Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help on removing !!!adsalert


  • This topic is locked This topic is locked
7 replies to this topic

#1 StevieG7

StevieG7

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 22 November 2015 - 08:18 PM

Hello, while I am browsing the internet on Mozilla Firefox, i continously get pop up ads from !!!adsalert. I have tried numerous things to get rid of this but I cant seem to get rid of it. When i searched how to get rid of it, alot of forums said go to the add ons section of the internet browser. The problem is that !!!adsalert does not come up, there is no option to uninstall or remove it. Also, i saw that it may be installed on my laptop, so i checked my programmes and you guessed it.. there is nothing there. i can find no trace of this exsisting on my laptop other than when the ads literally pop up on my computer. I have downloaded anti malwarebytes - anti malware and also Hitman pro and neither helped me. any suggestions or any advice would be greatly appreciated!
 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:51 AM

Posted 23 November 2015 - 06:07 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 StevieG7

StevieG7
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 24 November 2015 - 01:49 PM

Hello, Thanks for your reply and willingness to help me!

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-11-2015
Ran by Home (2015-11-24 18:44:35)
Running from C:\Users\Home\Downloads
Windows 10 Home (X64) (2015-07-29 12:44:50)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3429728116-2931924014-691865844-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-3429728116-2931924014-691865844-503 - Limited - Disabled)
Guest (S-1-5-21-3429728116-2931924014-691865844-501 - Limited - Disabled)
Home (S-1-5-21-3429728116-2931924014-691865844-1002 - Administrator - Enabled) => C:\Users\Home

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{7536C341-2F7D-EFE6-F521-DEBE68B025C5}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BitComet 1.37 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.37 - CometNetwork)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
EPSON XP-312 313 315 Series Printer Uninstall (HKLM\...\EPSON XP-312 313 315 Series) (Version:  - SEIKO EPSON Corporation)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Football Manager 2015 (HKLM-x32\...\Steam App 295270) (Version:  - Sports Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Documentation (HKLM-x32\...\{F29E3AA8-CF19-4452-92B7-F1FE31CD11C5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.39 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Inst5675 (Version: 8.01.39 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.39 - Softex Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee SafeKey(uninstall only) (HKLM-x32\...\SafeKey) (Version: 2.2.3 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-GB)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29082 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7564 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Soccer Manager 2016 (HKLM-x32\...\Steam App 407120) (Version:  - Soccer Manager Ltd)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.104 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3429728116-2931924014-691865844-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Home\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

11-11-2015 16:20:32 Windows Update
11-11-2015 16:21:30 Windows Update
14-11-2015 18:45:38 Windows Update
19-11-2015 15:01:30 Installed HP Support Assistant
23-11-2015 00:35:50 Checkpoint by HitmanPro

