Jump to content

Help! My computer has been infected for a while


Recommended Posts

Hi,

My computer has been infected for a while and I would appreciate any help to clean my computer. I first noticed my computer would freeze while I was browsing but I payed little attention to that. Then windows gave me an error saying that my firewall was disable when it was active(I use Online Armor which I've recently learning is being discontinued, so if you could suggest another alternative that would be greatly appreciated) Then my credit card number got stolen after I purchased something online, and around the same time my Malwarebytes blocked scvhost.exe from accessing a known malicious ip address. (I have more info on if you need it) Finally my computer would crash and blue screen. I remember one of the errors being Kernal Data Inpage Error

I did some research and was gonna clean my computer myself but my brother suggested I get some professional help to thoroughly clean my computer.

Thanks,

Jason

FRST.txt and Addition.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Jason (administrator) on JASON-HP (03-07-2016 00:40:27)
Running from C:\Users\Jason\Desktop
Loaded Profiles: Jason (Available Profiles: Jason)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oacat.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\OAReg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-08] (Synaptics Incorporated)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [763520 2012-08-07] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-07] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-05-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-76062669-3076684589-4186873554-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-76062669-3076684589-4186873554-1001\...\MountPoints2: {7aa49ea0-b66c-11e5-9cd3-48d2249cacb1} - D:\laucher.exe
HKU\S-1-5-21-76062669-3076684589-4186873554-1001\...\MountPoints2: {fc779675-9e4e-11e5-9aeb-48d2249cacb1} - D:\EMP_UDSe.exe /autorun
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2F0431EB-3830-4B24-B6CE-BA86BAB74E7D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-76062669-3076684589-4186873554-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM13/1
HKU\S-1-5-21-76062669-3076684589-4186873554-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPCOM13/1
HKU\S-1-5-21-76062669-3076684589-4186873554-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM13/1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-07] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-21] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-14] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\406xgkms.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-14] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2014-03-29] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2014-03-29] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: YouTube Video and Audio Downloader - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\406xgkms.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2016-06-02]
FF Extension: Adblock Plus - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\406xgkms.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-08-21] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211072 2012-08-07] (Qualcomm Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-21] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc)
S2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-07] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-19] (Advanced Micro Devices, Inc.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-07] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-03] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-21] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-21] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R1 OADevice; C:\windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()
S1 oahlpXX; C:\windows\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()
R1 OAmon; C:\windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 EMP_MIRRUD; system32\DRIVERS\EMP_MirrUD.sys [X]
S3 eppvad_simple; system32\drivers\EMP_UDAU.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 00:40 - 2016-07-03 00:41 - 00019878 _____ C:\Users\Jason\Desktop\FRST.txt
2016-07-03 00:37 - 2016-07-03 00:40 - 00000000 ____D C:\FRST
2016-07-03 00:36 - 2016-07-03 00:36 - 02390016 _____ (Farbar) C:\Users\Jason\Desktop\FRST64.exe
2016-06-17 16:38 - 2016-06-17 16:38 - 07311537 _____ C:\Users\Jason\Downloads\8B476E5D441EC85FA132A5C0F789F719.pdf
2016-06-16 23:40 - 2016-06-16 23:40 - 00000000 __SHD C:\found.000
2016-06-16 17:40 - 2016-05-23 19:37 - 00394960 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-06-16 17:40 - 2016-05-23 18:54 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-06-16 17:40 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-06-16 17:40 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-06-16 17:40 - 2016-05-20 18:27 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-06-16 17:40 - 2016-05-20 18:27 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-06-16 17:40 - 2016-05-20 18:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-06-16 17:40 - 2016-05-20 18:10 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-06-16 17:40 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-06-16 17:40 - 2016-05-20 18:09 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-06-16 17:40 - 2016-05-20 18:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-06-16 17:40 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-06-16 17:40 - 2016-05-20 18:08 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-06-16 17:40 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-06-16 17:40 - 2016-05-20 18:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-06-16 17:40 - 2016-05-20 17:59 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-06-16 17:40 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-06-16 17:40 - 2016-05-20 17:57 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-06-16 17:40 - 2016-05-20 17:57 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-06-16 17:40 - 2016-05-20 17:56 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-06-16 17:40 - 2016-05-20 17:56 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-06-16 17:40 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-06-16 17:40 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-06-16 17:40 - 2016-05-20 17:54 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-06-16 17:40 - 2016-05-20 17:54 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-06-16 17:40 - 2016-05-20 17:54 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-06-16 17:40 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-06-16 17:40 - 2016-05-20 17:49 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-06-16 17:40 - 2016-05-20 17:48 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-06-16 17:40 - 2016-05-20 17:45 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-06-16 17:40 - 2016-05-20 17:45 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-06-16 17:40 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-06-16 17:40 - 2016-05-20 17:44 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-06-16 17:40 - 2016-05-20 17:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-06-16 17:40 - 2016-05-20 17:41 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-06-16 17:40 - 2016-05-20 17:33 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-06-16 17:40 - 2016-05-20 17:33 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-06-16 17:40 - 2016-05-20 17:32 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-06-16 17:40 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-06-16 17:40 - 2016-05-20 17:28 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-06-16 17:40 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-06-16 17:40 - 2016-05-20 17:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-16 17:40 - 2016-05-20 17:26 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-06-16 17:40 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-06-16 17:40 - 2016-05-20 17:23 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-06-16 17:40 - 2016-05-20 17:23 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-06-16 17:40 - 2016-05-20 17:22 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-06-16 17:40 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-06-16 17:40 - 2016-05-20 17:19 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-06-16 17:40 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-06-16 17:40 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-06-16 17:40 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-06-16 17:40 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-06-16 17:40 - 2016-05-20 17:09 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-06-16 17:40 