Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am infected with msrtn32 on windows 10


  • This topic is locked This topic is locked
32 replies to this topic

#1 Brownflame2

Brownflame2

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 26 January 2016 - 04:12 PM

I noticed that I had a virus when the windows I would open would randomly become deselected and random things would pop up under my mouse while I wasn't hovering over anything. (Ex "Halloween costumes 25% off") I went looking for it and found msrtn32 and think it might be a rootkit virus which is really bad. I tried to delete the virus and it's folder but it wouldn't let me saying I was currently had the file open. And in my task manager I would try and end the cdhtr.exe and rthdcpd.exe but 5 seconds later it would start again.

 

How do I get rid of this thing?



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 26 January 2016 - 04:22 PM

Hello Brownflame2 and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
 Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Brownflame2

Brownflame2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 26 January 2016 - 05:19 PM

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by Shrek (administrator) on SHREK-PC (26-01-2016 14:16:15)
Running from C:\Users\Shrek\Downloads
Loaded Profiles: Shrek (Available Profiles: Shrek & Caelan & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
() C:\Program Files (x86)\data_up\data_up.exe
(Trace Software International) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Microsoft Corporation) C:\ProgramData\SOLIDWORKS Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Mentor Graphics Corporation) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\dispatcher.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\20160122\ct.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
() C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\Shrek\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Shrek\AppData\Local\Akamai\netsession_win.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4867784 2015-12-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-11] (Raptr, Inc)
HKLM-x32\...\Run: [PerditiongmmouseRun] => C:\Program Files (x86)\REDRAGON GAMING MOUSE\pdmon.exe [3234304 2013-11-18] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-07] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-3314479177-2325837315-3137392574-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Shrek\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3314479177-2325837315-3137392574-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation)
HKU\S-1-5-21-3314479177-2325837315-3137392574-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2015 Fast Start.lnk [2015-10-31]
ShortcutTarget: SOLIDWORKS 2015 Fast Start.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS Background Downloader.lnk [2015-10-31]
ShortcutTarget: SOLIDWORKS Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{0dc31919-bc4b-45f7-857b-6ca1c6e78985}: [DhcpNameServer] 10.0.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3314479177-2325837315-3137392574-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-3314479177-2325837315-3137392574-1000 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3314479177-2325837315-3137392574-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-19] (Oracle Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-19] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Shrek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Shrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-27]
CHR Extension: (Google Docs) - C:\Users\Shrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-27]
CHR Extension: (Google Drive) - C:\Users\Shrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-27]
CHR Extension: (YouTube) - C:\Users\Shrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-27]
CHR Extension: (Google Search) - C:\Users\Shrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-27]
CHR Extension: (Google Sheets) - C:\Users\Shrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-27]
CHR Extension: (Google Docs Offline) - C:\Users\Shrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-27]
CHR Extension: (Gmail) - C:\Users\Shrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-27]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-12-04] (Advanced Micro Devices) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-07-15] (BitRaider, LLC)
R2 Dataup; C:\Program Files (x86)\data_up\data_up.exe [73728 2015-06-25] () [File not signed]
R2 ewserver; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\server\EwServer.exe [184840 2015-06-18] (Trace Software International)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 MSSQL$TEW_SQLEXPRESS; c:\ProgramData\SOLIDWORKS Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [238848 2015-06-18] (Mentor Graphics Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-10-31] (SolidWorks) [File not signed]
S4 SQLAgent$TEW_SQLEXPRESS; c:\ProgramData\SOLIDWORKS Electrical\MSSQL11.TEW_SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)
R2 windowsmanagementservice; C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\Temp\20160122\ct.exe [850944 2015-07-24] (Google Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\WINDOWS\system32\drivers\amdacpksd.sys [305392 2015-12-16] (Advanced Micro Devices)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-09-17] (Advanced Micro Devices)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2015-07-15] (BitRaider)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-20] (Microsoft Corporation) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-26 14:16 - 2016-01-26 14:16 - 00014689 _____ C:\Users\Shrek\Downloads\FRST.txt
2016-01-26 14:16 - 2016-01-26 14:16 - 00000000 ____D C:\FRST
2016-01-26 14:15 - 2016-01-26 14:15 - 02370560 _____ (Farbar) C:\Users\Shrek\Downloads\FRST64.exe
2016-01-26 11:26 - 2016-01-26 11:26 - 00000000 ____D C:\Users\Caelan\AppData\Local\CEF
2016-01-26 11:26 - 2016-01-26 11:26 - 00000000 ____D C:\Program Files (x86)\cpx
2016-01-26 11:22 - 2016-01-26 11:22 - 00000000 ____D C:\Users\Shrek\AppData\Local\PeerDistRepub
2016-01-26 11:21 - 2016-01-26 11:22 - 00000000 ____D C:\AdwCleaner
2016-01-23 09:05 - 2016-01-23 09:05 - 00000000 ____D C:\Users\Shrek\AppData\Local\MicrosoftEdge
2016-01-22 15:09 - 2016-01-22 15:09 - 00000000 ____D C:\Program Files (x86)\regtool
2016-01-22 15:09 - 2016-01-22 15:09 - 00000000 ____D C:\Program Files (x86)\dataup
2016-01-19 18:09 - 2016-01-19 18:09 - 00000000 ____D C:\Users\Caelan\AppData\Roaming\Mael
2016-01-19 17:58 - 2016-01-19 17:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor
2016-01-19 17:58 - 2016-01-19 17:58 - 00000000 ____D C:\Program Files (x86)\HxD
2016-01-19 09:22 - 2016-01-19 09:23 - 00000000 ____D C:\ProgramData\Oracle
2016-01-19 09:22 - 2016-01-19 09:22 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-19 09:22 - 2016-01-19 09:22 - 00000000 ____D C:\Users\Shrek\AppData\Roaming\Sun
2016-01-19 09:22 - 2016-01-19 09:22 - 00000000 ____D C:\Users\Shrek\AppData\LocalLow\Sun
2016-01-19 09:22 - 2016-01-19 09:22 - 00000000 ____D C:\Users\Shrek\.oracle_jre_usage
2016-01-19 09:22 - 2016-01-19 09:22 - 00000000 ____D C:\Users\Caelan\AppData\Roaming\Sun
2016-01-19 09:22 - 2016-01-19 09:22 - 00000000 ____D C:\Users\Caelan\AppData\LocalLow\Sun
2016-01-19 09:22 - 2016-01-19 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-19 09:22 - 2016-01-19 09:22 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-19 09:21 - 2016-01-19 09:21 - 00584288 _____ (Oracle Corporation) C:\Users\Caelan\Downloads\JavaSetup8u66.exe
2016-01-19 09:21 - 2016-01-19 09:21 - 00000000 ____D C:\Users\Shrek\AppData\LocalLow\Oracle
2016-01-15 15:21 - 2016-01-15 15:21 - 00000000 ____D C:\Users\Caelan\AppData\Local\Humanbalance
2016-01-15 15:21 - 2016-01-15 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GraphicsGale FreeEdition
2016-01-15 15:20 - 2016-01-15 15:20 - 02048038 _____ (HUMANBALANCE Ltd. ) C:\Users\Caelan\Downloads\setgalefreeus.exe
2016-01-15 15:20 - 2016-01-15 15:20 - 00000000 ____D C:\Program Files (x86)\GraphicsGale FreeEdition
2016-01-15 13:57 - 2016-01-15 14:00 - 00000000 ____D C:\Users\Caelan\Desktop\Sphere
2016-01-15 13:57 - 2016-01-15 13:57 - 00000000 ____D C:\Users\Shrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sphere 1.5
2016-01-14 14:02 - 2016-01-14 14:02 - 00000000 ____D C:\ProgramData\GZ