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2015-09-02 22:14 - 00000856 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1CC91420-26B7-4E82-B524-925175791C3A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2047767D-669E-4E88-8897-A508088EB04A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {26372AB5-EBA8-494A-9BFC-631574057ADB} - System32\Tasks\EPSON XP-312 313 315 Series Invitation {21EBFE0F-99C7-490E-8FE3-C0F4E0D1BE88} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE [2015-10-29] (SEIKO EPSON CORPORATION)
Task: {2F1EA895-D005-49F6-BDC0-F7DD0AB28523} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3D835342-19D1-4B35-A0B6-450260A94818} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {42213A4E-517A-4B6E-B3FA-6058B337B147} - System32\Tasks\Start SimplePass => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [2015-01-30] (Hewlett-Packard)
Task: {46803DFC-1082-49AA-9101-33D2D83CB278} - System32\Tasks\Start OPBHOBroker => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [2015-01-30] (Hewlett-Packard)
Task: {46EA5838-0590-40EE-A6C7-4AE0299A4E00} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {4F7F43EB-2CDA-4759-9845-42D5F5611638} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-14] (Microsoft Corporation)
Task: {5C4DCE1C-4CEF-4B23-B0FD-A7FAA6EAE698} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {61A764A4-17EC-455A-92BC-C6AF6953E6A5} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2015-02-11] (CyberLink Corp.)
Task: {6A1D5732-8070-4B04-8DBF-97445180DF50} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-24] (Hewlett-Packard)
Task: {74953BB9-7826-4151-9CDB-75929C12563B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7859B9E3-D20A-422D-842F-D2A77016755C} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3429728116-2931924014-691865844-1002
Task: {9B38A95B-1423-4D10-B358-7332397AC706} - System32\Tasks\Start OPBHOBrokerDesktop => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [2015-01-30] (Hewlett-Packard)
Task: {9D2C69D1-2121-4E91-8C1C-DE51C8720E61} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AF964080-AC95-4602-AABF-1CC36E5F2F57} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {AFCECC48-090E-40E0-8ED8-F8609CBBA725} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B107A873-2055-41E1-BEEC-6EC38C274A77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {B280F68C-A4BD-4233-B7A2-781F712FB730} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B30B75FC-AC13-4634-9E04-A7C65F90F6B9} - System32\Tasks\HPCeeScheduleForHome => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {BEBD45D5-77C5-4AEE-BF22-DB0183B98E52} - System32\Tasks\EPSON XP-312 313 315 Series Update {21EBFE0F-99C7-490E-8FE3-C0F4E0D1BE88} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE [2015-10-29] (SEIKO EPSON CORPORATION)
Task: {BF6067BE-88B5-4970-A55A-52924FB2336B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C12D8078-8115-4FC7-B342-18D9444A8550} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {C6A0A0B4-A38B-42C9-96F4-0F93F9BF6051} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E345284B-1855-4E65-B8FA-D6619E3DCEDE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FFF86E3C-55B2-4E0D-BCA7-F54CA843721E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-11-14] (Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-312 313 315 Series Invitation {21EBFE0F-99C7-490E-8FE3-C0F4E0D1BE88}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-312 313 315 Series Update {21EBFE0F-99C7-490E-8FE3-C0F4E0D1BE88}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLFE.EXE:/EXE:{21EBFE0F-99C7-490E-8FE3-C0F4E0D1BE88} /F:UpdateWORKGROUP\HP$
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\HPCeeScheduleForHome.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-29 12:49 - 2015-07-29 12:49 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-01-30 18:07 - 2015-01-30 18:07 - 02169344 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2015-01-30 18:05 - 2015-01-30 18:05 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2015-01-30 18:05 - 2015-01-30 18:05 - 00035840 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2015-01-30 18:05 - 2015-01-30 18:05 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2015-01-30 18:16 - 2015-01-30 18:16 - 00431696 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2015-01-30 18:16 - 2015-01-30 18:16 - 00746064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-08-18 21:52 - 2015-08-11 09:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-04-17 14:38 - 2014-04-17 14:38 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-04-17 14:37 - 2014-04-17 14:37 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-10-01 21:56 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 21:56 - 2015-09-17 06:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-01 21:56 - 2015-09-17 05:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 10:59 - 2015-07-10 10:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 21:56 - 2015-09-17 05:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 21:55 - 2015-09-17 05:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 21:55 - 2015-09-17 05:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 21:56 - 2015-09-17 05:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 11:00 - 2015-07-10 16:28 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-01-30 18:09 - 2015-01-30 18:09 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-03-10 21:39 - 2015-03-10 21:39 - 01845248 _____ () C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\cefsimple.exe
2015-03-10 19:31 - 2015-10-05 16:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-03-10 19:31 - 2015-07-03 16:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-03-10 19:31 - 2015-11-10 02:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll
2015-03-10 19:31 - 2015-07-03 16:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-03-10 19:31 - 2015-07-03 16:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-03-10 19:31 - 2015-09-24 00:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-03-10 19:31 - 2015-09-24 00:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-03-10 19:31 - 2015-09-24 00:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-03-10 19:31 - 2015-09-24 00:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-03-10 19:31 - 2015-09-24 00:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-03-10 19:31 - 2015-11-10 02:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-24 21:38 - 2015-11-03 22:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-10-16 23:39 - 2014-10-31 15:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2015-10-16 23:39 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-03-10 19:31 - 2015-10-08 22:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-03-10 21:39 - 2015-03-10 21:50 - 00429056 _____ () C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\OpenAL32.dll
2015-03-10 21:39 - 2015-03-10 21:49 - 01086976 _____ () C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\twitchsdk_32_release.dll
2015-03-10 21:39 - 2015-03-10 21:50 - 40555520 _____ () C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\libcef.dll
2015-03-10 21:39 - 2015-03-10 21:50 - 00394810 _____ () C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\libmp3lame-ttv.dll
2015-03-10 21:48 - 2015-03-10 21:48 - 00113171 _____ () C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\swresample-ttv-0.dll
2015-03-10 21:39 - 2015-03-10 21:39 - 00246332 _____ () C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\avutil-ttv-51.dll
2015-03-10 21:48 - 2015-03-10 21:48 - 00151552 _____ () C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\IntelLaptopGamingVista.dll
2015-03-10 19:31 - 2015-11-10 02:44 - 00373840 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-03-10 21:39 - 2015-03-10 21:50 - 01359360 _____ () C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\libglesv2.dll
2015-03-10 21:50 - 2015-03-10 21:50 - 00212992 _____ () C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\libegl.dll
2015-03-10 21:39 - 2015-03-10 21:50 - 09301504 _____ () C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\pdf.dll
2015-03-10 21:39 - 2015-03-10 21:50 - 00985088 _____ () C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3429728116-2931924014-691865844-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Install SafeKey IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install SafeKey FF RunOnce.lnk"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{08E2C5F8-7D46-4724-9306-9C4A18499F1A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{96A0E857-511E-4D93-ADFD-E001EA38120A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{ABAAC69F-1036-40BE-A2D6-5244DC142D2C}] => (Allow) LPort=1900
FirewallRules: [{07BC4665-15A8-4BF6-A038-74CAA2886D77}] => (Allow) LPort=2869
FirewallRules: [{D67E13A9-DFC6-4194-9694-3CC04C7AC8A7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F2A16C88-6154-4AB3-8749-35460780F4FC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{CA245A6A-54C6-417E-A788-6795CAAC8D9D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{B38F4315-102E-4490-A878-D6DD1715753C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{C00B53E3-3396-47F5-8ECF-D22A2BDE1CCD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{A63E610F-6BF5-4BF3-AC87-23F564DFEB27}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [UDP Query User{E513F91D-784F-4CE9-9E6A-F880394B5B49}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{2526A83D-7B24-4C1F-9565-E14FEB05F17A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{DE03E005-01CB-471E-B9AF-47F714CFB521}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\fm.exe
FirewallRules: [{DD8019DF-E9E0-46BD-B592-967BB1A5BBDF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2015\fm.exe
FirewallRules: [{1984FEE5-456F-435E-A5BB-29C1148A84FF}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{9549C424-A94D-4196-8C71-FB09017580AB}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{3AAFF2EA-0FCF-45C3-A574-17FC260B87BC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8F671515-60B5-4F8F-AE3A-0BE5FFDEF4D3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{74688A78-A1D3-4D8F-B14D-DE4F5EE9AB44}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2EBC7BBC-C879-430C-AEA1-9F2EC9F44558}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A6FE4E71-3F4D-48C8-BBEC-14DB6A4E7172}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D49F6FD2-8956-4C48-B18E-793CDFC0DC82}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{23EE8E7B-69BE-43FD-B437-A4A33F7EFFF0}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{5E66953B-4198-4BC0-B5B5-249EB33CF97A}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{11D8958E-8121-41EE-84EB-DF71D76E1CC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Soccer Manager 2016\Soccer Manager 2016.exe
FirewallRules: [{8FDF9FAD-EE2E-48F1-B5B6-8BB63C720AC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Soccer Manager 2016\Soccer Manager 2016.exe
FirewallRules: [{DC5B82E7-77DF-453D-9728-CD67864A9619}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/23/2015 04:28:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.10240.16384, time stamp: 0x559f3907
Faulting module name: dwmcore.dll, version: 10.0.10240.16461, time stamp: 0x55d2d629
Exception code: 0xc0000005
Fault offset: 0x0000000000049372
Faulting process ID: 0x14c
Faulting application start time: 0xdwm.exe0
Faulting application path: dwm.exe1
Faulting module path: dwm.exe2
Report ID: dwm.exe3
Faulting package full name: dwm.exe4
Faulting package-relative application ID: dwm.exe5