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-06-16 17:40 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-06-16 17:40 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-06-16 17:40 - 2016-05-20 17:07 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-06-16 17:40 - 2016-05-20 17:07 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-06-16 17:40 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-06-16 17:40 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-06-16 17:40 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-06-16 17:40 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-06-16 17:40 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-06-16 17:40 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-06-16 17:40 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-06-16 17:40 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-06-16 17:40 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-06-16 17:40 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-06-16 17:40 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-06-16 17:40 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-06-16 17:40 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-06-16 17:40 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-06-16 17:40 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-06-16 17:40 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-06-16 17:40 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-06-16 17:40 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-06-16 17:40 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-16 17:40 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-06-16 17:40 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-06-16 17:40 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-06-16 17:40 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-06-16 17:40 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-06-16 17:40 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-06-16 17:40 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00793088 _____ (Microsoft Corporation) C:\windows\system32\gpprefcl.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-06-16 17:40 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\gpscript.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00591872 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpprefcl.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-06-16 17:40 - 2016-05-12 11:06 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\gpscript.exe
2016-06-16 17:40 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-06-16 17:40 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-06-16 17:40 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-06-16 17:40 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-06-16 17:40 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-06-16 17:40 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-06-16 17:40 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-06-16 17:40 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-06-16 17:40 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpscript.dll
2016-06-16 17:40 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-06-16 17:40 - 2016-05-12 10:57 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpscript.exe
2016-06-16 17:40 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-06-16 17:40 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-06-16 17:40 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-06-16 17:40 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-06-16 17:40 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-06-16 17:40 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-06-16 17:40 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-06-16 17:40 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-06-16 17:40 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-06-16 17:40 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-06-16 17:40 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-06-16 17:40 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-06-16 17:40 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-06-16 17:40 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-06-16 17:40 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-06-16 17:40 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-06-14 22:17 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-06-12 23:00 - 2016-06-12 23:00 - 00983296 _____ C:\windows\Minidump\061216-18205-01.dmp
2016-06-03 16:29 - 2016-06-03 16:29 - 00280040 _____ C:\windows\Minidump\060316-22885-01.dmp
2016-06-03 16:28 - 2016-06-03 16:28 - 00010248 ____N C:\bootsqm.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 00:39 - 2015-10-14 21:58 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-03 00:37 - 2015-10-14 21:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-03 00:32 - 2013-11-26 21:12 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-03 00:22 - 2013-11-26 19:50 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{50EA6181-FD45-40BF-8BA5-4EDB44817D84}
2016-07-03 00:21 - 2013-11-26 21:12 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-03 00:20 - 2009-07-14 00:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-03 00:20 - 2009-07-14 00:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-03 00:18 - 2013-04-17 04:23 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-07-03 00:15 - 2015-06-10 22:53 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-03 00:15 - 2013-04-17 04:22 - 00000000 ____D C:\ProgramData\PDFC
2016-07-03 00:13 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-06-18 09:30 - 2016-03-26 12:38 - 02202274 _____ C:\windows\ntbtlog.txt
2016-06-18 00:14 - 2014-12-13 23:52 - 00004601 _____ C:\Users\Jason\Desktop\Current Viewing.txt
2016-06-17 22:56 - 2014-10-30 22:21 - 00000000 ____D C:\Users\Jason\AppData\Local\Battle.net
2016-06-17 22:35 - 2013-11-26 21:13 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 22:35 - 2013-11-26 21:13 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 22:25 - 2014-10-30 22:20 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-17 16:46 - 2016-05-29 23:32 - 00000663 _____ C:\Users\Jason\Desktop\China To-do List.txt
2016-06-17 03:18 - 2013-04-17 04:23 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 03:18 - 2013-04-17 04:23 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-17 03:18 - 2013-04-17 04:23 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-06-17 03:11 - 2009-07-14 00:45 - 00442128 _____ C:\windows\system32\FNTCACHE.DAT
2016-06-17 03:06 - 2013-11-28 02:09 - 00000000 ____D C:\windows\system32\MRT
2016-06-17 03:03 - 2013-11-28 02:09 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-06-16 23:28 - 2015-09-10 23:40 - 00000000 ____D C:\Users\Guest
2016-06-16 17:20 - 2016-05-05 13:33 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-06-16 16:24 - 2009-07-14 01:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-16 16:24 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-06-16 01:27 - 2015-04-30 22:54 - 00015250 _____ C:\Users\Jason\Desktop\Grooveshark playlist backups.txt
2016-06-16 00:32 - 2013-11-26 19:51 - 00000000 ____D C:\Users\Jason\Documents\Bluetooth Folder
2016-06-15 21:56 - 2016-06-01 19:26 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-15 19:31 - 2013-11-26 19:47 - 00000000 ____D C:\Users\Jason
2016-06-15 19:31 - 2009-07-13 23:20 - 00000000 ____D C:\windows\servicing
2016-06-15 19:31 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2016-06-15 19:31 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-15 16:40 - 2010-11-20 23:27 - 00484008 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-06-14 16:07 - 2013-11-27 15:55 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-06-13 00:41 - 2015-07-11 23:01 - 00000000 ____D C:\Users\Jason\Desktop\iPhone Photo Dump
2016-06-13 00:37 - 2015-03-05 20:05 - 00000000 ____D C:\Users\Jason\Desktop\HS
2016-06-12 23:00 - 2015-07-14 23:42 - 703820960 _____ C:\windows\MEMORY.DMP
2016-06-12 23:00 - 2015-07-14 23:42 - 00000000 ____D C:\windows\Minidump
2016-06-11 09:05 - 2016-05-06 05:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-11 09:05 - 2013-11-26 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-11 00:26 - 2013-11-28 02:09 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Skype
2016-06-10 22:42 - 2016-06-01 18:08 - 00001478 _____ C:\Users\Jason\Desktop\Comp Reboot Temp.txt
2016-06-07 18:11 - 2016-03-03 03:48 - 00004733 _____ C:\Users\Jason\Desktop\List of Chinese Phrases.txt
2016-06-07 13:50 - 2015-04-15 18:51 - 00002728 _____ C:\Users\Jason\Desktop\Misc.txt
2016-06-04 09:27 - 2014-09-13 09:39 - 00000426 _____ C:\windows\BRWMARK.INI
2016-06-04 00:07 - 2016-05-05 14:25 - 00001114 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-06-03 09:18 - 2015-09-04 01:37 - 00012446 _____ C:\Users\Jason\Desktop\blog entry brainstorm.txt

