2016-08-17 11:49 - 2013-12-24 14:46 - 00174080 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\libpng15-15.dll
2016-08-17 11:49 - 2014-01-26 18:23 - 00117760 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\findSector.dll
2016-08-17 11:49 - 2014-01-26 14:53 - 00084992 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\ParseDVD.dll
2016-08-17 11:49 - 2014-09-16 11:11 - 00432128 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\DuiLib_u.dll
2016-08-17 11:49 - 2013-12-24 14:46 - 02518899 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\libfreetype-6.dll
2016-08-17 11:49 - 2013-12-24 14:47 - 00768416 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\libfontconfig-1.dll
2016-08-17 11:49 - 2014-04-22 02:09 - 00186382 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\postproc-52.dll
2016-08-17 11:49 - 2013-12-24 14:47 - 01507328 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\interFunc.dll
2016-08-17 11:49 - 2013-12-24 14:46 - 00441369 _____ () C:\Program Files (x86)\AnvSoft\Any Video Converter Ultimate\libexpat-1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\...\hola.org -> hxxp://hola.org
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 03:24 - 2015-10-30 03:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sriwa\OneDrive\Pictures\Saved Pictures\hd-wallpapers-for-windows-10-WI17.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1644789618-2606114323-4026453079-1001\...\StartupApproved\Run: => "AnyDVD"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A6A15A85-8C84-4801-8701-44A576203F12}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7EF4373F-E7FE-433E-86A5-FA04E957C658}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{29E5F1D3-5228-4DDB-9C88-EBB3BED7D852}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\StartNBR.exe
FirewallRules: [{BAA7969D-92B6-49BF-950C-08DFEE91234D}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{CC90C011-BD09-41D8-AF9E-A6BFFE7CDD5A}] => (Allow) C:\Program Files (x86)\Nero\Nero 2016\Nero Burning ROM\nero.exe
FirewallRules: [{809AEBDE-B699-4698-B278-5E85F5710B13}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
25-07-2016 12:33:35 Scheduled Checkpoint
06-08-2016 07:31:15 Scheduled Checkpoint
08-08-2016 08:57:32 Installed Adblock Plus for IE (32-bit and 64-bit)
09-08-2016 18:57:26 Installed Adblock Plus for IE (32-bit and 64-bit)
11-08-2016 15:52:57 Snagit 13
16-08-2016 11:26:49 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
August 17th, 2016, 01:07 PM
#12
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Intel(R) Management Engine Interface
Description: Intel(R) Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/16/2016 01:54:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/16/2016 12:41:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/16/2016 11:26:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (08/15/2016 10:11:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 09:59:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program printui.exe version 10.0.10586.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 1238
Start Time: 01d1f7613e7fd360
Termination Time: 12
Application Path: C:\Windows\System32\printui.exe
Report Id: fe9696d3-6354-11e6-9798-e839353a5b45
Faulting package full name:
Faulting package-relative application ID:
Error: (08/15/2016 09:20:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 08:41:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 03:11:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 12:12:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (08/15/2016 10:42:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GEOFFS-I5-WIN10)
Description: Activation of app Microsoft.WindowsMaps_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.
System errors:
=============
Error: (08/17/2016 09:16:21 AM) (Source: DCOM) (EventID: 10016) (User: GEOFFS-I5-WIN10)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}GEOFFS-I5-WIN10sriwaS-1-5-21-1644789618-2606114323-4026453079-1001LocalHost (Using LRPC)Microsoft.MicrosoftSolitaireCollection_3.11.7293.0_x64__8wekyb3d8bbweS-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725
Error: (08/16/2016 01:56:38 PM) (Source: DCOM) (EventID: 10001) (User: GEOFFS-I5-WIN10)
Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX4q1azgcmy0qhjw5hwy4c233sbca9jma9.mca31App.AppXcc14htf1fp3nt27stc0fcm9dshkn3y7m.mcaUnavailableUnavailable
Error: (08/16/2016 01:56:38 PM) (Source: DCOM) (EventID: 10001) (User: GEOFFS-I5-WIN10)
Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX4q1azgcmy0qhjw5hwy4c233sbca9jma9.mca31App.AppXcc14htf1fp3nt27stc0fcm9dshkn3y7m.mcaUnavailableUnavailable
Error: (08/16/2016 12:08:50 PM) (Source: DCOM) (EventID: 10016) (User: GEOFFS-I5-WIN10)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}GEOFFS-I5-WIN10sriwaS-1-5-21-1644789618-2606114323-4026453079-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194
