Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by DOM (administrator) on DOM-PC (15-04-2016 11:19:32)
Running from C:\Users\DOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0PQ2UNL
Loaded Profiles: DOM (Available Profiles: DOM)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Farbar) C:\Users\DOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0PQ2UNL\FRST64[1].exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{006ED718-483E-48E4-B110-2E797EFC39E0}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-15 14:32 - 2016-04-15 10:39 - 00000000 ____D C:\Windows\Panther
2016-04-15 13:36 - 2016-04-15 13:36 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-15 13:36 - 2016-04-15 13:36 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-15 13:34 - 2016-04-15 13:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-04-15 11:19 - 2016-04-15 11:19 - 00000000 ____D C:\FRST
2016-04-15 11:02 - 2016-04-15 11:02 - 00000000 ____D C:\Users\DOM\AppData\Local\ElevatedDiagnostics
2016-04-15 10:50 - 2016-04-15 10:50 - 00057560 _____ C:\Users\DOM\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-15 10:50 - 2016-04-15 10:50 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-04-15 10:50 - 2016-04-15 10:50 - 00001945 _____ C:\Windows\epplauncher.mif
2016-04-15 10:50 - 2016-04-15 10:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-04-15 10:49 - 2016-04-15 10:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-04-15 10:40 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-15 10:40 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-04-15 10:40 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-04-15 10:40 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-04-15 10:40 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-04-15 10:40 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-04-15 10:40 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-04-15 10:40 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-04-15 10:39 - 2016-04-15 10:39 - 00001447 _____ C:\Users\DOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-15 10:39 - 2016-04-15 10:39 - 00001413 _____ C:\Users\DOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-15 10:39 - 2016-04-15 10:39 - 00000020 ___SH C:\Users\DOM\ntuser.ini
2016-04-15 10:39 - 2016-04-15 10:39 - 00000000 _SHDL C:\Users\DOM\My Documents
2016-04-15 10:39 - 2016-04-15 10:39 - 00000000 _SHDL C:\Users\DOM\Documents\My Videos
2016-04-15 10:39 - 2016-04-15 10:39 - 00000000 _SHDL C:\Users\DOM\Documents\My Pictures
2016-04-15 10:39 - 2016-04-15 10:39 - 00000000 _SHDL C:\Users\DOM\Documents\My Music
2016-04-15 10:39 - 2016-04-15 10:39 - 00000000 ____D C:\Users\DOM\AppData\Local\VirtualStore
2016-04-15 10:39 - 2016-04-15 10:39 - 00000000 ____D C:\Users\DOM
2016-04-15 10:39 - 2011-04-12 04:28 - 00000000 ____D C:\Users\DOM\AppData\Roaming\Media Center Programs
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-15 14:32 - 2009-07-14 01:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-04-15 13:38 - 2009-07-14 00:45 - 00019472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-15 13:38 - 2009-07-14 00:45 - 00019472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-15 13:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-15 13:37 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-15 13:37 - 2009-07-14 00:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-15 13:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-04-15 13:33 - 2011-04-12 04:28 - 00000000 ____D C:\Windows\CSC
2016-04-15 10:42 - 2009-07-14 01:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-15 10:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-15 10:40 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-15 13:33
==================== End of FRST.txt ============================