==================== Files in the root of some directories =======

2013-12-08 22:59 - 2015-12-05 04:17 - 0007597 _____ () C:\Users\Jason\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe
C:\Users\Jason\AppData\Local\Temp\playstv_patch.exe
C:\Users\Jason\AppData\Local\Temp\raptrpatch.exe
C:\Users\Jason\AppData\Local\Temp\raptr_stub.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-11 04:13

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Jason (2016-07-03 00:41:24)
Running from C:\Users\Jason\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-11-26 23:47:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-76062669-3076684589-4186873554-500 - Administrator - Disabled)
Guest (S-1-5-21-76062669-3076684589-4186873554-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-76062669-3076684589-4186873554-1003 - Limited - Enabled)
Jason (S-1-5-21-76062669-3076684589-4186873554-1001 - Administrator - Enabled) => C:\Users\Jason

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2321 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2531 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.5101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.1.3423 - CyberLink Corp.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.2.4549 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.2.4549 - Hewlett-Packard Company) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{F5AEB2E2-F856-448F-8C32-46CA5C6149FE}) (Version: 4.5.27.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.11.2 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Online Armor 7.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.2-6 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {22DB1544-2C72-4D13-BA2A-C1F71C98CAD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-14] (Microsoft Corporation)
Task: {25DECAB6-E0F1-4647-B935-7A45275A2902} - System32\Tasks\{3576B8E1-5611-4E2A-833D-421E940FD482} => Firefox.exe hxxp://ui.skype.com/ui/0/7.15.0.103/en/abandoninstall?page=tsProgressBar
Task: {459530B2-D5B1-4315-A8A7-766C53797D28} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {464B8495-79A7-495C-BD2B-0494D9E6B543} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-22] (Microsoft Corporation)
Task: {7B4A9FFF-1CD2-44B7-BC75-269C7C1F8DB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8EFED401-8279-4054-9A94-59A2C27A2C04} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A0B12894-16C1-4C49-B547-3A6970079AD1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {B09E55F8-A7CD-4606-859E-A93BFCD8F4E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-14] (Microsoft Corporation)
Task: {C128E346-A44D-4133-83A3-387BD3E02F87} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()
Task: {C81C39FC-9FD3-4B5C-BC4B-87E436667CAA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {E0A396ED-F47E-472E-9697-9288CD6D714E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {F8B52D1B-9796-4EC0-B814-86A320C3FEEC} - System32\Tasks\{7C167182-4019-4012-80BF-0F8802D884F1} => Firefox.exe hxxp://ui.skype.com/ui/0/7.17.0.105/en/abandoninstall?page=tsMain

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-01-17 19:57 - 2012-01-17 19:57 - 00298368 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-03-21 19:14 - 2012-03-21 19:14 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-09-06 16:18 - 2010-09-06 16:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-03-21 18:34 - 2012-03-21 18:34 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2015-10-14 22:23 - 2015-10-14 22:23 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-07 21:15 - 2012-08-07 21:15 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-03-26 08:33 - 2012-03-26 08:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-21 18:36 - 2012-03-21 18:36 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2013-08-21 15:55 - 2012-03-28 13:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2015-10-14 21:33 - 2016-04-19 19:26 - 00114888 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-03-21 19:00 - 2012-03-21 19:00 - 02846720 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-03-21 18:34 - 2012-03-21 18:34 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-03-21 18:59 - 2012-03-21 18:59 - 03002368 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2012-03-21 19:04 - 2012-03-21 19:04 - 02850816 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-03-21 19:02 - 2012-03-21 19:02 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-03-21 18:38 - 2012-03-21 18:38 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-03-21 18:39 - 2012-03-21 18:39 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2015-10-14 22:32 - 2015-10-14 22:32 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-05-11 03:50 - 2016-05-11 03:50 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9494e643d25019b25b5cf70f2ffc0778\IsdiInterop.ni.dll
2013-04-17 04:05 - 2012-02-01 21:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-08-21 15:55 - 2012-03-28 13:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-06-17 22:35 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 22:35 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-76062669-3076684589-4186873554-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-76062669-3076684589-4186873554-1001\...\aeriagames.com -> hxxp://aeriagames.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-02-09 18:41 - 00000822 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-76062669-3076684589-4186873554-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Jason\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HPPowerAssistant => C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: RemoteControl10 => "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{18A70099-597E-4889-84EB-8F5F838A2242}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Btvstack.exe
FirewallRules: [{082C40CB-9C3D-49C4-98A6-1DE0E8688F76}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
FirewallRules: [{8F6D0CD1-47BD-4096-8DB3-F3306194C315}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
FirewallRules: [{690D78F1-77C1-4E26-998E-8207EE1F845B}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{E6187A93-C28F-4135-A45C-3283AF1AFCCC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DAC11778-0B08-4E11-A7A8-A0C730E8907A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5C3C1A4C-1FC5-4B9F-8595-375B60C4291D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{34C193B0-D9C3-4AC4-BD3B-8893202E5FB1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB08828B-98F4-415F-9716-E3A672012ED5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7490436C-0BD7-46BB-8E0E-462E66FBB311}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E071E0AC-9177-42BD-A75E-1C1865F6A87F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{63C2EB9E-A15F-4E52-AE44-1CBCFED6CFD8}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{6454EA92-5BCD-4822-9938-EAEB8B805A81}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{D831EA0A-882D-47C1-BFD0-A03CFB02FDED}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{429005E0-C7C9-40F8-A0CC-E56FFFDD461A}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{9B3C3D37-3184-4F1E-A0F8-FB266D99E902}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{DE08DB6F-9A9E-4A7A-9233-3C5FC3E8A4E5}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [TCP Query User{042BE7A6-AA87-4D9F-8C30-B6D26F62DCBE}C:\users\jason\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\jason\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E014A562-3FC3-4CB3-91C2-6E6CEC103A77}C:\users\jason\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\jason\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{1CB3C6A7-6B7A-4412-812F-4684F64F6435}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{6F7A3900-9285-4E47-9250-6B5FB9CC281B}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{ED8D6150-F5EB-4D37-98D6-AA813AEF627A}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{B7C57447-C651-40F6-ABB7-003560036CFD}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{CEFFB77C-176A-4416-993B-E7CE037420D2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{8F4C359A-05F7-4301-9435-68BDD0AC487A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{0CFED699-C554-41EB-970D-314D8FDA9F02}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{5BF040E1-F5D1-484F-A5C7-7241C4B42DCE}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{AFB96B08-9EA1-4E84-8206-55DF1D1FA220}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81596B3F-52C7-458F-94CE-077E9A1205CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7BD288B5-9A85-4D98-B6E5-B7D74FC076A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{0638933A-1A64-425C-BF4D-FB3497BAA887}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [TCP Query User{9898AF8B-0558-4C17-B522-E1F440204AD0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{14223881-9C74-47A5-A63B-35BA2BFB550B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7E193113-89E8-46B3-992B-4421B782AC67}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{E9249863-1583-4985-B2FF-E98540E6EDC5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{62F48F99-08EC-4EED-ADD4-DF6B01D44148}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{5116C127-077B-4BE2-AE3E-9679FA60F8AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7367326E-CA62-4865-B1BB-891FD5AE27F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4308240E-A9A6-4012-B8E8-F7467928B5C4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9DD5C897-EE49-4F7A-87FF-D27A299972D5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1F72D749-B074-4046-955C-B3C9915A1E71}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{44D8724C-3B3C-436D-92FF-9C2EE805EE70}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8AD1C00A-0B91-429A-9952-3B4FD87E9783}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1CD921BC-EF1F-450D-AC57-C4FB48957DBE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{25F9DFD0-37FA-4F8D-990E-75F7BF2F9D33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6F9F985F-00A4-453A-BC5E-C537707AFB02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{80685072-22BB-4E75-96CF-3EEB0B8F7E06}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{47408918-4933-44EB-A1C5-B58575CB22CB}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B1838DB8-F9D4-4F59-A0EA-CD963A9F8197}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{403E6554-AEA7-4E7F-AFE7-6DDC0D5CC16B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{3494CC75-5701-44CC-BC92-63D0FB8F8C96}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{D51B7E69-E1D1-485A-A11E-E2E87077988A}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{C131341F-D27C-4445-81AF-1E5E7F510EA6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-06-2016 02:21:10 Windows Update
17-06-2016 03:00:13 Windows Update
03-07-2016 00:16:21 Windows Update