Error: (08/16/2016 12:08:49 PM) (Source: DCOM) (EventID: 10016) (User: GEOFFS-I5-WIN10)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}GEOFFS-I5-WIN10sriwaS-1-5-21-1644789618-2606114323-4026453079-1001LocalHost (Using LRPC)Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4256926629-1688279915-2739229046-3928706915
Error: (08/15/2016 10:32:48 PM) (Source: DCOM) (EventID: 10001) (User: GEOFFS-I5-WIN10)
Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX4q1azgcmy0qhjw5hwy4c233sbca9jma9.mca31App.AppXcc14htf1fp3nt27stc0fcm9dshkn3y7m.mcaUnavailableUnavailable
Error: (08/15/2016 10:32:48 PM) (Source: DCOM) (EventID: 10001) (User: GEOFFS-I5-WIN10)
Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX4q1azgcmy0qhjw5hwy4c233sbca9jma9.mca31App.AppXcc14htf1fp3nt27stc0fcm9dshkn3y7m.mcaUnavailableUnavailable
Error: (08/15/2016 10:32:48 PM) (Source: DCOM) (EventID: 10001) (User: GEOFFS-I5-WIN10)
Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX4q1azgcmy0qhjw5hwy4c233sbca9jma9.mca31App.AppXcc14htf1fp3nt27stc0fcm9dshkn3y7m.mcaUnavailableUnavailable
Error: (08/15/2016 10:32:48 PM) (Source: DCOM) (EventID: 10001) (User: GEOFFS-I5-WIN10)
Description: "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppX4q1azgcmy0qhjw5hwy4c233sbca9jma9.mca31App.AppXcc14htf1fp3nt27stc0fcm9dshkn3y7m.mcaUnavailableUnavailable
Error: (08/15/2016 02:09:21 PM) (Source: MEIx64) (EventID: 3) (User: )
Description: Intel(R) Management Engine Interface driver has failed to perform handshake with the Firmware (FWSTS0: 0x00040185, FWSTS1: 0x16440006).
CodeIntegrity:
===================================
Date: 2016-08-13 16:50:42.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-08-11 04:56:13.197
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-13 14:14:22.906
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-13 12:14:30.941
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-07-05 15:45:34.705
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-30 18:24:36.472
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-30 09:08:56.577
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-30 08:48:07.036
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-29 10:20:15.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-06-29 10:15:51.511
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 58%
Total physical RAM: 4016.03 MB
Available physical RAM: 1674.33 MB
Total Virtual: 7208.75 MB
Available Virtual: 5355.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.27 GB) (Free:432.14 GB) NTFS
Drive d: (Disc) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 89B933C0)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
August 17th, 2016, 06:35 PM
#13
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt ). Please post it to your reply.
Attached Files
August 17th, 2016, 08:33 PM
#14
Fix result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by sriwa (17-08-2016 20:32:02) Run:1
Running from C:\Users\sriwa\Desktop
Loaded Profiles: sriwa (Available Profiles: sriwa)
Boot Mode: Normal
==============================================
fixlist content:
*****************
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160721.001\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\SDSDefs\20160721.001\EX64.SYS [X]
2016-07-31 10:48 - 2016-07-31 10:55 - 0000115 _____ () C:\Users\sriwa\AppData\Roaming\LogFile.txt
2016-08-13 16:45 - 2016-08-13 16:45 - 0001167 _____ () C:\Users\sriwa\AppData\Roaming\trace_FilterInstaller.txt
2016-08-13 16:45 - 2016-08-13 16:45 - 0000000 _____ () C:\Users\sriwa\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
C:\Users\sriwa\AppData\Local\Temp\dllnt_dump.dll
C:\Users\sriwa\AppData\Local\Temp\kernel32.dll
*****************
NAVENG => service could not remove
NAVEX15 => service could not remove
C:\Users\sriwa\AppData\Roaming\LogFile.txt => moved successfully
C:\Users\sriwa\AppData\Roaming\trace_FilterInstaller.txt => moved successfully
C:\Users\sriwa\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt => moved successfully
"C:\Users\sriwa\AppData\Local\Temp\dllnt_dump.dll" => not found.
"C:\Users\sriwa\AppData\Local\Temp\kernel32.dll" => not found.
==== End of Fixlog 20:32:02 ====
August 17th, 2016, 10:05 PM
#15
Last scans...
Download Security Check from here or here and save it to your Desktop .
Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt ; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender Other Services
Press "Scan ".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program. Click on Start button to begin cleaning process. TFC will close all running programs, and it may ask you to restart computer.
Download Sophos Free Virus Removal Tool and save it to your desktop.
Double click the icon and select Run Click Next Select I accept the terms in this license agreement , then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details , then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules