Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Bad Image Error


  • This topic is locked This topic is locked
22 replies to this topic

#1 erstho

erstho

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 11 December 2016 - 02:46 AM

I've have read alot of the previous fixes for this error on this site as well as others and have been unable to resolve my issue.  Been in the computer business for 21 years and as they say the cobblers son has no shoes...can seem to fix everyone elses problems but mine own :-).  Reaching out to my fellow techs to see if you can spot what I am obviously overlooking.  I'm running a Core i5 system with 16GB of RAM, Two 500GB HD's in RAID1, and dual GTS250 video cards.  System was reloaded two months ago so it doesn't have years of clutter on it but starting about a week or two ago I started getting bad image errors relating to anything that runs mmc and several odbc related files.  Can't run device manager, netsh, computer management etc.  Example of trying to open device manager is as follows.

 

mmc.exe - Bad Image

 

C:\Windows\system32\odbcint.dll is either not designed to run on

Windows or it contain an error.  Try installing the programs again using

the original installation media or contact your system administrator or

the software vendor for support.

 

All restore points have been erased and VSC is not functioning now so I can't just roll back to before what I think is a virus made it through my Avast.  I have run all flavors of utilities from MalwareBytes, Adwcleaner, SuperAntiSpyware, Avast Bootime Scan, Norton Power Eraser, ComboFix, Eset Online Scanner, Tdsskiller, examined load points manually, and I'm not seeing anything that would indicate what has got my system hostage.  I'm pasting the FRST and Addtions text bellow.  Any help would be appreciated.  Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by eric (administrator) on PRESIDENT-PC (10-12-2016 19:22:01)
Running from C:\Users\eric\Desktop
Loaded Profiles: eric (Available Profiles: 911Admin & eric & admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\Remote\bin\lnhttpservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\Remote\bin\ReadyCloudClient.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\Remote\bin\ReadyNASRemote.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-09-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320568 2016-09-20] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2016-05-02] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2771832 2012-12-07] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKU\S-1-5-21-2922042764-1072429156-1492372022-1145\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2922042764-1072429156-1492372022-1145\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-02]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ReadyCLOUD Client.lnk [2016-11-10]
ShortcutTarget: ReadyCLOUD Client.lnk -> C:\Program Files (x86)\NETGEAR\Remote\bin\ReadyCloudClient.exe (NETGEAR)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{0BA5EA0B-5E59-48B6-8B62-85A46CF384E3}: [DhcpNameServer] 192.168.28.4
Tcpip\..\Interfaces\{2C89C5B1-548A-4A00-86A1-0020F5CE0C9A}: [NameServer] 192.168.119.2,8.8.8.8
Tcpip\..\Interfaces\{842F69DA-6809-46E9-ABA2-9F0B777D2F47}: [DhcpNameServer] 192.168.17.2 209.18.47.61

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2922042764-1072429156-1492372022-1145\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2922042764-1072429156-1492372022-1145\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2922042764-1072429156-1492372022-1145\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-02] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-02] (Oracle Corporation)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2016-05-02] (Intuit, Inc.)
Handler-x32: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 5rpkhxkb.default
FF ProfilePath: C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\5rpkhxkb.default [2016-12-10]
FF Extension: (Firefox Hotfix) - C:\Users\eric\AppData\Roaming\Mozilla\Firefox\Profiles\5rpkhxkb.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-31]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-30]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-12] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2922042764-1072429156-1492372022-1145: @citrixonline.com/appdetectorplugin -> C:\Users\eric\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-06-10] (Citrix Online)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-09-13] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-09-13] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-09-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-09-13] (NVIDIA Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 ReadyCLOUD HTTP Server; C:\Program Files (x86)\NETGEAR\Remote\bin\lnhttpservice.exe [61816 2016-06-15] (NETGEAR)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [X]
S2 syncagentsrv; "C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2016-11-27] ()
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [32224 2016-09-20] (Intel Corporation)
R3 leafnets; C:\Windows\System32\DRIVERS\leafnets.sys [29696 2016-05-13] (Leaf Networks)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-09-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56376 2016-09-13] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 XLHHardware_1_0; \??\C:\Program Files (x86)\DLL Tool\XLHHardwarex64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-10 19:22 - 2016-12-10 19:24 - 00016740 _____ C:\Users\eric\Desktop\FRST.txt
2016-12-10 19:19 - 2016-12-09 21:21 - 02420224 _____ (Farbar) C:\Users\eric\Desktop\FRST64.exe
2016-12-10 19:12 - 2016-12-10 19:12 - 00003280 ____N C:\bootsqm.dat
2016-12-10 14:58 - 2016-12-10 14:59 - 199356416 _____ C:\Users\eric\Downloads\stellar.iso
2016-12-10 14:54 - 2016-12-10 14:54 - 00000000 ____D C:\ProgramData\Acronis
2016-12-10 14:53 - 2016-12-10 14:53 - 00000000 ____D C:\Program Files (x86)\Acronis
2016-12-10 14:52 - 2016-12-10 14:53 - 295249968 _____ (Acronis) C:\Users\eric\Downloads\atih_installer_hd_4061_en-US.exe
2016-12-09 22:13 - 2016-12-09 22:13 - 28615664 _____ (SUPERAntiSpyware) C:\Users\eric\Downloads\SAS_276266.EXE
2016-12-09 22:09 - 2016-12-09 22:09 - 00024713 _____ C:\ComboFix.txt
2016-12-09 21:33 - 2016-12-09 21:37 - 00000000 ____D C:\AdwCleaner
2016-12-09 21:32 - 2016-12-09 21:32 - 03968464 _____ C:\Users\eric\Downloads\adwcleaner_6.040.exe
2016-12-09 21:22 - 2016-12-10 19:22 - 00000000 ____D C:\FRST
2016-12-09 21:22 - 2016-12-09 21:27 - 00091196 _____ C:\Users\eric\Downloads\FRST.txt
2016-12-09 21:22 - 2016-12-09 21:27 - 00029108 _____ C:\Users\eric\Downloads\Addition.txt
2016-12-09 21:21 - 2016-12-09 21:21 - 02420224 _____ (Farbar) C:\Users\eric\Downloads\FRST64.exe
2016-12-09 14:05 - 2016-12-10 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2016-12-09 14:05 - 2016-12-10 09:04 - 00000000 ____D C:\Program Files (x86)\Free Window Registry Repair
2016-12-09 14:01 - 2016-12-09 14:01 - 12817394 _____ C:\Users\eric\Downloads\video-1481310109.mp4
2016-12-09 08:05 - 2016-12-09 08:05 - 00000000 ____D C:\Users\eric\Downloads\Autoruns
2016-12-09 08:04 - 2016-12-09 08:04 - 01304400 _____ C:\Users\eric\Downloads\Autoruns.zip
2016-12-09 00:00 - 2016-12-10 09:04 - 00000000 ____D C:\Program Files (x86)\DLL Tool
2016-12-08 23:25 - 2016-12-08 23:25 - 05658636 ____R (Swearware) C:\Users\eric\Downloads\ComboFix.exe
2016-12-08 23:25 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe
2016-12-08 23:25 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe
2016-12-08 23:25 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-12-08 23:25 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-12-08 23:25 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-12-08 23:25 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe
2016-12-08 23:25 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe
2016-12-08 23:25 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe
2016-12-08 23:22 - 2016-12-09 22:09 - 00000000 ____D C:\Qoobox
2016-12-08 23:22 - 2016-12-08 23:44 - 00000000 ____D C:\Windows\erdnt
2016-12-07 23:11 - 2016-12-08 00:04 - 00000000 ____D C:\Users\eric\Documents\PDI
2016-12-07 08:21 - 2016-12-07 11:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-07 08:20 - 2016-12-07 08:20 - 00000000 ____D C:\Users\eric\Downloads\marb
2016-12-07 08:17 - 2016-12-07 08:19 - 00418158 _____ C:\TDSSKiller.3.1.0.12_07.12.2016_08.17.57_log.txt
2016-12-07 08:17 - 2016-12-07 08:17 - 04747704 _____ (AO Kaspersky Lab) C:\Users\eric\Downloads\tdsskiller (1).exe
2016-12-06 12:20 - 2016-12-06 23:16 - 00000000 ____D C:\Users\eric\AppData\Local\NPE
2016-12-06 12:20 - 2016-12-06 12:21 - 00000000 ____D C:\ProgramData\Norton
2016-12-06 12:20 - 2016-12-06 12:20 - 03423928 _____ (Symantec Corporation) C:\Users\eric\Downloads\NPE (1).exe
2016-12-05 16:36 - 2016-12-05 16:36 - 00000023 _____ C:\Users\eric\Documents\ccinfo7172.txt
2016-12-05 10:42 - 2016-12-07 08:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-05 10:41 - 2016-12-07 08:20 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-05 10:41 - 2016-12-05 10:44 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-12-05 10:41 - 2016-12-05 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-05 10:41 - 2016-12-05 10:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-05 10:41 - 2016-12-05 10:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-05 10:41 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-12-05 10:41 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-05 10:37 - 2016-12-05 10:37 - 00028930 _____ C:\Users\eric\Documents\cc_20161205_103724.reg
2016-12-05 10:37 - 2016-12-05 10:37 - 00009244 _____ C:\Users\eric\Documents\cc_20161205_103745.reg
2016-12-05 10:36 - 2016-12-05 10:36 - 08576448 _____ (Piriform Ltd) C:\Users\eric\Downloads\ccsetup524.exe
2016-12-05 10:36 - 2016-12-05 10:36 - 00002784 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-12-05 10:36 - 2016-12-05 10:36 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-05 10:36 - 2016-12-05 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-05 10:36 - 2016-12-05 10:36 - 00000000 ____D C:\Program Files\CCleaner
2016-12-05 10:34 - 2016-12-05 10:34 - 07186992 _____ (Microsoft Corporation) C:\Users\eric\Downloads\vcredist_x64.exe
2016-12-03 20:08 - 2016-12-03 20:08 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-12-02 16:18 - 2016-12-02 16:18 - 00000000 ____D C:\files
2016-11-27 17:38 - 2016-11-27 17:38 - 00001998 _____ C:\ProgramData\Microsoft\Windows\Start Menu\GetDataBack for FAT.lnk
2016-11-27 17:38 - 2016-11-27 17:38 - 00001992 _____ C:\Users\Public\Desktop\GetDataBack for FAT.lnk
2016-11-27 17:38 - 2016-11-27 17:38 - 00000000 ____D C:\Users\eric\Downloads\gdb
2016-11-27 17:37 - 2016-11-27 17:38 - 02650119 _____ C:\Users\eric\Downloads\gdb.zip
2016-11-27 17:05 - 2016-11-27 17:05 - 00002071 _____ C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
2016-11-27 17:01 - 2016-11-27 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2016-11-27 17:01 - 2016-11-27 17:38 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2016-11-27 17:01 - 2016-11-27 17:05 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\GetDataBack for NTFS.lnk
2016-11-27 16:42 - 2016-11-27 16:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-11-27 16:41 - 2016-11-27 16:41 - 13106593 _____ C:\Users\eric\Downloads\setuprst (1).zip
2016-11-27 16:41 - 2016-11-27 16:41 - 00000000 ____D C:\Users\eric\Intel
2016-11-27 16:41 - 2016-11-27 16:41 - 00000000 ____D C:\Users\eric\Downloads\setuprst (1)
2016-11-27 16:40 - 2016-11-27 16:41 - 13638264 _____ (Intel Corporation) C:\Users\eric\Downloads\setuprst.exe
2016-11-27 16:23 - 2016-11-27 16:23 - 02499422 _____ C:\Users\eric\Downloads\cpu-z_1.78-en.zip
2016-11-27 16:14 - 2016-11-27 16:14 - 00002611 _____ C:\Users\Public\Desktop\ASUS PC Diagnostics.lnk
2016-11-27 16:14 - 2016-11-27 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-11-27 16:13 - 2016-11-27 16:13 - 45407127 _____ C:\Users\eric\Downloads\PC_Diagnostics_v112_XpVistaWin7.zip
2016-11-27 16:13 - 2016-11-27 16:13 - 00000000 ____D C:\Users\eric\Downloads\PC_Diagnostics_v112_XpVistaWin7
2016-11-27 15:51 - 2016-11-27 15:51 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2016-11-27 15:49 - 2016-11-27 16:14 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-11-27 15:49 - 2016-11-27 15:47 - 00028672 _____ (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2016-11-27 15:49 - 2016-11-27 15:47 - 00013440 _____ C:\Windows\SysWOW64\Drivers\AsIO.sys
2016-11-27 15:49 - 2016-11-27 15:47 - 00011832 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp64.sys
2016-11-27 15:49 - 2016-11-27 15:47 - 00010216 _____ C:\Windows\SysWOW64\Drivers\AsInsHelp32.sys
2016-11-27 15:47 - 2016-11-27 15:47 - 00000000 ____D C:\Users\eric\Downloads\AISuite_II_XPVistaWin7_P8P67-Series_V10104
2016-11-27 15:22 - 2016-11-27 15:47 - 272096912 _____ C:\Users\eric\Downloads\AISuite_II_XPVistaWin7_P8P67-Series_V10104.zip
2016-11-25 21:54 - 2016-11-25 21:54 - 15419283 _____ C:\Users\eric\Downloads\READYNAS_OS_6_SM_EN.pdf
2016-11-23 10:10 - 2016-11-23 10:10 - 01946525 _____ C:\Users\eric\Documents\McAfee Email Security Solutions End of Life FAQ - faq-eol-email-security.pdf
2016-11-22 11:09 - 2016-11-22 11:09 - 00000000 ____D C:\Users\eric\AppData\Local\ElevatedDiagnostics
2016-11-21 23:39 - 2016-11-21 23:39 - 00000000 ___RD C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-11-21 09:58 - 2016-12-02 17:04 - 00015437 _____ C:\Users\eric\Downloads\webbrowserpassview.zip
2016-11-21 09:58 - 2016-12-02 17:04 - 00000000 ____D C:\Users\eric\Downloads\webbrowserpassview
2016-11-20 13:57 - 2016-11-20 13:57 - 00031128 _____ C:\Users\eric\Downloads\arial-boldmt.otf
2016-11-20 13:39 - 2016-11-20 13:39 - 00309095 _____ C:\Users\eric\Documents\itinerary.xps
2016-11-20 13:39 - 2016-11-20 13:39 - 00000000 ____D C:\Users\eric\AppData\LocalLow\Temp
2016-11-19 19:46 - 2016-12-10 19:19 - 00000000 ____D C:\Users\eric\AppData\LocalLow\Mozilla
2016-11-18 09:20 - 2016-11-19 18:05 - 00000000 ____D C:\movies
2016-11-15 22:40 - 2016-12-02 16:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-15 10:10 - 2016-11-15 10:10 - 00000000 ____D C:\Users\eric\Downloads\TLPD
2016-11-10 14:35 - 2016-11-10 14:35 - 11422720 _____ (NETGEAR) C:\Users\eric\Downloads\ReadyCloudSetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-10 19:21 - 2009-07-13 23:13 - 00788542 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-10 19:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-12-10 19:16 - 2016-05-02 14:02 - 00000120 _____ C:\Windows\system32\config\netlogon.ftl
2016-12-10 19:15 - 2016-05-02 11:06 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-10 19:15 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-10 15:04 - 2016-05-03 11:30 - 00002058 ____H C:\Users\eric\Documents\Default.rdp
2016-12-10 14:39 - 2009-07-13 22:45 - 00013984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-10 14:39 - 2009-07-13 22:45 - 00013984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-09 22:16 - 2016-05-02 22:40 - 00000000 ____D C:\Program Files (x86)\Atrex
2016-12-09 22:08 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini
2016-12-09 21:20 - 2016-08-31 11:53 - 00000000 ____D C:\Users\eric\Documents\Outlook Files
2016-12-08 14:51 - 2016-05-03 15:24 - 00000000 ____D C:\Users\eric\AppData\Roaming\PrimoPDF
2016-12-08 09:44 - 2016-05-02 22:51 - 00000000 ____D C:\Users\eric\AppData\Local\CrashDumps
2016-12-06 12:55 - 2009-07-13 17:56 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\lpremove.exe
2016-12-05 10:42 - 2016-10-05 08:40 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.1
2016-12-05 10:34 - 2016-05-02 11:00 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-03 20:17 - 2016-05-02 10:17 - 00000000 ____D C:\Windows\system32\MRT
2016-12-03 20:15 - 2016-05-02 10:17 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-02 16:29 - 2016-05-02 13:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-02 15:53 - 2016-06-13 15:45 - 00000000 ____D C:\Users\eric\AppData\Local\ReadyNASRemote
2016-11-27 17:01 - 2016-05-02 12:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-27 16:42 - 2016-05-02 10:10 - 00000000 ____D C:\Program Files\Intel
2016-11-27 16:41 - 2016-05-02 14:04 - 00000000 ____D C:\Users\eric
2016-11-27 16:03 - 2016-05-02 10:09 - 00001769 _____ C:\Windows\Language_trs.ini
2016-11-25 20:46 - 2016-05-06 08:53 - 00000000 ____D C:\Users\eric\AppData\Local\Windows Live
2016-11-22 11:06 - 2009-07-13 22:45 - 00424504 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-21 23:39 - 2016-05-02 14:11 - 00000000 ____D C:\Users\eric\Documents\Bluetooth Folder
2016-11-20 14:43 - 2016-05-02 14:06 - 00114056 _____ C:\Users\eric\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-18 12:36 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-11-17 14:29 - 2016-05-02 11:06 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

==================== Files in the root of some directories =======

2016-05-02 22:26 - 2016-05-02 22:26 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\eric\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\eric\AppData\Local\Temp\ReadyCloudSetup.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\Magnification.dll
C:\Windows\System32\NlsLexicons0018.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-04 00:50

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by eric (10-12-2016 19:24:29)
Running from C:\Users\eric\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-05-02 15:14:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

admin (S-1-5-21-731385697-3222587367-2520336843-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-731385697-3222587367-2520336843-500 - Administrator - Disabled)
Guest (S-1-5-21-731385697-3222587367-2520336843-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.1.2 - ASUSTeK Computer Inc.)
Atrex (HKLM-x32\...\{42031FA0-A67D-11DB-6784-018BC1A818BE}) (Version: 12.1.2.468 - Millennium Software, LLC)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
GetDataBack for FAT (HKLM-x32\...\{2EEEC858-21F8-419B-8FE2-820621BFFCD7}) (Version: 4.33.000 - Runtime Software)
GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 4.22.000 - Runtime Software)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Chipset Device Software (x32 Version: 10.1.1.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Visual Trace (HKLM-x32\...\McAfee Visual Trace) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 341.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.98 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.98 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickBooks (x32 Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks Pro 2010 (HKLM-x32\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
ReadyCLOUD (HKLM-x32\...\ReadyApps) (Version: 1.13.1267.464 - NETGEAR)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.4.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.4.0 - Renesas Electronics Corporation) Hidden
SDK Debuggers (x32 Version: 8.100.26936 - Microsoft Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{ed3a6e6d-9661-4357-abe4-fcc03dc57a07}) (Version: 8.100.26936 - Microsoft Corporation)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.1.5976 - WinISO Computing Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [2009-07-13] ()
Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [2009-07-13] ()
Task: {81AF5E5D-EED9-419B-89FF-DD4AC3DBB589} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software)
Task: {8C7931E6-16B3-4F6A-BC2D-25AABAAD2F33} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {E9247EE6-434C-4A45-8434-8484D8980DC6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {F2937427-B883-42A3-AA85-24E6ED886038} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-05-02 11:06 - 2016-09-12 14:00 - 00133568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-05-02 22:32 - 2015-09-01 07:41 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2016-10-26 15:19 - 2016-09-13 15:08 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-10-26 15:19 - 2016-09-13 15:08 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-10-26 15:19 - 2016-09-13 15:08 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-10-26 15:19 - 2016-09-13 15:08 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-10-26 15:19 - 2016-09-13 15:08 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-10-26 15:19 - 2016-09-13 15:08 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-10-26 15:19 - 2016-09-13 15:08 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-10-26 15:19 - 2016-09-13 15:08 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-10-26 15:19 - 2016-09-13 15:08 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-10-26 15:19 - 2016-09-13 15:08 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-08-30 02:10 - 2016-08-30 02:10 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-09 12:02 - 2016-12-09 12:02 - 03067904 _____ () C:\Program Files\AVAST Software\Avast\defs\16120901\algo.dll
2016-08-30 02:10 - 2016-08-30 02:10 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2009-07-13 15:03 - 2009-07-13 19:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2016-10-26 15:19 - 2016-09-13 15:08 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-06-29 21:57 - 2016-06-29 21:57 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-06-15 17:50 - 2016-06-15 17:50 - 00106496 _____ () C:\Program Files (x86)\NETGEAR\Remote\bin\Libnet.dll
2016-06-15 17:50 - 2016-06-15 17:50 - 00053299 _____ () C:\Program Files (x86)\NETGEAR\Remote\bin\pthreadVC.dll
2016-06-15 18:03 - 2016-06-15 18:03 - 00142712 _____ () C:\Program Files (x86)\NETGEAR\Remote\bin\lnwpfcontrols.dll
2009-07-13 17:38 - 2009-07-13 19:41 - 00250880 _____ () C:\Windows\system32\icm32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2922042764-1072429156-1492372022-1145\...\syfy.com -> hxxp://www.syfy.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2016-12-08 23:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2922042764-1072429156-1492372022-1145\Control Panel\Desktop\\Wallpaper -> C:\Users\eric\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.119.2 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{39AB4CCF-BB6F-4081-8DF2-7BB3309A031C}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7BC9CA38-8EFF-46AD-A86F-4FF632C5E4B6}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0E9CF10F-DDB8-47D2-AD6B-56B727D768A4}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F25BC861-53FC-42BB-A86A-B03B5200F8C4}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04BEFFD1-DFC3-4B64-82DF-60A74D7A43F9}] => C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\FaxApplications.exe
FirewallRules: [{1E2E9269-26C1-4FD8-8A58-229436872E83}] => C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\DigitalWizards.exe
FirewallRules: [{B7A3C7F9-197E-4D10-B811-2676A816EB44}] => C:\Program Files\HP\HP Officejet Pro 8500 A910\bin\SendAFax.exe
FirewallRules: [{3FB277AB-5B70-4AE3-942E-1FD2FD8C2F6D}] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe
FirewallRules: [{01ABE3D6-9FFD-43AE-ADC3-2B0915F1B9CA}] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{E5DE6252-AA53-4756-8D36-E4A1A9E3902F}] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{FC7470D0-B5DC-4C11-BAE0-1419F575D3C4}C:\remote1\remhelpc1.exe] => C:\remote1\remhelpc1.exe
FirewallRules: [UDP Query User{A34750AD-76BB-4EA4-BBC3-345A9F143B13}C:\remote1\remhelpc1.exe] => C:\remote1\remhelpc1.exe
FirewallRules: [TCP Query User{64B9FE2A-FDD3-4B96-8ED8-E10810865E91}C:\remote2\remhelpc2.exe] => C:\remote2\remhelpc2.exe
FirewallRules: [UDP Query User{51A70434-A098-48CB-9BB2-D8E3BA7C0A66}C:\remote2\remhelpc2.exe] => C:\remote2\remhelpc2.exe
FirewallRules: [TCP Query User{EDAE9A31-1310-478B-907A-674332B29925}C:\remote3\remhelpc3.exe] => C:\remote3\remhelpc3.exe
FirewallRules: [UDP Query User{64D6BF60-16EF-48F1-954D-DC990FABB844}C:\remote3\remhelpc3.exe] => C:\remote3\remhelpc3.exe
FirewallRules: [{D6626204-7F98-45CB-94DB-CB33C3299556}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7FF4EDA5-3FE5-40BB-92C9-AF5882520932}] => LPort=2869
FirewallRules: [{ECAD5996-9BF4-4D55-8647-F8A07DC38267}] => LPort=1900
FirewallRules: [{E0B09A50-F1CF-42B4-9290-359184ADACF6}] => C:\Program Files (x86)\NETGEAR\Remote\bin\ReadyNASRemote.exe
FirewallRules: [{9CA426CF-526F-4406-A3B0-E63E8073A0EF}] => C:\Program Files (x86)\NETGEAR\Remote\bin\ReadyNASRemote.exe
FirewallRules: [{9F8BF05D-7577-4BB9-B3D1-ED0863DCE1D0}] => C:\Program Files (x86)\Advantig\DualDesk\Viewer.exe
FirewallRules: [{00E069C3-2859-4A33-99A5-96AAAB9DD544}] => C:\Program Files (x86)\Advantig\DualDesk\Viewer.exe
FirewallRules: [{466D186E-DFD0-434E-A5F4-CF4D9B84A9FA}] => C:\Program Files (x86)\Advantig\DualDesk\Proxy.exe
FirewallRules: [{DC6503EC-2659-41BC-97D2-77B6692C2433}] => C:\Program Files (x86)\Advantig\DualDesk\Proxy.exe
FirewallRules: [{490A98D8-675B-4431-84E8-C0AF814AFC5B}] => C:\Program Files (x86)\Advantig\DualDesk\Repeater.exe
FirewallRules: [{6FB596F5-45AA-49AD-B368-50DB933F2688}] => C:\Program Files (x86)\Advantig\DualDesk\Repeater.exe
FirewallRules: [{0A4DEA0F-EF5B-44EA-9301-A2DD7F058A00}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B2AF5497-8E11-4BFD-BCC8-B5BD6197BE8B}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AEC058B7-CCD1-468A-8D2E-824D09E3AE4E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{7B299BE4-1C63-4C70-A7E4-EC51044E76F1}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5B16B18F-B920-4A2B-8B1F-D423625239BE}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{70ECDF39-BD6B-496C-8932-414904A06DA5}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{A2503603-16BE-4519-B7EF-845728D27FC1}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{62CE5CBB-2528-4058-B44A-012E4C17269A}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{C63B8EED-280F-4712-A467-5540A4A41BCC}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2016 07:18:59 PM) (Source: ODBC) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/10/2016 03:03:58 PM) (Source: MsiInstaller) (EventID: 11935) (User: 911MCS)
Description: Product: Acronis True Image 2015 -- Error 1935. An error occurred during the installation of assembly 'Microsoft.VC80.CRT,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86"'. Please refer to Help and Support for more information. HRESULT: 0x800736FD. assembly interface: IAssemblyCacheItem, function: Commit, component: {98CB24AD-52FB-DB5F-A01F-C8B3B9A1E18E}

Error: (12/10/2016 02:34:27 PM) (Source: ODBC) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/10/2016 01:41:32 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042302).

Error: (12/10/2016 01:41:32 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80040154, Class not registered
.

Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (12/10/2016 01:41:32 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {faf53cc4-bd73-4e36-83f1-2b23f46e513e} and Name VSSEvent is [0x80040154, Class not registered
].

Operation:
   Gathering Writer Data
   Executing Asynchronous Operation

Context:
   Execution Context: Requestor
   Current State: GatherWriterMetadata

Error: (12/10/2016 12:00:01 AM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x80042302).

Error: (12/10/2016 12:00:01 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80042302).

Error: (12/10/2016 12:00:01 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070057, The parameter is incorrect.
.

Operation:
   Abort Backup

Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated

Error: (12/10/2016 12:00:01 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {faf53cc4-bd73-4e36-83f1-2b23f46e513e} and name VSSEvent cannot be started. [0x80070057, The parameter is incorrect.
]

Operation:
   Abort Backup

Context:
   Execution Context: Requestor
   Current State: SnapshotSetCreated

System errors:
=============
Error: (12/10/2016 07:24:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
The system cannot find the file specified.

Error: (12/10/2016 07:24:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
The system cannot find the file specified.

Error: (12/10/2016 07:23:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
The system cannot find the file specified.

Error: (12/10/2016 07:23:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
The system cannot find the file specified.

Error: (12/10/2016 07:22:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
The system cannot find the file specified.

Error: (12/10/2016 07:22:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
The system cannot find the file specified.

Error: (12/10/2016 07:21:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
The system cannot find the file specified.

Error: (12/10/2016 07:21:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
The system cannot find the file specified.

Error: (12/10/2016 07:21:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (12/10/2016 07:20:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
The system cannot find the file specified.

CodeIntegrity:
===================================
  Date: 2016-12-10 09:04:18.586
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-09 22:16:36.998
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-09 22:10:52.454
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-09 22:03:32.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-09 21:47:29.308
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-09 21:37:24.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-09 21:27:54.815
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-09 21:21:04.904
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-09 16:42:58.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-08 23:30:59.037
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 16%
Total physical RAM: 16360.8 MB
Available physical RAM: 13589.55 MB
Total Virtual: 32719.79 MB
Available Virtual: 29545.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:201.19 GB) NTFS
Drive f: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:30.23 GB) NTFS
Drive m: () (Network) (Total:930.99 GB) (Free:775.01 GB) NTFS
Drive n: () (Network) (Total:930.99 GB) (Free:775.01 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0824A9D0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 13905DC0)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

Mod Edit

Moved from Windows 7 FRST log

 

NickAu


Edited by NickAu, 11 December 2016 - 03:33 AM.
Mod Edit


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 PM

Posted 14 December 2016 - 04:38 PM

Greetings erstho and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 erstho

erstho
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 14 December 2016 - 04:40 PM

  • Thanks Gary and yes please use my first name, Eric, as well.  Appreciate the reply!


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 PM

Posted 14 December 2016 - 04:43 PM

Greetings Eric, nice to meet you.

Can you tell me what else you have run besides what you have posted, if anything.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 erstho

erstho
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 14 December 2016 - 04:50 PM

The only things I believe that is missing is ccCleaner and JRT (Junkware Removal Tool) but I don't recall running anything else beyond that in the way of malware removal tools.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 PM

Posted 14 December 2016 - 04:51 PM

I need to be away from my computer for an hour or so but will be back online as soon as I return. Didn't want to just shut the door in your face......
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 erstho

erstho
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 14 December 2016 - 04:51 PM

No worriers.  I am working on a new server for deployment this weekend so I'll be here.  Take your time and another day is ok too.  Thanks for your replies.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 PM

Posted 14 December 2016 - 04:52 PM

OK, thanks. Did you run things like system file checker (sfc)?

Please see above post in case you missed it.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 erstho

erstho
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 14 December 2016 - 04:53 PM

  • SFC will not run.  Have not had time to take my system down long enough to try running it from a boot cd.  Have run chkdsk with no problems found.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 PM

Posted 14 December 2016 - 08:46 PM

Hi Eric.

Are you aware of this Group Police restriction?

GroupPolicy: Restriction <======= ATTENTION

Please do this.

===================================================

Running System File Checker (SFC) in the Recovery Environment

--------------------

Entering into the System Recovery Options (select one of the 3 options)[/color]

Option #1
To enter System Recovery Options in Windows 8/10:Option #2
To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options screen appears
  • Use the arrow keys to select the Repair your computer menu item
  • Select English as the keyboard language settings, and then click Next
  • Select the operating system you want to repair, and then click Next
  • Select your user account an click Next
Option #3
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc
  • Restart your computer
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer
  • Select English as the keyboard language settings, and then click Next
  • Select the operating system you want to repair, and then click Next
  • Select your user account and click Next
----------

Running System File Checker (SFC) Command
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • Type the following (there is a space before each "/") after the Command Prompt and hit Enter

SFC /SCANNOW /OFFBOOTDIR=Y:\ /OFFWINDIR=C:\WINDOWS

  • Allow the process to complete and report the results
  • Reboot your computer and check the performance
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook and save it to your Desktop.
  • Right-click SystemLook.exe and select Run as administrator...
  • Copy the content of the following codebox into the main textfield:
:filefind
odbcint.dll
:regfind
odbcint.dll
  • Click the Look button to start the scan
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?
  • SystemLook report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 erstho

erstho
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 14 December 2016 - 09:10 PM

I am not aware of any specific restrictions but although I work out of my residence I am running a domain controller so that could be a group policy object from my Small Business Server as there are tons of default policies that come from it.  I will look up those restrictions listed under Internet Explorer though in the registry and see if I can see something.  As soon as I'm able I will run the sfc off of a boot disk and report back here with the requested information.  I am still working so I will set the system to run overnight and report back some time tomorrow.  Thank you for your attention!



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 PM

Posted 14 December 2016 - 09:34 PM

Thank you for your quick replies. I really appreciate it.

You are obviously very adept and computers so I may take advantage of that by raising some questions without posting all the instructions.

Did you try Safe Mode?
Did you create a new user profile with admin privileges from a command line is Safe Mode?

Edited by Oh My!, 14 December 2016 - 09:34 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 erstho

erstho
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 14 December 2016 - 09:54 PM

Thanks for the recognition but I looked at it so much that I started going in circles which is why I posted here so in this discussion you are the expert and I will follow your lead.  I actually tried neither because...you know...why try the simple things first ha!  I will add that to my list of To Do's from you and report back on both Safe Mode and a new user profile as well.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,025 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:03 PM

Posted 14 December 2016 - 10:20 PM

Very good, I am done for the evening but will check in bright and early tomorrow morning.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 erstho

erstho
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 15 December 2016 - 06:15 PM

Ok I have completed the list and here are the results.

 

1.  I checked the registry entries that showed a restriction and both were just a blank key named restriction.  The same keys were not present on two other win 7 systems I have so I exported the keys and deleted them.  Restarted and no change.

2.  Tried safe mode and also created a new user with admin privileges.  No change.

3.  Ran SFC from a win 7 boot disk and got the following message:

 

Windows Resource Protection found corrupte files but was unable to fix some of them.

 

I deleted renamed the cbs.log file and reran SFC to get a more concise log as the existing one was quite large and got the same error.

 

And, bellow is the systemlook.txt file:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 17:09 on 15/12/2016 by eric
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "odbcint.dll"
C:\files\odbcint.dll --a---- 229376 bytes [22:18 02/12/2016] [01:31 14/07/2009] D9F4E3A20B83D42BA0004F9DF670D35C
C:\Windows\System32\odbcint.dll --a---- 229376 bytes [00:11 14/07/2009] [01:09 14/07/2009] ABA457BFC7EC0B5E130B2F1E0F549DFF
C:\Windows\SysWOW64\odbcint.dll --a---- 229376 bytes [00:11 14/07/2009] [01:09 14/07/2009] ABA457BFC7EC0B5E130B2F1E0F549DFF
C:\Windows\winsxs\amd64_microsoft-windows-m..c-drivermanager-rll_31bf3856ad364e35_6.1.7600.16385_none_6b9044f9041bb1a3\odbcint.dll --a---- 229376 bytes [00:28 14/07/2009] [01:31 14/07/2009] D9F4E3A20B83D42BA0004F9DF670D35C
C:\Windows\winsxs\x86_microsoft-windows-m..c-drivermanager-rll_31bf3856ad364e35_6.1.7600.16385_none_0f71a9754bbe406d\odbcint.dll --a---- 229376 bytes [00:11 14/07/2009] [01:09 14/07/2009] ABA457BFC7EC0B5E130B2F1E0F549DFF

========== regfind ==========

Searching for "odbcint.dll"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\21F\52C64B7E]
"@C:\Windows\system32\odbcint.dll,-1310"="Data Sources (ODBC)"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\21F\52C64B7E]
"@%windir%\system32\odbcint.dll,-1312"="Maintains ODBC data sources and drivers."
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ODBC.FileDSN\DefaultIcon]
@="%SystemRoot%\system32\odbcint.dll,1"
[HKEY_USERS\S-1-5-21-2922042764-1072429156-1492372022-1145\Software\Classes\Local Settings\MuiCache\21F\52C64B7E]
"@C:\Windows\system32\odbcint.dll,-1310"="Data Sources (ODBC)"
[HKEY_USERS\S-1-5-21-2922042764-1072429156-1492372022-1145\Software\Classes\Local Settings\MuiCache\21F\52C64B7E]
"@%windir%\system32\odbcint.dll,-1312"="Maintains ODBC data sources and drivers."
[HKEY_USERS\S-1-5-21-2922042764-1072429156-1492372022-1145_Classes\Local Settings\MuiCache\21F\52C64B7E]
"@C:\Windows\system32\odbcint.dll,-1310"="Data Sources (ODBC)"
[HKEY_USERS\S-1-5-21-2922042764-1072429156-1492372022-1145_Classes\Local Settings\MuiCache\21F\52C64B7E]
"@%windir%\system32\odbcint.dll,-1312"="Maintains ODBC data sources and drivers."

-= EOF =-






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users