==================== Faulty Device Manager Devices =============

Name: Validity Sensor
Description: Validity Sensor (VFS491)
Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}
Manufacturer: Validity Sensors, Inc.
Service: WinUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2016 12:39:54 AM) (Source: MsiInstaller) (EventID: 11406) (User: NT AUTHORITY)
Description: Product: Office 15 Click-to-Run Extensibility Component -- Error 1406. Could not write value Class to key \Software\Classes\CLSID\{08F6C811-3CFD-11D1-98BC-006008197D41}\InprocServer32\15.0.0.0.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (06/18/2016 12:28:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9173

Error: (06/18/2016 12:28:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9173

Error: (06/18/2016 12:28:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/18/2016 12:28:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8159

Error: (06/18/2016 12:28:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8159

Error: (06/18/2016 12:28:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/18/2016 12:28:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7145

Error: (06/18/2016 12:28:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7145

Error: (06/18/2016 12:28:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/03/2016 12:19:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.290.0).

Error: (07/03/2016 12:18:51 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.223.1809.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/03/2016 12:18:50 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version: 1.225.290.0

    Previous Signature Version: 1.223.1809.0

    Update Source: %NT AUTHORITY15

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/03/2016 12:18:50 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version: 1.225.290.0

    Previous Signature Version: 1.223.1809.0

    Update Source: %NT AUTHORITY15

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/03/2016 12:16:58 AM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (07/03/2016 12:16:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Power Assistant Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/03/2016 12:13:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Offline Files service terminated with the following error:
%%3 = The system cannot find the path specified.


Error: (06/18/2016 09:58:53 AM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (06/18/2016 09:58:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Power Assistant Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/18/2016 09:56:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Offline Files service terminated with the following error:
%%3 = The system cannot find the path specified.

 

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 37%
Total physical RAM: 8071.49 MB
Available physical RAM: 5055.46 MB
Total Virtual: 16141.16 MB
Available Virtual: 12988.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:676.9 GB) (Free:537.73 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:19.44 GB) (Free:2.98 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: CF4DBAC4)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hello and :welcome:

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition.txt option is checked. option is checked.

    2873ryc.png

  • Press Scan button and wait.

  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please attach report into your next reply.

Link to post
Share on other sites

Sorry for the delay,

I didn't expect such a quick response! I forgot to mention last time that I ran scans from malwarebytes and Microsoft security essentials and they both came up clean. Even after I knew I was infected.

Anyways here's the reports

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Jason (administrator) on JASON-HP (05-07-2016 16:19:35)
Running from C:\Users\Jason\Desktop
Loaded Profiles: Jason (Available Profiles: Jason)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oacat.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-08] (Synaptics Incorporated)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [763520 2012-08-07] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-07] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files (x86)\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-27] (Intel Corporation)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [HPConnectionManager] => c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-05-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-76062669-3076684589-4186873554-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-76062669-3076684589-4186873554-1001\...\MountPoints2: {7aa49ea0-b66c-11e5-9cd3-48d2249cacb1} - D:\laucher.exe
HKU\S-1-5-21-76062669-3076684589-4186873554-1001\...\MountPoints2: {fc779675-9e4e-11e5-9aeb-48d2249cacb1} - D:\EMP_UDSe.exe /autorun
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2F0431EB-3830-4B24-B6CE-BA86BAB74E7D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-76062669-3076684589-4186873554-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM13/1
HKU\S-1-5-21-76062669-3076684589-4186873554-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPCOM13/1
HKU\S-1-5-21-76062669-3076684589-4186873554-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM13/1
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-07] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2012-03-21] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-14] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\406xgkms.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-17] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-10-14] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2014-03-29] (Tencent)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2014-03-29] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: YouTube Video and Audio Downloader - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\406xgkms.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2016-06-02]
FF Extension: Adblock Plus - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\406xgkms.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-08-21] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-12]
CHR Extension: (Adblock Plus) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211072 2012-08-07] (Qualcomm Atheros Commnucations) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009776 2016-05-27] (Microsoft Corporation)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-03-15] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-03-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144 2012-03-28] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-03-21] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-03-07] (PDF Complete Inc)
S2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-07] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [32896 2012-03-19] (Advanced Micro Devices, Inc.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-08-07] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-07-03] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [93640 2012-03-21] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158792 2012-03-21] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R1 OADevice; C:\windows\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()
S1 oahlpXX; C:\windows\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()
R1 OAmon; C:\windows\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)
R3 OAnet; C:\Windows\System32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 EMP_MIRRUD; system32\DRIVERS\EMP_MirrUD.sys [X]
S3 eppvad_simple; system32\drivers\EMP_UDAU.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 00:41 - 2016-07-03 00:41 - 00037371 _____ C:\Users\Jason\Desktop\Addition.txt
2016-07-03 00:40 - 2016-07-05 16:19 - 00019602 _____ C:\Users\Jason\Desktop\FRST.txt
2016-07-03 00:37 - 2016-07-05 16:19 - 00000000 ____D C:\FRST
2016-07-03 00:36 - 2016-07-03 00:36 - 02390016 _____ (Farbar) C:\Users\Jason\Desktop\FRST64.exe
2016-06-17 16:38 - 2016-06-17 16:38 - 07311537 _____ C:\Users\Jason\Downloads\8B476E5D441EC85FA132A5C0F789F719.pdf
2016-06-16 23:40 - 2016-06-16 23:40 - 00000000 __SHD C:\found.000
2016-06-16 17:40 - 2016-05-23 19:37 - 00394960 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-06-16 17:40 - 2016-05-23 18:54 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-06-16 17:40 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-06-16 17:40 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-06-16 17:40 - 2016-05-20 18:27 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-06-16 17:40 - 2016-05-20 18:27 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-06-16 17:40 - 2016-05-20 18:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-06-16 17:40 - 2016-05-20 18:10 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-06-16 17:40 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-06-16 17:40 - 2016-05-20 18:09 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-06-16 17:40 - 2016-05-20 18:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-06-16 17:40 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-06-16 17:40 - 2016-05-20 18:08 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-06-16 17:40 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-06-16 17:40 - 2016-05-20 18:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-06-16 17:40 - 2016-05-20 17:59 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-06-16 17:40 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-06-16 17:40 - 2016-05-20 17:57 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-06-16 17:40 - 2016-05-20 17:57 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-06-16 17:40 - 2016-05-20 17:56 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-06-16 17:40 - 2016-05-20 17:56 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-06-16 17:40 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-06-16 17:40 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-06-16 17:40 - 2016-05-20 17:54 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-06-16 17:40 - 2016-05-20 17:54 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-06-16 17:40 - 2016-05-20 17:54 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-06-16 17:40 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-06-16 17:40 - 2016-05-20 17:49 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-06-16 17:40 - 2016-05-20 17:48 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-06-16 17:40 - 2016-05-20 17:45 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-06-16 17:40 - 2016-05-20 17:45 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-06-16 17:40 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-06-16 17:40 - 2016-05-20 17:44 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-06-16 17:40 - 2016-05-20 17:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-06-16 17:40 - 2016-05-20 17:41 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-06-16 17:40 - 2016-05-20 17:33 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-06-16 17:40 - 2016-05-20 17:33 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-06-16 17:40 - 2016-05-20 17:32 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-06-16 17:40 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-06-16 17:40 - 2016-05-20 17:28 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-06-16 17:40 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-06-16 17:40 - 2016-05-20 17:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-16 17:40 - 2016-05-20 17:26 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-06-16 17:40 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-06-16 17:40 - 2016-05-20 17:23 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-06-16 17:40 - 2016-05-20 17:23 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-06-16 17:40 - 2016-05-20 17:22 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-06-16 17:40 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-06-16 17:40 - 2016-05-20 17:19 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-06-16 17:40 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-06-16 17:40 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-06-16 17:40 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-06-16 17:40 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-06-16 17:40 - 2016-05-20 17:09 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-06-16 17:40 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-06-16 17:40 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-06-16 17:40 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-06-16 17:40 - 2016-05-20 17:07 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-06-16 17:40 - 2016-05-20 17:07 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-06-16 17:40 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-06-16 17:40 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-06-16 17:40 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-06-16 17:40 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-06-16 17:40 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-06-16 17:40 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-06-16 17:40 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-06-16 17:40 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-06-16 17:40 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-06-16 17:40 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-06-16 17:40 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-06-16 17:40 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-06-16 17:40 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-06-16 17:40 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-06-16 17:40 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-06-16 17:40 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-06-16 17:40 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-06-16 17:40 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-06-16 17:40 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-16 17:40 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-06-16 17:40 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-06-16 17:40 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-06-16 17:40 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-06-16 17:40 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-06-16 17:40 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-06-16 17:40 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00793088 _____ (Microsoft Corporation) C:\windows\system32\gpprefcl.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-06-16 17:40 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\gpscript.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-06-16 17:40 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00591872 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpprefcl.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-06-16 17:40 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-06-16 17:40 - 2016-05-12 11:06 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\gpscript.exe
2016-06-16 17:40 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-06-16 17:40 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-06-16 17:40 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-06-16 17:40 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-06-16 17:40 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-06-16 17:40 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-06-16 17:40 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-06-16 17:40 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-06-16 17:40 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpscript.dll
2016-06-16 17:40 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-06-16 17:40 - 2016-05-12 10:57 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpscript.exe
2016-06-16 17:40 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-06-16 17:40 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-06-16 17:40 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-06-16 17:40 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-06-16 17:40 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-06-16 17:40 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-06-16 17:40 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-06-16 17:40 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-06-16 17:40 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-06-16 17:40 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-06-16 17:40 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-06-16 17:40 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-06-16 17:40 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-06-16 17:40 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-06-16 17:40 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-06-16 17:40 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-06-14 22:17 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-06-12 23:00 - 2016-06-12 23:00 - 00983296 _____ C:\windows\Minidump\061216-18205-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-05 16:18 - 2016-03-03 03:48 - 00005075 _____ C:\Users\Jason\Desktop\List of Chinese Phrases.txt
2016-07-05 16:18 - 2013-04-17 04:23 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-07-05 16:12 - 2015-04-30 22:54 - 00015397 _____ C:\Users\Jason\Desktop\Grooveshark playlist backups.txt
2016-07-05 16:08 - 2014-07-07 18:14 - 00001537 _____ C:\Users\Jason\Desktop\untitled.txt
2016-07-05 15:32 - 2013-11-26 21:12 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-05 01:44 - 2013-11-26 19:50 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{50EA6181-FD45-40BF-8BA5-4EDB44817D84}
2016-07-04 19:32 - 2013-11-26 21:12 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-03 03:01 - 2015-03-01 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-03 03:00 - 2015-06-10 22:53 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-03 03:00 - 2015-03-01 18:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-03 03:00 - 2015-03-01 18:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-03 01:15 - 2013-04-17 04:22 - 00000000 ____D C:\ProgramData\PDFC
2016-07-03 00:39 - 2015-10-14 21:58 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-03 00:37 - 2015-10-14 21:33 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-03 00:20 - 2009-07-14 00:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-03 00:20 - 2009-07-14 00:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-03 00:13 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-06-18 09:30 - 2016-03-26 12:38 - 02202274 _____ C:\windows\ntbtlog.txt
2016-06-18 00:14 - 2014-12-13 23:52 - 00004601 _____ C:\Users\Jason\Desktop\Current Viewing.txt
2016-06-17 22:56 - 2014-10-30 22:21 - 00000000 ____D C:\Users\Jason\AppData\Local\Battle.net
2016-06-17 22:35 - 2013-11-26 21:13 - 00002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 22:35 - 2013-11-26 21:13 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-17 22:25 - 2014-10-30 22:20 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-06-17 16:46 - 2016-05-29 23:32 - 00000663 _____ C:\Users\Jason\Desktop\China To-do List.txt
2016-06-17 03:18 - 2013-04-17 04:23 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-06-17 03:18 - 2013-04-17 04:23 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-17 03:18 - 2013-04-17 04:23 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-06-17 03:11 - 2009-07-14 00:45 - 00442128 _____ C:\windows\system32\FNTCACHE.DAT
2016-06-17 03:06 - 2013-11-28 02:09 - 00000000 ____D C:\windows\system32\MRT
2016-06-17 03:03 - 2013-11-28 02:09 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-06-16 23:28 - 2015-09-10 23:40 - 00000000 ____D C:\Users\Guest
2016-06-16 17:20 - 2016-05-05 13:33 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-06-16 16:24 - 2009-07-14 01:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-16 16:24 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-06-16 00:32 - 2013-11-26 19:51 - 00000000 ____D C:\Users\Jason\Documents\Bluetooth Folder
2016-06-15 21:56 - 2016-06-01 19:26 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-15 19:31 - 2013-11-26 19:47 - 00000000 ____D C:\Users\Jason
2016-06-15 19:31 - 2009-07-13 23:20 - 00000000 ____D C:\windows\servicing
2016-06-15 19:31 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2016-06-15 19:31 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-15 16:40 - 2010-11-20 23:27 - 00484008 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-06-14 16:07 - 2013-11-27 15:55 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-06-13 00:41 - 2015-07-11 23:01 - 00000000 ____D C:\Users\Jason\Desktop\iPhone Photo Dump
2016-06-13 00:37 - 2015-03-05 20:05 - 00000000 ____D C:\Users\Jason\Desktop\HS
2016-06-12 23:00 - 2015-07-14 23:42 - 703820960 _____ C:\windows\MEMORY.DMP
2016-06-12 23:00 - 2015-07-14 23:42 - 00000000 ____D C:\windows\Minidump
2016-06-11 09:05 - 2016-05-06 05:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-11 09:05 - 2013-11-26 20:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-11 00:26 - 2013-11-28 02:09 - 00000000 ____D C:\Users\Jason\AppData\Roaming\Skype
2016-06-10 22:42 - 2016-06-01 18:08 - 00001478 _____ C:\Users\Jason\Desktop\Comp Reboot Temp.txt
2016-06-07 13:50 - 2015-04-15 18:51 - 00002728 _____ C:\Users\Jason\Desktop\Misc.txt