2016-01-12 15:57 - 2016-01-04 18:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 15:57 - 2016-01-04 18:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 15:57 - 2016-01-04 18:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 15:57 - 2016-01-04 18:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-12 15:57 - 2016-01-04 18:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-12 15:57 - 2016-01-04 18:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 15:57 - 2016-01-04 18:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-12 15:57 - 2016-01-04 18:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 15:57 - 2016-01-04 18:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 15:57 - 2016-01-04 18:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 15:57 - 2016-01-04 18:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 15:57 - 2016-01-04 18:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 15:57 - 2016-01-04 18:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 15:57 - 2016-01-04 18:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-12 15:57 - 2016-01-04 18:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-12 15:57 - 2016-01-04 18:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 15:57 - 2016-01-04 18:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 15:57 - 2016-01-04 18:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 15:57 - 2016-01-04 18:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 15:57 - 2016-01-04 18:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 15:57 - 2016-01-04 18:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-12 15:57 - 2016-01-04 18:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 15:57 - 2016-01-04 18:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-12 15:57 - 2016-01-04 18:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 15:57 - 2016-01-04 18:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 15:57 - 2016-01-04 18:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 15:57 - 2016-01-04 18:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 15:57 - 2016-01-04 18:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 15:57 - 2016-01-04 18:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 15:57 - 2016-01-04 18:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 15:57 - 2016-01-04 18:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 15:57 - 2016-01-04 18:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 15:57 - 2016-01-04 18:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 15:57 - 2016-01-04 18:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 15:57 - 2016-01-04 18:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 15:57 - 2016-01-04 17:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-12 15:57 - 2016-01-04 17:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-12 15:57 - 2016-01-04 17:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 15:57 - 2016-01-04 17:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 15:57 - 2016-01-04 17:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 15:57 - 2016-01-04 17:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 15:57 - 2016-01-04 17:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 15:57 - 2016-01-04 17:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 15:57 - 2016-01-04 17:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 15:57 - 2016-01-04 17:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 15:57 - 2016-01-04 17:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 15:57 - 2016-01-04 17:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-12 15:57 - 2016-01-04 17:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 15:57 - 2016-01-04 17:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-12 15:57 - 2016-01-04 17:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 15:57 - 2016-01-04 17:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 15:57 - 2016-01-04 17:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 15:57 - 2016-01-04 17:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 15:57 - 2016-01-04 17:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 15:57 - 2016-01-04 17:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 15:57 - 2016-01-04 17:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 15:57 - 2016-01-04 17:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 15:57 - 2016-01-04 17:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 15:57 - 2016-01-04 17:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 15:57 - 2016-01-04 17:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 15:57 - 2016-01-04 17:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 15:57 - 2016-01-04 17:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 15:57 - 2016-01-04 17:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 15:57 - 2016-01-04 17:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 15:57 - 2016-01-04 17:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 15:57 - 2016-01-04 17:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 15:57 - 2016-01-04 17:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 15:57 - 2016-01-04 17:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-12 15:57 - 2016-01-04 17:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 15:57 - 2016-01-04 17:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 15:57 - 2016-01-04 17:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 15:57 - 2016-01-04 17:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 15:57 - 2016-01-04 17:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 15:57 - 2016-01-04 17:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 15:57 - 2016-01-04 17:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 15:57 - 2016-01-04 17:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 15:57 - 2016-01-04 17:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 15:57 - 2016-01-04 17:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 15:57 - 2016-01-04 17:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 15:57 - 2016-01-04 17:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-12 15:57 - 2016-01-04 17:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 15:57 - 2016-01-04 17:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 15:57 - 2016-01-04 17:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 15:57 - 2016-01-04 17:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 15:57 - 2016-01-04 17:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 15:57 - 2016-01-04 17:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-12 15:57 - 2016-01-04 17:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-09 13:03 - 2016-01-09 13:03 - 02035773 _____ C:\Users\Caelan\Downloads\Wi-Fi.rar
2016-01-05 13:05 - 2016-01-05 13:05 - 00001247 _____ C:\Users\Shrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
2016-01-05 13:01 - 2016-01-05 13:01 - 00000000 ____D C:\Users\Shrek\AppData\Local\Comms
2016-01-01 16:46 - 2016-01-19 09:22 - 00000000 ____D C:\Users\Caelan\.oracle_jre_usage
2016-01-01 16:46 - 2016-01-01 16:47 - 00000000 ____D C:\Users\Caelan\AppData\Local\Arduino15
2016-01-01 16:46 - 2016-01-01 16:46 - 00000000 ____D C:\Users\Caelan\Documents\Arduino
2016-01-01 16:46 - 2016-01-01 16:46 - 00000000 ____D C:\Users\Caelan\.jssc
2016-01-01 16:45 - 2016-01-01 16:45 - 00000000 ____D C:\Users\Caelan\Desktop\arduino-1.6.7
2016-01-01 16:43 - 2016-01-01 16:44 - 154720305 _____ C:\Users\Caelan\Downloads\arduino-1.6.7-windows.zip
2015-12-31 12:21 - 2015-12-31 12:21 - 01868290 _____ C:\Users\Caelan\Downloads\desmume-0.9.11-win64.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-26 14:16 - 2015-10-29 22:28 - 00000000 ____D C:\Windows
2016-01-26 14:14 - 2015-06-24 05:53 - 00000000 ____D C:\Users\Shrek\AppData\Roaming\Raptr
2016-01-26 14:14 - 2015-06-23 13:30 - 00000000 ____D C:\Users\Shrek\AppData\Local\Akamai
2016-01-26 14:13 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-26 14:13 - 2015-07-15 07:07 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-26 14:10 - 2015-07-15 00:38 - 00000000 ____D C:\Users\Caelan\AppData\Roaming\Raptr
2016-01-26 14:09 - 2015-10-06 12:11 - 00000000 ____D C:\Users\Caelan\AppData\Local\mstrn32
2016-01-26 12:32 - 2015-07-15 07:07 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-26 11:30 - 2015-11-27 11:25 - 01134396 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-26 11:30 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-26 11:24 - 2015-11-27 11:33 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-26 11:23 - 2015-11-27 11:25 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-01-26 11:23 - 2015-10-29 22:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-26 10:38 - 2015-07-18 07:32 - 00000000 ____D C:\Users\Caelan\AppData\Local\cpx
2016-01-25 10:43 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-22 15:32 - 2015-07-15 00:38 - 00000000 ____D C:\Users\Caelan\AppData\Local\AMD
2016-01-22 15:09 - 2015-06-25 03:14 - 00006638 _____ C:\WINDOWS\TEMPcoral.vbs
2016-01-21 08:48 - 2015-12-05 12:17 - 00000000 ____D C:\Users\Caelan\Desktop\Rom hacking tools
2016-01-19 09:22 - 2015-11-27 11:26 - 00000000 ____D C:\Users\Shrek
2016-01-18 19:10 - 2015-11-25 21:48 - 00000000 ____D C:\Users\Caelan\AppData\Local\wxvbam
2016-01-16 10:58 - 2015-12-08 14:46 - 00000000 ____D C:\Users\Caelan\AppData\Local\tileHelperAdvance
2016-01-15 15:24 - 2015-07-15 00:39 - 00000000 __SHD C:\Users\Caelan\AppData\LocalLow\EmieUserList
2016-01-15 15:24 - 2015-07-15 00:39 - 00000000 __SHD C:\Users\Caelan\AppData\LocalLow\EmieSiteList
2016-01-15 15:24 - 2015-07-15 00:39 - 00000000 __SHD C:\Users\Caelan\AppData\Local\EmieUserList
2016-01-15 15:24 - 2015-07-15 00:39 - 00000000 __SHD C:\Users\Caelan\AppData\Local\EmieSiteList
2016-01-14 16:32 - 2015-07-15 07:08 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-12 20:58 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-12 18:56 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-12 18:55 - 2015-06-24 04:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-12 18:52 - 2015-06-24 04:09 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-05 13:01 - 2015-11-27 11:39 - 00000000 ____D C:\Users\Shrek\AppData\Local\Packages
2016-01-05 13:00 - 2015-11-27 11:41 - 00002405 _____ C:\Users\Shrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-05 13:00 - 2015-11-27 11:41 - 00000000 ___RD C:\Users\Shrek\OneDrive
2016-01-05 13:00 - 2015-06-23 13:30 - 00000000 ____D C:\Users\Shrek\AppData\Local\AMD
2016-01-02 17:40 - 2015-10-29 23:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 17:40 - 2015-10-29 23:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-01 16:46 - 2015-11-27 11:26 - 00000000 ____D C:\Users\Caelan
 
==================== Files in the root of some directories =======
 
2015-06-28 10:14 - 2015-06-28 10:14 - 0000044 _____ () C:\Users\Shrek\AppData\Roaming\WB.CFG
2015-10-31 17:14 - 2015-10-31 17:14 - 0001341 _____ () C:\Users\Shrek\AppData\Local\TempInformationFile.html
2015-10-31 17:09 - 2015-10-31 17:09 - 0000000 _____ () C:\Users\Shrek\AppData\Local\Temptable.xml
2015-06-28 11:23 - 2015-06-28 11:23 - 0199486 _____ () C:\ProgramData\1435519310.bdinstall.bin
2015-06-28 11:26 - 2015-06-28 11:26 - 0049663 _____ () C:\ProgramData\1435519585.bdinstall.bin
 
Some files in TEMP:
====================
C:\Users\Caelan\AppData\Local\Temp\tmp68A4.exe
C:\Users\Shrek\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-19 10:14
 
==================== End of FRST.txt ============================
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Shrek (2016-01-26 14:16:47)
Running from C:\Users\Shrek\Downloads
Windows 10 Pro (X64) (2015-11-27 19:39:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3314479177-2325837315-3137392574-500 - Administrator - Disabled)
Caelan (S-1-5-21-3314479177-2325837315-3137392574-1005 - Limited - Enabled) => C:\Users\Caelan
DefaultAccount (S-1-5-21-3314479177-2325837315-3137392574-503 - Limited - Disabled)
Guest (S-1-5-21-3314479177-2325837315-3137392574-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3314479177-2325837315-3137392574-1002 - Limited - Enabled)
Shrek (S-1-5-21-3314479177-2325837315-3137392574-1000 - Administrator - Enabled) => C:\Users\Shrek
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
ACP Application (Version: 2015.1204.1152.59 - Advanced Micro Devices, Inc.) Hidden
AirPort (HKLM-x32\...\InstallShield_{48A8ADFF-D6E4-409D-B2BA-5CABB7FE5A84}) (Version: 4.2.0.11 - Apple Computer, Inc.)
AirPort (x32 Version: 4.2.0.11 - Apple Computer, Inc.) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-3314479177-2325837315-3137392574-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brackets (HKLM-x32\...\{D20AE926-9B7C-45F2-9201-B161CD30350D}) (Version: 1.4 - brackets.io)
Catalyst Control Center Next Localization BR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1204.1216.22046 - Advanced Micro Devices, Inc.) Hidden
Dungeons & Dragons Online (HKLM-x32\...\Dungeons & Dragons Online) (Version:  - Turbine, Inc)
Front Panel Designer (HKLM-x32\...\Front Panel Designer) (Version: 4.4.2 - Front Panel Express, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GraphicsGale FreeEdition version 2.04.09 (HKLM-x32\...\GraphicsGale FreeEdition_is1) (Version:  - HUMANBALANCE Ltd.)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{5DDC2234-4B37-45BC-AD33-41F1469B4D83}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 10.0 (HKLM-x32\...\{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}) (Version: 10.0.20911 - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version:  - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1049.0 - Passmark Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
REDRAGON GAMING MOUSE version 1.1 (HKLM-x32\...\{6513799F-D2B9-4BEA-A76E-52249156A2B5}_is1) (Version: 1.1 - redragonzone)
SOLIDWORKS 2015 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20150-40400-1100-100) (Version: 23.4.0.56 - SolidWorks Corporation)
SOLIDWORKS 2015 x64 Edition SP04 (Version: 23.140.56 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Composer 2015 SP04 x64 Edition (Version: 23.40.56 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2015 x64 Edition SP04 (Version: 15.4.0012 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Electrical 2015 SP04 x64 Edition (Version: 23.40.56 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Explorer 2015 SP04 x64 Edition (Version: 23.40.56 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2015 SP04 x64 Edition  (Version: 23.40.57 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Inspection 2015 SP04 x64 Edition (Version: 23.40.56 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2015 SP04 x64 Edition (Version: 23.40.56 - Dassault Systemes SolidWorks Corp) Hidden
Sphere (remove only) (HKLM-x32\...\Sphere) (Version:  - )
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version:  - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
The Lord of the Rings Online™ v1301.0055.0535.4025 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1301.0055.0535.4025 - Turbine, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3314479177-2325837315-3137392574-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Shrek\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {034650BE-B8F9-4F8A-B736-98F0229778E2} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {055060FF-E0C6-4353-8380-A8306F90E819} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-15] (Google Inc.)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {14504CCC-04CC-43F0-BEC8-E8A904BDA124} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {317C9D51-21BA-4210-804F-C21B3265699C} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {329B74A8-4ED4-49A2-8C67-E2E060089720} - System32\Tasks\Chromium => C:\Users\Shrek\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
Task: {3B0CF802-6EE1-40FB-9AF9-6C4683681BFC} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {3B899752-CDE3-4E00-8484-D957199907D3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3D729B51-F963-4BCD-9894-5BC49FCE85AD} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {415F0984-DF65-4310-AEAB-B5924930B01C} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-12-04] (Advanced Micro Devices, Inc.)
Task: {4342B540-332E-4936-A96B-3415DED757E7} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {58880676-5AC4-4590-902E-695BB3B951AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-12] (Microsoft Corporation)
Task: {5B3B36C4-3D4F-41B1-B66C-FE964751E2B6} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {64C543A2-850B-4FE7-8F7B-DE44362B727F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {746F0656-54E2-4E22-B6AB-55AE3E9C9AA6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {777F7497-77CA-46C8-9B7E-733ECE20890A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {79621CB1-F881-4BEE-8E0A-B090DACC8384} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {7CDF8621-8CDB-4DA8-A822-CCBDA2797F14} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {7E9D2877-60FE-4E8B-B028-B0DA34305EB4} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {8D858FA4-4EA7-4127-9F50-982D9F2CE972} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-15] (Google Inc.)
Task: {A91513B7-D4DD-4C91-85BC-1285DBA197C0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AC17AADB-2F3B-493F-B956-2FBBA94A5245} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {ACCB551F-D58C-4982-93ED-7265713AA9D9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B07BFC03-09A3-41F4-A7FD-6C532BF64018} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B87571C8-487C-4E1F-A3AF-C2A5100C3703} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {C5E981BE-3984-4FD3-8105-121B628DB5A9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {D5A1B6CE-0FD4-49A1-A756-8EE2D0920561} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F6703A11-23BE-46D9-83A9-8F26A506CB61} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F8F01D6D-20D5-4055-8567-9E976812A645} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Chromium.job => C:\Users\Shrek\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-28 11:22 - 2013-03-19 11:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-06-28 11:22 - 2013-09-03 13:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2015-09-23 15:47 - 2015-09-23 15:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-25 03:14 - 2015-06-25 03:14 - 00073728 _____ () C:\Program Files (x86)\data_up\data_up.exe
2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-08 14:41 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-08 14:41 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-17 15:14 - 2015-12-06 20:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 15:14 - 2015-12-06 20:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 15:57 - 2016-01-04 17:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 15:57 - 2016-01-04 17:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-12 15:57 - 2016-01-04 17:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-12 15:57 - 2016-01-04 17:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-19 08:14 - 2015-06-19 08:14 - 00268280 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldBodyDiffu.dll
2015-10-17 13:04 - 2013-11-18 16:54 - 03234304 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\PDMon.exe
2016-01-14 16:32 - 2016-01-12 08:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-14 16:32 - 2016-01-12 08:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll
2015-10-17 13:04 - 2011-01-26 23:53 - 00028160 _____ () C:\Program Files (x86)\REDRAGON GAMING MOUSE\uiHook.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 10:17 - 2011-02-15 10:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 15:26 - 2014-05-13 15:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2015-10-21 12:29 - 2015-10-21 12:29 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2015-10-21 12:29 - 2015-10-21 12:29 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2015-06-26 15:09 - 2015-06-26 15:09 - 00271872 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 14:56 - 2010-11-22 14:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 14:57 - 2010-11-22 14:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 14:56 - 2010-11-22 14:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00024064 _____ () C:\Program Files (x86)\Raptr\win32pipe.pyd
2010-11-22 14:57 - 2010-11-22 14:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-17 16:56 - 2014-06-17 16:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 10:17 - 2011-02-15 10:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 15:06 - 2010-11-22 15:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 15:52 - 2013-05-09 15:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 10:56 - 2013-05-03 10:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 10:57 - 2013-05-03 10:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Caelan\Downloads\7z1512-x64.exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\InstallWizard101.exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\iTunes6464Setup.exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\lotrolive (1).exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\lotrolive (2).exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\lotrolive.exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\mbam-setup-2.2.0.1024.exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\RobloxPlayerLauncher.exe:BDU
AlternateDataStreams: C:\Users\Shrek\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Shrek\Documents\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Shrek\Documents\SW2015_SP4.0_Full_SSQ:AFP_AfpInfo
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3314479177-2325837315-3137392574-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{51FA66A0-D1CD-496C-BA47-69817BFEDED9}C:\program files\solidworks corp\solidworks electrical\bin\solidworkselectrical.exe] => (Allow) C:\program files\solidworks corp\solidworks electrical\bin\solidworkselectrical.exe
FirewallRules: [TCP Query User{FF088D00-B400-4CF5-B46F-142D3E00A396}C:\program files\solidworks corp\solidworks electrical\bin\solidworkselectrical.exe] => (Allow) C:\program files\solidworks corp\solidworks electrical\bin\solidworkselectrical.exe
FirewallRules: [{7EF745EF-A580-4428-BC42-A0BA806F8623}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{CD6C7F28-39CA-4563-ACF5-2EEB6E9022B3}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [UDP Query User{92C8B7A0-5EFA-453D-B906-48789A7E5A5E}C:\program files (x86)\brackets\node.exe] => (Block) C:\program files (x86)\brackets\node.exe
FirewallRules: [TCP Query User{4E81328F-5584-46AA-A719-4EBE9A1DA932}C:\program files (x86)\brackets\node.exe] => (Block) C:\program files (x86)\brackets\node.exe
FirewallRules: [{DC2BA4CA-B219-4213-9AAC-79BE709BF794}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{65F24383-5F17-471B-BFE8-3CD9B5B36406}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{088C82EC-CC15-4B93-B7B4-3DB09B20E5D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{56100F69-BB0F-4CB6-B6EF-31C531903E8C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{A88DD388-8086-41D3-B575-15A6A3A521C2}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
FirewallRules: [TCP Query User{036041EC-5FB2-47F0-8442-E4C7E4CBC7DA}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
FirewallRules: [UDP Query User{2A8FEFB3-97AB-48DE-9F58-777F31D5C89C}C:\program files (x86)\turbine\lotro\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\lotro\lotroclient.exe
FirewallRules: [TCP Query User{48392179-BC39-4082-97BF-11FE4318AE7B}C:\program files (x86)\turbine\lotro\lotroclient.exe] => (Allow) C:\program files (x86)\turbine\lotro\lotroclient.exe
FirewallRules: [UDP Query User{78FC14DF-2EC1-4A7F-AF72-82B9433F3178}C:\users\caelan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\caelan\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{23CF0FB2-F634-4E25-990C-DAE6C62544FB}C:\users\caelan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\caelan\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{2FD2C9AC-D409-4B6D-9BE4-61A14DCA3A0D}C:\program files\processing\java\bin\java.exe] => (Allow) C:\program files\processing\java\bin\java.exe
FirewallRules: [TCP Query User{F885020E-0300-4F69-9300-9C0CEDFE0AF1}C:\program files\processing\java\bin\java.exe] => (Allow) C:\program files\processing\java\bin\java.exe
FirewallRules: [UDP Query User{8D3EBAA2-744D-43B0-BE5D-9B15BB3C707B}C:\program files (x86)\airport\admin.exe] => (Allow) C:\program files (x86)\airport\admin.exe
FirewallRules: [TCP Query User{C7B89779-BE0E-497B-A124-B2F5F76D5BF0}C:\program files (x86)\airport\admin.exe] => (Allow) C:\program files (x86)\airport\admin.exe
FirewallRules: [{CF029125-4021-4A05-A788-69B9846FC8C1}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{8E1B1DC0-28D4-43CA-ABEB-DED669200A98}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{E0BCAC99-318E-4AAF-B160-FD5AB82F6FA5}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{1554E9C5-54EC-4D46-85F2-98E1C1C2C0D0}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{449EA420-D3B4-4EA2-9978-47CE8416C93B}] => (Allow) C:\Users\Shrek\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [UDP Query User{C426F401-C149-4D6B-A1FD-196BB1C7D409}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
FirewallRules: [TCP Query User{2E90E454-8209-4010-B173-D1EE9B969DA7}C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) C:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
FirewallRules: [UDP Query User{B45A0986-1A9E-4263-81E9-54727538B3FB}C:\users\shrek\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\shrek\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{E321A23F-15C5-4D3C-A04D-8E5508C04DFA}C:\users\shrek\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\shrek\appdata\local\akamai\netsession_win.exe
FirewallRules: [{AE7BFC4E-A7C2-4A3E-90D7-359D664EDDE2}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{F71A05E2-486A-4802-8A8B-932781A78762}C:\users\caelan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\caelan\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{47A9D40D-6B68-4DA8-9743-9A576D42EA97}C:\users\caelan\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\caelan\appdata\local\akamai\netsession_win.exe
FirewallRules: [{0C3CD6F9-AE26-4D1C-88F0-B6C5144D078C}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{59DCE6F7-3E3D-4E95-AF20-9F004E9F4357}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7D0969FE-0806-4DAD-B07C-3D4579659113}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{5F3BC4DB-ACE4-4D6F-A7D2-B368F92A8157}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{284DEEB7-4409-4EC2-9115-052195F22BDE}C:\users\caelan\desktop\arduino-1.6.7\java\bin\javaw.exe] => (Allow) C:\users\caelan\desktop\arduino-1.6.7\java\bin\javaw.exe
FirewallRules: [UDP Query User{A3C38752-6879-478D-98E4-43F5249FA84C}C:\users\caelan\desktop\arduino-1.6.7\java\bin\javaw.exe] => (Allow) C:\users\caelan\desktop\arduino-1.6.7\java\bin\javaw.exe
FirewallRules: [{6B13BACA-5CE7-433D-B968-C27504D33A4C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
05-01-2016 13:21:16 Windows Update
12-01-2016 18:52:34 Windows Update
20-01-2016 09:39:57 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/26/2016 02:14:10 PM) (Source: MsiInstaller) (EventID: 11310) (User: Shrek-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Shrek\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (01/26/2016 02:13:52 PM) (Source: MsiInstaller) (EventID: 11310) (User: Shrek-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Shrek\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
Error: (01/26/2016 11:44:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
Exception code: 0xc0000005
Fault offset: 0x00ac6197
Faulting process id: 0x1270
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5
 
Error: (01/26/2016 10:35:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cpx.exe, version: 1.3.0.1, time stamp: 0x5609e400
Faulting module name: libcef.dll, version: 3.2171.2069.0, time stamp: 0x56094a95
Exception code: 0x80000003
Fault offset: 0x0013ccb0
Faulting process id: 0x2810
Faulting application start time: 0xcpx.exe0
Faulting application path: cpx.exe1
Faulting module path: cpx.exe2
Report Id: cpx.exe3
Faulting package full name: cpx.exe4
Faulting package-relative application ID: cpx.exe5
 
Error: (01/25/2016 12:46:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/24/2016 05:43:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Shrek-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/24/2016 10:22:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/23/2016 02:54:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
Exception code: 0xc0000005
Fault offset: 0x00ac6197
Faulting process id: 0x2024
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5
 
Error: (01/23/2016 09:28:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
Exception code: 0xc0000005
Fault offset: 0x00ac6197
Faulting process id: 0x203c
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report Id: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5
 
Error: (01/23/2016 09:04:41 AM) (Source: MsiInstaller) (EventID: 11310) (User: Shrek-PC)
Description: Product: Akamai NetSession Interface -- Error 1310. Error writing to file: C:\Users\Shrek\AppData\Local\Akamai\admintool.exe.  System error 0.  Verify that you have access to that directory.
 
 
System errors:
=============
Error: (01/26/2016 02:13:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_d3e35d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/26/2016 02:13:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_d3e35d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/26/2016 02:13:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_d3e35d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/26/2016 02:13:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_d3e35d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/26/2016 02:11:31 PM) (Source: DCOM) (EventID: 10010) (User: Shrek-PC)
Description: NLInternal.SharedRecoActivation
 
Error: (01/26/2016 02:09:31 PM) (Source: DCOM) (EventID: 10010) (User: Shrek-PC)
Description: NLInternal.SharedRecoActivation
 
Error: (01/26/2016 02:09:31 PM) (Source: DCOM) (EventID: 10010) (User: Shrek-PC)
Description: NLInternal.SharedRecoActivation
 
Error: (01/26/2016 01:14:14 PM) (Source: DCOM) (EventID: 10010) (User: Shrek-PC)
Description: NLInternal.SharedRecoActivation
 
Error: (01/26/2016 01:14:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_456c3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/26/2016 01:14:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_456c3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-01-26 14:16:51.987
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-26 14:16:51.976
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-26 14:16:34.227
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-26 14:16:34.216
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-13 11:47:24.665
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-01-13 11:47:24.638
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-01-13 11:47:24.611
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-01-13 11:47:24.566
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-01-13 11:47:24.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-01-13 11:47:24.533
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-7850K Radeon R7, 12 Compute Cores 4C+8G
Percentage of memory in use: 28%
Total physical RAM: 7108 MB
Available physical RAM: 5067.85 MB
Total Virtual: 14276 MB
Available Virtual: 11653.35 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.03 GB) (Free:86.13 GB) NTFS
Drive d: (GRMCPRFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 72E3D159)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 26 January 2016 - 08:30 PM

Hi Brownflame2,

Step 1:
 FRST Script:
 Please download this attached  Attached File  Fixlist.txt   3.75KB   6 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Brownflame2

Brownflame2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 26 January 2016 - 09:56 PM

Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Shrek (2016-01-26 18:40:13) Run:1
Running from C:\Users\Shrek\Desktop\FRST
Loaded Profiles: Shrek (Available Profiles: Shrek & Caelan & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\data_up\data_up.exe
R2 Dataup; C:\Program Files (x86)\data_up\data_up.exe
C:\Program Files (x86)\cpx
C:\Users\Caelan\AppData\Local\cpx
C:\Program Files (x86)\dataup
C:\Program Files (x86)\regtool
2016-01-26 14:09 - 2015-10-06 12:11 - 00000000 ____D C:\Users\Caelan\AppData\Local\mstrn32
2016-01-19 18:09 - 2016-01-19 18:09 - 00000000 ____D C:\Users\Caelan\AppData\Roaming\Mael
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3314479177-2325837315-3137392574-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-3314479177-2325837315-3137392574-1000 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3314479177-2325837315-3137392574-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
R2 windowsmanagementservice; C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\Temp\20160122\ct.exe 
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\Users\Caelan\AppData\Local\CEF
C:\Users\Shrek\AppData\Local\PeerDistRepub
C:\Users\Shrek\AppData\Roaming\Sun
C:\Users\Caelan\AppData\Roaming\Sun
C:\ProgramData\GZ
C:\Users\Shrek\AppData\Local\Comms
C:\Users\Caelan\AppData\Local\Arduino15
C:\Users\Shrek\AppData\Roaming\Raptr
2016-01-26 14:10 - 2015-07-15 00:38 - 00000000 ____D C:\Users\Caelan\AppData\Roaming\Raptr
2016-01-18 19:10 - 2015-11-25 21:48 - 00000000 ____D C:\Users\Caelan\AppData\Local\wxvbam
2016-01-16 10:58 - 2015-12-08 14:46 - 00000000 ____D C:\Users\Caelan\AppData\Local\tileHelperAdvance
2016-01-15 15:24 - 2015-07-15 00:39 - 00000000 __SHD C:\Users\Caelan\AppData\LocalLow\EmieUserList
2016-01-15 15:24 - 2015-07-15 00:39 - 00000000 __SHD C:\Users\Caelan\AppData\LocalLow\EmieSiteList
2016-01-15 15:24 - 2015-07-15 00:39 - 00000000 __SHD C:\Users\Caelan\AppData\Local\EmieUserList
2016-01-15 15:24 - 2015-07-15 00:39 - 00000000 __SHD C:\Users\Caelan\AppData\Local\EmieSiteList
2016-01-05 13:01 - 2015-11-27 11:39 - 00000000 ____D C:\Users\Shrek\AppData\Local\Packages
2015-06-28 10:14 - 2015-06-28 10:14 - 0000044 _____ () C:\Users\Shrek\AppData\Roaming\WB.CFG
2015-10-31 17:14 - 2015-10-31 17:14 - 0001341 _____ () C:\Users\Shrek\AppData\Local\TempInformationFile.html
2015-10-31 17:09 - 2015-10-31 17:09 - 0000000 _____ () C:\Users\Shrek\AppData\Local\Temptable.xml
2015-06-28 11:23 - 2015-06-28 11:23 - 0199486 _____ () C:\ProgramData\1435519310.bdinstall.bin
2015-06-28 11:26 - 2015-06-28 11:26 - 0049663 _____ () C:\ProgramData\1435519585.bdinstall.bin
C:\Users\Caelan\AppData\Local\Temp\tmp68A4.exe
C:\Users\Shrek\AppData\Local\Temp\sqlite3.dll
Task: {329B74A8-4ED4-49A2-8C67-E2E060089720} - System32\Tasks\Chromium => C:\Users\Shrek\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
2015-06-25 03:14 - 2015-06-25 03:14 - 00073728 _____ () C:\Program Files (x86)\data_up\data_up.exe
AlternateDataStreams: C:\Users\Caelan\Downloads\7z1512-x64.exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\InstallWizard101.exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\iTunes6464Setup.exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\lotrolive (1).exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\lotrolive (2).exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\lotrolive.exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\mbam-setup-2.2.0.1024.exe:BDU
AlternateDataStreams: C:\Users\Caelan\Downloads\RobloxPlayerLauncher.exe:BDU
AlternateDataStreams: C:\Users\Shrek\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Shrek\Documents\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Shrek\Documents\SW2015_SP4.0_Full_SSQ:AFP_AfpInfo
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\data_up\data_up.exe => moved successfully
Dataup => service removed successfully
C:\Program Files (x86)\cpx => moved successfully
C:\Users\Caelan\AppData\Local\cpx => moved successfully
C:\Program Files (x86)\dataup => moved successfully
C:\Program Files (x86)\regtool => moved successfully
C:\Users\Caelan\AppData\Local\mstrn32 => moved successfully
C:\Users\Caelan\AppData\Roaming\Mael => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3314479177-2325837315-3137392574-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3314479177-2325837315-3137392574-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{84FF7BD6-B47F-46F8-9130-01B2696B36CB} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-3314479177-2325837315-3137392574-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
windowsmanagementservice => service removed successfully
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\Users\Caelan\AppData\Local\CEF => moved successfully
C:\Users\Shrek\AppData\Local\PeerDistRepub => moved successfully
C:\Users\Shrek\AppData\Roaming\Sun => moved successfully
C:\Users\Caelan\AppData\Roaming\Sun => moved successfully
C:\ProgramData\GZ => moved successfully
C:\Users\Shrek\AppData\Local\Comms => moved successfully
C:\Users\Caelan\AppData\Local\Arduino15 => moved successfully
C:\Users\Shrek\AppData\Roaming\Raptr => moved successfully
C:\Users\Caelan\AppData\Roaming\Raptr => moved successfully
C:\Users\Caelan\AppData\Local\wxvbam => moved successfully
C:\Users\Caelan\AppData\Local\tileHelperAdvance => moved successfully
C:\Users\Caelan\AppData\LocalLow\EmieUserList => moved successfully
C:\Users\Caelan\AppData\LocalLow\EmieSiteList => moved successfully
C:\Users\Caelan\AppData\Local\EmieUserList => moved successfully
C:\Users\Caelan\AppData\Local\EmieSiteList => moved successfully
 
"C:\Users\Shrek\AppData\Local\Packages" folder move:
 
Could not move "C:\Users\Shrek\AppData\Local\Packages" => Scheduled to move on reboot.
 
C:\Users\Shrek\AppData\Roaming\WB.CFG => moved successfully
C:\Users\Shrek\AppData\Local\TempInformationFile.html => moved successfully
C:\Users\Shrek\AppData\Local\Temptable.xml => moved successfully
C:\ProgramData\1435519310.bdinstall.bin => moved successfully
C:\ProgramData\1435519585.bdinstall.bin => moved successfully
C:\Users\Caelan\AppData\Local\Temp\tmp68A4.exe => moved successfully
C:\Users\Shrek\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{329B74A8-4ED4-49A2-8C67-E2E060089720}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{329B74A8-4ED4-49A2-8C67-E2E060089720}" => key removed successfully
C:\WINDOWS\System32\Tasks\Chromium => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Chromium" => key removed successfully
"C:\Program Files (x86)\data_up\data_up.exe" => not found.
C:\Users\Caelan\Downloads\7z1512-x64.exe => ":BDU" ADS removed successfully.
C:\Users\Caelan\Downloads\InstallWizard101.exe => ":BDU" ADS removed successfully.
C:\Users\Caelan\Downloads\iTunes6464Setup.exe => ":BDU" ADS removed successfully.
C:\Users\Caelan\Downloads\lotrolive (1).exe => ":BDU" ADS removed successfully.
C:\Users\Caelan\Downloads\lotrolive (2).exe => ":BDU" ADS removed successfully.
C:\Users\Caelan\Downloads\lotrolive.exe => ":BDU" ADS removed successfully.
C:\Users\Caelan\Downloads\mbam-setup-2.2.0.1024.exe => ":BDU" ADS removed successfully.
C:\Users\Caelan\Downloads\RobloxPlayerLauncher.exe => ":BDU" ADS removed successfully.
C:\Users\Shrek\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
C:\Users\Shrek\Documents\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
C:\Users\Shrek\Documents\SW2015_SP4.0_Full_SSQ => ":AFP_AfpInfo" ADS removed successfully.
EmptyTemp: => 1.8 GB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-01-26 18:41:44)
 
C:\Users\Shrek\AppData\Local\Packages => Is moved successfully
 
==== End of Fixlog 18:41:44 ====
 
Scanlog:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/26/2016
Scan Time: 6:45 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.26.07
Rootkit Database: v2016.01.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Shrek
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 457990
Time Elapsed: 5 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.Iminent, HKLM\SOFTWARE\CLASSES\Iminent, Quarantined, [192669d54c4dcc6a55af1bb6f21117e9], 
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, Quarantined, [93ace35b05948fa78466b8fe689b7888], 
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, Quarantined, [c27df34b3861082e3ab05a5cbd46bb45], 
PUP.Optional.WordShark, HKLM\SOFTWARE\WOW6432NODE\WordShark_1.10.0.19, Quarantined, [7cc38ab47a1f2e08a166fafca26111ef], 
PUP.Optional.Iminent, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, Quarantined, [83bcb886d2c7a294e1234889ab58768a], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
PUP.Optional.Mstrn, C:\Users\Shrek\AppData\Local\mstrn32, Quarantined, [8fb083bbc3d65dd9e0babaefd42e56aa], 
PUP.Optional.Mstrn, C:\Users\Shrek\AppData\Local\mstrn32\dump, Quarantined, [8fb083bbc3d65dd9e0babaefd42e56aa], 
PUP.Optional.Clicker.ChrPRSTDU, C:\Program Files (x86)\data_up, Quarantined, [86b9102e8e0b8aacac45634be41e9e62], 
 
Files: 10
PUP.Optional.WinYahoo, C:\Users\Shrek\AppData\LocalLow\Microsoft\Internet Explorer\Services\Wincy.ico, Quarantined, [82bdf04e1881c07672a1f80955afbe42], 
PUP.Optional.Mstrn, C:\Users\Shrek\AppData\Local\mstrn32\cookies, Quarantined, [8fb083bbc3d65dd9e0babaefd42e56aa], 
PUP.Optional.Mstrn, C:\Users\Shrek\AppData\Local\mstrn32\db.sqlite, Quarantined, [8fb083bbc3d65dd9e0babaefd42e56aa], 
PUP.Optional.Mstrn, C:\Users\Shrek\AppData\Local\mstrn32\db.sqlite.bak, Quarantined, [8fb083bbc3d65dd9e0babaefd42e56aa], 
PUP.Optional.Mstrn, C:\Users\Shrek\AppData\Local\mstrn32\Setting.ini, Quarantined, [8fb083bbc3d65dd9e0babaefd42e56aa], 
PUP.Optional.Mstrn, C:\Users\Shrek\AppData\Local\mstrn32\urls.txt, Quarantined, [8fb083bbc3d65dd9e0babaefd42e56aa], 
PUP.Optional.Mstrn, C:\Users\Shrek\AppData\Local\mstrn32\urls.txt.bak, Quarantined, [8fb083bbc3d65dd9e0babaefd42e56aa], 
PUP.Optional.Mstrn, C:\Users\Shrek\AppData\Local\mstrn32\dump\4394a684-f6c9-42c1-85a6-0ef70670446e.dmp, Quarantined, [8fb083bbc3d65dd9e0babaefd42e56aa], 
PUP.Optional.Mstrn, C:\Users\Shrek\AppData\Local\mstrn32\dump\4d9dfd84-b5e9-459a-931b-53b7fb1a8d56.dmp, Quarantined, [8fb083bbc3d65dd9e0babaefd42e56aa], 
PUP.Optional.Clicker.ChrPRSTDU, C:\Program Files (x86)\data_up\dataup.ini, Quarantined, [86b9102e8e0b8aacac45634be41e9e62], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
It didn't request a restart. And it said remove selected instead of apply actions. So did I mess up?


#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 27 January 2016 - 12:53 PM

It didn't request a restart. And it said remove selected instead of apply actions. So did I mess up?

No problem.Very good. :thumbup2:

 

Please do the following.

 

 Java update:
Updating Java and Clearing Cache:

Please follow these steps to update.

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 71
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows Offline (64-bit)  and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

Step 1:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 Brownflame2

Brownflame2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 27 January 2016 - 02:45 PM

AdwCleaner.txt:
 
# AdwCleaner v5.031 - Logfile created 26/01/2016 at 11:21:28
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Shrek - SHREK-PC
# Running from : C:\Users\Caelan\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\app_setup
 
***** [ Files ] *****
 
File Found : \END
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : amiupdaterExd
Task Found : amiupdaterExi
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKLM\SOFTWARE\Iminent
Key Found : [x64] HKLM\SOFTWARE\Iminent
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.iminent.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iminent.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myimageconverter.dl.tb.ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\start.iminent.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\us.yhs4.search.yahoo.com
 
***** [ Web browsers ] *****
 
[C:\Users\Shrek\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Shrek\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - \AdwCleaner\AdwCleaner[S1].txt - [2607 bytes] ##########
 
JRT.txt:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Pro x64 
Ran by Shrek (Administrator) on Wed 01/27/2016 at 11:27:39.50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\Users\Shrek\AppData\Local\nico mak computing (Folder) 
Successfully deleted: C:\Users\Shrek\AppData\Roaming\pdfforge (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/27/2016 at 11:29:08.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Was that report supposed to be on my desktop as a txt file? If so then something went wrong cause it didn't show up there. I only have a Adwcleaner.txt and JRT.txt.


#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 27 January 2016 - 02:53 PM

Was that report supposed to be on my desktop as a txt file?

No. For this ,you have to press the button report. Try run again.

 

Please open adwcleaner and press Delete button.

 


Edited by olgun52, 27 January 2016 - 02:56 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 Brownflame2

Brownflame2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 27 January 2016 - 03:16 PM

Roguekillereport.txt:

 

RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Shrek [Administrator]
Started from : C:\Users\Shrek\Downloads\RogueKiller.exe
Mode : Scan -- Date : 01/27/2016 12:06:22
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 5 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0dc31919-bc4b-45f7-857b-6ca1c6e78985} | DhcpNameServer : 10.0.1.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0dc31919-bc4b-45f7-857b-6ca1c6e78985} | DhcpNameServer : 10.0.1.1 ([X])  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\Chromium.job -- C:\Users\Shrek\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE (/Check) -> Found
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SSD2SC24 0G1SA754D117-820 SATA Disk Device +++++
--- User ---
[MBR] e28db97b1b1c5b0b421a1ecb67e8d583
[BSP] 2a6677328d2600542a9d3e57946f4e05 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228384 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 467937280 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
Do you want me to uninstall adwcleaner or did you mean the cleaning function?


#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 27 January 2016 - 04:10 PM

Do you want me to uninstall adwcleaner or did you mean the cleaning function?

I want the cleaning function,please.

Next >>

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Make sure only the following lines are checked:-
    HKEY_LOCAL_MACHINE\Software\Partner -> Found
    %WINDIR%\Tasks\Chromium.job -- C:\Users\Shrek\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE (/Check) -> Found
  • Now click the Delete button.
  • Please copy and paste the report in your next reply. A copy of the RKreport.txt can be found on your desktop.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 Brownflame2

Brownflame2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 27 January 2016 - 07:18 PM

RKreport:

 

RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Shrek [Administrator]
Started from : C:\Users\Shrek\Downloads\RogueKiller.exe
Mode : Delete -- Date : 01/27/2016 16:15:03
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 5 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1 ([X])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1 ([X])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0dc31919-bc4b-45f7-857b-6ca1c6e78985} | DhcpNameServer : 10.0.1.1 ([X])  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0dc31919-bc4b-45f7-857b-6ca1c6e78985} | DhcpNameServer : 10.0.1.1 ([X])  -> Not selected
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\Chromium.job -- C:\Users\Shrek\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE (/Check) -> Deleted
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SSD2SC24 0G1SA754D117-820 SATA Disk Device +++++
--- User ---
[MBR] e28db97b1b1c5b0b421a1ecb67e8d583
[BSP] 2a6677328d2600542a9d3e57946f4e05 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228384 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 467937280 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK
 
Got the report after I did the delete.


#12 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 27 January 2016 - 07:57 PM

Very good :thumbup2:

 

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 Brownflame2

Brownflame2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 28 January 2016 - 12:05 AM

Esetlogfile.txt:

 

C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\Redist\PDFCreator-1_7_3_setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
C:\ProgramData\1435230839\s9.zip a variant of Win32/SquareNet.F potentially unwanted application
C:\Users\All Users\1435230839\s9.zip a variant of Win32/SquareNet.F potentially unwanted application
C:\Users\Shrek\Documents\SW2015_SP4.0_Full_SSQ\Solidworks_2015_SP4.0_Full_DVD2.iso Win32/InstallMonetizer.AQ potentially unwanted application
C:\Users\Shrek\Documents\TEMP\swelectric\PDFCre~1.cab Win32/InstallMonetizer.AQ potentially unwanted application
 
There was no logfile in the folder you told me to go to.


#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:37 PM

Posted 28 January 2016 - 10:47 AM

Hi Brownflame2,

 

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\Redist\PDFCreator-1_7_3_setup.exe"
"C:\ProgramData\1435230839\s9.zip"
"C:\Users\All Users\1435230839\s9.zip"
"C:\Users\Shrek\Documents\SW2015_SP4.0_Full_SSQ\Solidworks_2015_SP4.0_Full_DVD2.iso
"
"C:\Users\Shrek\Documents\TEMP\swelectric\PDFCre~1.cab
"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0

Save this Notepad file as fix.bat and choose to Save as type: - All Files to your desktop then close the Notepad file.
It should look like this: vista_bat_icon.png
Right-click on fix.bat and choose 'Run as administrator' to allow it to run.
Tell me what it says in your next reply. Press any key to continue.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 Brownflame2

Brownflame2
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:37 AM

Posted 28 January 2016 - 12:47 PM

I would do that but my start menu isn't working for some reason and I can't open Note pad without opening my start menu.

 

Edit: Never mind I got notepad to open.

 

This is the logfile that showed up:

 

C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Electrical\Redist\PDFCreator-1_7_3_setup.exe
C:\ProgramData\1435230839\s9.zip
C:\Users\All Users\1435230839\s9.zip
 
The program closed right after I pressed a key.

Edited by Brownflame2, 28 January 2016 - 12:52 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users