Error: (11/23/2015 00:43:52 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (11/23/2015 00:42:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HP)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/23/2015 00:42:39 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (11/23/2015 00:36:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/23/2015 00:35:49 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8bb70428-5950-4d61-a6fd-6d17ab171fe4}

Error: (11/23/2015 00:03:43 AM) (Source: ATIeRecord) (EventID: 16396) (User: )
Description: ATI EEU PnP start/stop failed

Error: (11/22/2015 11:29:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: fm.exe, version: 15.3.2.0, time stamp: 0x551d37bc
Faulting module name: fm.exe, version: 15.3.2.0, time stamp: 0x551d37bc
Exception code: 0xc0000005
Fault offset: 0x00b5fdb6
Faulting process ID: 0x38dc
Faulting application start time: 0xfm.exe0
Faulting application path: fm.exe1
Faulting module path: fm.exe2
Report ID: fm.exe3
Faulting package full name: fm.exe4
Faulting package-relative application ID: fm.exe5

Error: (11/22/2015 11:10:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7953734

Error: (11/22/2015 11:10:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7953734

System errors:
=============
Error: (11/23/2015 00:44:07 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with the following service-specific error:
%%0

Error: (11/23/2015 00:42:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.

Error: (11/23/2015 00:42:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_Session1 service to connect.

Error: (11/23/2015 00:42:48 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_Session1 service, but this action failed with the following error:
%%1056

Error: (11/23/2015 00:42:46 AM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

Error: (11/23/2015 00:42:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/23/2015 00:42:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/23/2015 00:42:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/23/2015 00:42:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/23/2015 00:08:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

CodeIntegrity:
===================================
  Date: 2015-11-15 23:28:42.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-15 23:28:42.014
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-15 23:04:29.506
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-15 23:04:29.399
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 54%
Total physical RAM: 7112.98 MB
Available physical RAM: 3222.81 MB
Total Virtual: 8264.98 MB
Available Virtual: 3497.64 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:909.95 GB) (Free:767.65 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.72 GB) (Free:1.91 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C4ECAC31)

Partition: GPT.

==================== End of Addition.txt ============================​

 

 



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:51 AM

Posted 24 November 2015 - 02:51 PM

Hello,

you are welcome! Please post the FRST.txt log as well. :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 StevieG7

StevieG7
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:51 AM

Posted 24 November 2015 - 04:25 PM

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by Home (administrator) on HP (24-11-2015 21:07:00)
Running from C:\Users\Home\Downloads
Loaded Profiles: Home (Available Profiles: Home & Administrator)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(www.BitComet.com) C:\Program Files\BitComet\BitComet.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(© 2015 Microsoft Corporation) C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(www.BitComet.com) C:\Program Files\BitComet\tools\BitCometService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILFE.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15361.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8510680 2015-09-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1394392 2015-09-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-11-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)
HKU\S-1-5-21-3429728116-2931924014-691865844-1002\...\Run: [BitComet] => C:\Program Files\BitComet\BitComet.exe [17257648 2013-12-31] (www.BitComet.com)
HKU\S-1-5-21-3429728116-2931924014-691865844-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-3429728116-2931924014-691865844-1002\...\Run: [BingSvc] => C:\Users\Home\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3429728116-2931924014-691865844-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3429728116-2931924014-691865844-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILFE.EXE [297024 2015-10-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3429728116-2931924014-691865844-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31232 2015-07-10] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey FF RunOnce.lnk [2015-03-16]
ShortcutTarget: Install SafeKey FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-03-16]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-09-02]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c1ec6c10-e455-4af6-9019-bbee68e0acf8}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-3429728116-2931924014-691865844-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-3429728116-2931924014-691865844-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT14/2
HKU\S-1-5-21-3429728116-2931924014-691865844-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT14/2
SearchScopes: HKLM -> {8E7B7F94-67D6-462F-A4E6-4155AACD2048} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {8E7B7F94-67D6-462F-A4E6-4155AACD2048} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3429728116-2931924014-691865844-1002 -> {8E7B7F94-67D6-462F-A4E6-4155AACD2048} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Handler: WSISVCUchrome - No CLSID Value
 