==================== Files in the root of some directories =======

2013-12-08 22:59 - 2015-12-05 04:17 - 0007597 _____ () C:\Users\Jason\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Jason\AppData\Local\Temp\amd-catalyst-15.7.1-without-dotnet45-win7-64bit.exe
C:\Users\Jason\AppData\Local\Temp\playstv_patch.exe
C:\Users\Jason\AppData\Local\Temp\raptrpatch.exe
C:\Users\Jason\AppData\Local\Temp\raptr_stub.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-11 04:13

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Jason (2016-07-05 16:20:12)
Running from C:\Users\Jason\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-11-26 23:47:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-76062669-3076684589-4186873554-500 - Administrator - Disabled)
Guest (S-1-5-21-76062669-3076684589-4186873554-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-76062669-3076684589-4186873554-1003 - Limited - Enabled)
Jason (S-1-5-21-76062669-3076684589-4186873554-1001 - Administrator - Enabled) => C:\Users\Jason

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
FW: Online Armor Firewall (Disabled) {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.00 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.2106 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2321 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2531 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.5101 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.1.3423 - CyberLink Corp.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.28.30376 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.2.4549 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.2.4549 - Hewlett-Packard Company) Hidden
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.0.5 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{F5AEB2E2-F856-448F-8C32-46CA5C6149FE}) (Version: 4.5.27.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{A351CC1B-C92C-4F37-8109-9F6D33ACF5EF}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{6357258D-2BF9-49E7-A9EF-0C609D52C46D}) (Version: 2.0.6.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.11.2 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.0.1177 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{223AE3E8-4445-410F-8EDA-13EC137E3BDB}) (Version: 3.4.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{C4E9E8A4-EEC4-4F9E-B140-520A8B75F430}) (Version: 2.4.1.2 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.10.1464 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4833.1001 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Online Armor 7.0 (HKLM-x32\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.93 - PDF Complete, Inc)
Privacy Manager for HP ProtectTools (HKLM\...\{CA2F6FAD-D8CD-42C1-B04D-6E5B1B1CFDCC}) (Version: 7.0.0.865 - Hewlett-Packard Company)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.50.1123.2011 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Skype™ 7.24 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.24.104 - Skype Technologies S.A.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{93581599-ECF1-4DCD-BE36-BD969A6C8DB5}) (Version: 4.4.213.0 - Validity Sensors, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. )
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.2-6 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {22DB1544-2C72-4D13-BA2A-C1F71C98CAD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-14] (Microsoft Corporation)
Task: {25DECAB6-E0F1-4647-B935-7A45275A2902} - System32\Tasks\{3576B8E1-5611-4E2A-833D-421E940FD482} => Firefox.exe hxxp://ui.skype.com/ui/0/7.15.0.103/en/abandoninstall?page=tsProgressBar
Task: {459530B2-D5B1-4315-A8A7-766C53797D28} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {464B8495-79A7-495C-BD2B-0494D9E6B543} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-22] (Microsoft Corporation)
Task: {7B4A9FFF-1CD2-44B7-BC75-269C7C1F8DB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8EFED401-8279-4054-9A94-59A2C27A2C04} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {A0B12894-16C1-4C49-B547-3A6970079AD1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation)
Task: {B09E55F8-A7CD-4606-859E-A93BFCD8F4E4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-14] (Microsoft Corporation)
Task: {C128E346-A44D-4133-83A3-387BD3E02F87} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()
Task: {C81C39FC-9FD3-4B5C-BC4B-87E436667CAA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {E0A396ED-F47E-472E-9697-9288CD6D714E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-17] (Adobe Systems Incorporated)
Task: {F8B52D1B-9796-4EC0-B814-86A320C3FEEC} - System32\Tasks\{7C167182-4019-4012-80BF-0F8802D884F1} => Firefox.exe hxxp://ui.skype.com/ui/0/7.17.0.105/en/abandoninstall?page=tsMain

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2012-01-17 19:57 - 2012-01-17 19:57 - 00298368 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-03-21 19:14 - 2012-03-21 19:14 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2010-09-06 16:18 - 2010-09-06 16:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2012-03-21 18:34 - 2012-03-21 18:34 - 00141824 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface64.dll
2015-10-14 22:23 - 2015-10-14 22:23 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-07 21:15 - 2012-08-07 21:15 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-03-26 08:33 - 2012-03-26 08:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-21 18:36 - 2012-03-21 18:36 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2013-08-21 15:55 - 2012-03-28 13:38 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2015-10-14 21:33 - 2016-04-19 19:26 - 00114888 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-03-21 19:00 - 2012-03-21 19:00 - 02846720 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2012-03-21 18:34 - 2012-03-21 18:34 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2012-03-21 18:59 - 2012-03-21 18:59 - 03002368 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2012-03-21 19:04 - 2012-03-21 19:04 - 02850816 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2012-03-21 19:02 - 2012-03-21 19:02 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2012-03-21 18:38 - 2012-03-21 18:38 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2012-03-21 18:39 - 2012-03-21 18:39 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2015-10-14 22:32 - 2015-10-14 22:32 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-05-11 03:50 - 2016-05-11 03:50 - 00172544 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9494e643d25019b25b5cf70f2ffc0778\IsdiInterop.ni.dll
2013-04-17 04:05 - 2012-02-01 21:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-08-21 15:55 - 2012-03-28 13:18 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2016-06-17 22:35 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 22:35 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-76062669-3076684589-4186873554-1001\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-76062669-3076684589-4186873554-1001\...\aeriagames.com -> hxxp://aeriagames.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-02-09 18:41 - 00000822 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-76062669-3076684589-4186873554-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Jason\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HPPowerAssistant => C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: RemoteControl10 => "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: YouCam Mirage => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{18A70099-597E-4889-84EB-8F5F838A2242}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Btvstack.exe
FirewallRules: [{082C40CB-9C3D-49C4-98A6-1DE0E8688F76}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
FirewallRules: [{8F6D0CD1-47BD-4096-8DB3-F3306194C315}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
FirewallRules: [{690D78F1-77C1-4E26-998E-8207EE1F845B}] => (Allow) C:\Program Files (x86)\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{E6187A93-C28F-4135-A45C-3283AF1AFCCC}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{DAC11778-0B08-4E11-A7A8-A0C730E8907A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5C3C1A4C-1FC5-4B9F-8595-375B60C4291D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{34C193B0-D9C3-4AC4-BD3B-8893202E5FB1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EB08828B-98F4-415F-9716-E3A672012ED5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7490436C-0BD7-46BB-8E0E-462E66FBB311}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{E071E0AC-9177-42BD-A75E-1C1865F6A87F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{63C2EB9E-A15F-4E52-AE44-1CBCFED6CFD8}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{6454EA92-5BCD-4822-9938-EAEB8B805A81}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{D831EA0A-882D-47C1-BFD0-A03CFB02FDED}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{429005E0-C7C9-40F8-A0CC-E56FFFDD461A}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{9B3C3D37-3184-4F1E-A0F8-FB266D99E902}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [{DE08DB6F-9A9E-4A7A-9233-3C5FC3E8A4E5}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQDownload\119\Tencentdl.exe
FirewallRules: [TCP Query User{042BE7A6-AA87-4D9F-8C30-B6D26F62DCBE}C:\users\jason\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\jason\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E014A562-3FC3-4CB3-91C2-6E6CEC103A77}C:\users\jason\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\jason\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{1CB3C6A7-6B7A-4412-812F-4684F64F6435}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{6F7A3900-9285-4E47-9250-6B5FB9CC281B}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{ED8D6150-F5EB-4D37-98D6-AA813AEF627A}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{B7C57447-C651-40F6-ABB7-003560036CFD}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{CEFFB77C-176A-4416-993B-E7CE037420D2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{8F4C359A-05F7-4301-9435-68BDD0AC487A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{0CFED699-C554-41EB-970D-314D8FDA9F02}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{5BF040E1-F5D1-484F-A5C7-7241C4B42DCE}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{AFB96B08-9EA1-4E84-8206-55DF1D1FA220}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81596B3F-52C7-458F-94CE-077E9A1205CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7BD288B5-9A85-4D98-B6E5-B7D74FC076A5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{0638933A-1A64-425C-BF4D-FB3497BAA887}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [TCP Query User{9898AF8B-0558-4C17-B522-E1F440204AD0}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{14223881-9C74-47A5-A63B-35BA2BFB550B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7E193113-89E8-46B3-992B-4421B782AC67}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{E9249863-1583-4985-B2FF-E98540E6EDC5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{62F48F99-08EC-4EED-ADD4-DF6B01D44148}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{5116C127-077B-4BE2-AE3E-9679FA60F8AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7367326E-CA62-4865-B1BB-891FD5AE27F6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4308240E-A9A6-4012-B8E8-F7467928B5C4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9DD5C897-EE49-4F7A-87FF-D27A299972D5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{1F72D749-B074-4046-955C-B3C9915A1E71}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{44D8724C-3B3C-436D-92FF-9C2EE805EE70}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8AD1C00A-0B91-429A-9952-3B4FD87E9783}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1CD921BC-EF1F-450D-AC57-C4FB48957DBE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{25F9DFD0-37FA-4F8D-990E-75F7BF2F9D33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6F9F985F-00A4-453A-BC5E-C537707AFB02}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{80685072-22BB-4E75-96CF-3EEB0B8F7E06}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{47408918-4933-44EB-A1C5-B58575CB22CB}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B1838DB8-F9D4-4F59-A0EA-CD963A9F8197}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{403E6554-AEA7-4E7F-AFE7-6DDC0D5CC16B}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{3494CC75-5701-44CC-BC92-63D0FB8F8C96}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{D51B7E69-E1D1-485A-A11E-E2E87077988A}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{C131341F-D27C-4445-81AF-1E5E7F510EA6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-06-2016 02:21:10 Windows Update
17-06-2016 03:00:13 Windows Update
03-07-2016 00:16:21 Windows Update
03-07-2016 03:00:10 Windows Update