FireFox:
========
FF ProfilePath: C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\84za4xo4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Extension: Bing Search - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\84za4xo4.default\Extensions\bingsearch.full@microsoft.com [2015-07-29] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-06-10] [not signed]
 
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-gb
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (McAfee SafeKey) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2015-03-20]
CHR Extension: (Bing) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-08-10]
CHR Extension: (Skype Click to Call) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-25]
CHR HKU\S-1-5-21-3429728116-2931924014-691865844-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2015-03-16]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-17] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-23] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [103424 2015-01-30] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [298200 2015-09-18] (Realtek Semiconductor)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-07-29] (Microsoft Corporation)
S3 w3logsvc; C:\WINDOWS\SysWOW64\inetsrv\w3logsvc.dll [72192 2015-07-29] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101104 2015-06-23] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [277240 2015-06-23] (Advanced Micro Devices, Inc. )
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-05] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-24 21:01 - 2015-11-24 21:01 - 00016148 _____ C:\WINDOWS\system32\HP_Home_HistoryPrediction.bin
2015-11-24 18:44 - 2015-11-24 18:46 - 00035767 _____ C:\Users\Home\Downloads\Addition.txt
2015-11-24 18:42 - 2015-11-24 21:07 - 00017821 _____ C:\Users\Home\Downloads\FRST.txt
2015-11-24 18:41 - 2015-11-24 21:07 - 00000000 ____D C:\FRST
2015-11-24 18:40 - 2015-11-24 21:06 - 02348544 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
2015-11-23 00:45 - 2015-11-23 00:45 - 00000000 ___HD C:\OneDriveTemp
2015-11-23 00:41 - 2015-11-23 00:41 - 00003292 _____ C:\WINDOWS\system32\.crusader
2015-11-23 00:21 - 2015-11-23 00:21 - 00001969 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-11-23 00:21 - 2015-11-23 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-11-23 00:21 - 2015-11-23 00:21 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-23 00:20 - 2015-11-23 00:42 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-22 23:24 - 2015-11-24 21:01 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-22 23:23 - 2015-11-22 23:23 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-22 23:23 - 2015-11-22 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-22 23:23 - 2015-11-22 23:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-22 23:23 - 2015-11-22 23:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-22 23:23 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-22 23:23 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-22 23:23 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-22 17:52 - 2015-11-22 17:52 - 00000931 _____ C:\Users\Home\Desktop\football videos - Shortcut.lnk
2015-11-21 19:17 - 2015-11-21 19:17 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-19 15:03 - 2015-11-19 15:03 - 00002307 _____ C:\Users\Home\Desktop\HP Support Assistant.lnk
2015-11-14 19:27 - 2015-11-23 00:05 - 00000334 _____ C:\WINDOWS\Tasks\HPCeeScheduleForHome.job
2015-11-14 19:27 - 2015-11-17 14:36 - 00003222 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForHome
2015-11-14 18:46 - 2015-11-14 18:46 - 00419528 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-11-14 18:46 - 2015-11-14 18:46 - 00257224 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo31-1.dll
2015-11-14 18:46 - 2015-11-14 18:46 - 00042696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2015-11-14 18:46 - 2015-11-14 18:46 - 00042184 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2015-11-11 15:38 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 15:38 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 15:38 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 15:38 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 15:38 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 15:38 - 2015-11-05 05:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 15:38 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 15:38 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 15:38 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 15:38 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 15:38 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 15:38 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 15:38 - 2015-11-05 04:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 15:38 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 