==================== Faulty Device Manager Devices =============

Name: Validity Sensor
Description: Validity Sensor (VFS491)
Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}
Manufacturer: Validity Sensors, Inc.
Service: WinUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2016 12:39:54 AM) (Source: MsiInstaller) (EventID: 11406) (User: NT AUTHORITY)
Description: Product: Office 15 Click-to-Run Extensibility Component -- Error 1406. Could not write value Class to key \Software\Classes\CLSID\{08F6C811-3CFD-11D1-98BC-006008197D41}\InprocServer32\15.0.0.0.  System error .  Verify that you have sufficient access to that key, or contact your support personnel.

Error: (06/18/2016 12:28:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9173

Error: (06/18/2016 12:28:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9173

Error: (06/18/2016 12:28:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/18/2016 12:28:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8159

Error: (06/18/2016 12:28:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8159

Error: (06/18/2016 12:28:03 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/18/2016 12:28:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7145

Error: (06/18/2016 12:28:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7145

Error: (06/18/2016 12:28:02 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/03/2016 12:19:10 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.225.290.0).

Error: (07/03/2016 12:18:51 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.223.1809.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/03/2016 12:18:50 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version: 1.225.290.0

    Previous Signature Version: 1.223.1809.0

    Update Source: %NT AUTHORITY15

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/03/2016 12:18:50 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version: 1.225.290.0

    Previous Signature Version: 1.223.1809.0

    Update Source: %NT AUTHORITY15

    Update Stage: 4.9.0218.00

    Source Path: 4.9.0218.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (07/03/2016 12:16:58 AM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (07/03/2016 12:16:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Power Assistant Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/03/2016 12:13:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Offline Files service terminated with the following error:
%%3 = The system cannot find the path specified.


Error: (06/18/2016 09:58:53 AM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (06/18/2016 09:58:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Power Assistant Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/18/2016 09:56:04 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Offline Files service terminated with the following error:
%%3 = The system cannot find the path specified.

 

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 49%
Total physical RAM: 8071.49 MB
Available physical RAM: 4089.19 MB
Total Virtual: 16141.16 MB
Available Virtual: 11899.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:676.9 GB) (Free:536.43 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:19.44 GB) (Free:2.98 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: CF4DBAC4)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=676.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End of Addition.txt ============================

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

It seems to be running better. Thank you!

But an unmovable and undeletable icon has shown up on my desktop called "homegroup". I have no recollection of anything related to it even though it seems to be windows related.

Also, How can I be sure that the keyloggers have been removed from my computer? I was considering running ESET Poweliks Cleaner and was wondering if there was any down side to running the program it just to be sure my computer is clean.

Link to post
Share on other sites

That's interesting since I'm still running on windows 7 but i removed it, thanks! Was it possible that my credit card info was stolen through homegroup? Or was it one of the things that was fixed through the Farbar fix program?

My credit card info was definitely stolen from this computer since I used it once to buy something online and then never used at all until the credit card company called. Since the scans didn't pick up anything I thought I had a deep rooted virus like a rookit virus or scvhost virus that stole my cc info.

Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.