15:38 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 15:38 - 2015-11-05 04:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 15:38 - 2015-11-05 04:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 15:38 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 15:38 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-11 15:38 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 15:38 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 15:38 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 15:38 - 2015-11-05 04:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 15:38 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 15:38 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 15:38 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 15:38 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 15:38 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 15:38 - 2015-11-05 04:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 15:38 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 15:38 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 15:38 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 15:38 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 15:38 - 2015-11-05 03:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 15:38 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 15:38 - 2015-11-05 03:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 15:38 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 15:38 - 2015-11-05 03:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 15:38 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 15:38 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 15:38 - 2015-11-05 03:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 15:38 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 15:38 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 15:38 - 2015-11-05 03:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 15:38 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 15:38 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 15:38 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 15:38 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 15:38 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 15:38 - 2015-11-05 03:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 15:38 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 15:38 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-11 15:38 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-06 20:51 - 2015-11-06 20:51 - 00000000 ____D C:\Users\Home\Downloads\Texts
2015-11-02 11:44 - 2015-11-02 11:44 - 00000000 ____D C:\Users\Home\AppData\Roaming\TuneUp Software
2015-11-02 11:44 - 2015-11-02 11:44 - 00000000 ____D C:\Users\Home\AppData\Local\TuneUp Software
2015-11-02 11:43 - 2015-11-02 11:44 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-10-29 14:21 - 2015-11-24 19:21 - 00000925 _____ C:\WINDOWS\Tasks\EPSON XP-312 313 315 Series Update {21EBFE0F-99C7-490E-8FE3-C0F4E0D1BE88}.job
2015-10-29 14:21 - 2015-11-24 19:21 - 00000739 _____ C:\WINDOWS\Tasks\EPSON XP-312 313 315 Series Invitation {21EBFE0F-99C7-490E-8FE3-C0F4E0D1BE88}.job
2015-10-29 14:21 - 2015-10-29 14:21 - 00004138 _____ C:\WINDOWS\System32\Tasks\EPSON XP-312 313 315 Series Update {21EBFE0F-99C7-490E-8FE3-C0F4E0D1BE88}
2015-10-29 14:21 - 2015-10-29 14:21 - 00003960 _____ C:\WINDOWS\System32\Tasks\EPSON XP-312 313 315 Series Invitation {21EBFE0F-99C7-490E-8FE3-C0F4E0D1BE88}
2015-10-29 14:21 - 2015-10-29 14:21 - 00000000 ____D C:\Program Files\Common Files\EPSON
2015-10-29 14:20 - 2015-10-29 15:21 - 00000000 ____D C:\ProgramData\EPSON
2015-10-29 14:20 - 2015-10-29 14:20 - 00179712 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ILMBLFE.DLL
2015-10-29 14:20 - 2015-10-29 14:20 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_ID4BLFE.DLL
2015-10-29 14:20 - 2015-10-29 14:20 - 00010752 _____ (SEIKO EPSON CORP.) C:\WINDOWS\system32\E_GCINST.DLL
2015-10-28 13:17 - 2015-10-28 13:17 - 00000574 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.lnk
2015-10-27 13:40 - 2015-11-06 18:04 - 00000000 ____D C:\Users\Home\AppData\Local\Soccer Manager 2016
2015-10-27 13:39 - 2015-10-27 13:39 - 00000222 _____ C:\Users\Home\Desktop\Soccer Manager 2016.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-24 21:06 - 2015-03-08 22:17 - 00000000 ____D C:\Users\Home\AppData\Roaming\BitComet
2015-11-24 21:02 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-24 21:01 - 2015-06-16 16:09 - 00000000 ____D C:\Users\Home\AppData\Roaming\Skype
2015-11-24 19:34 - 2015-03-10 19:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-24 19:21 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-11-24 19:03 - 2014-12-12 13:09 - 00000000 ____D C:\Users\Home\Documents\Youcam
2015-11-24 19:02 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-24 19:00 - 2015-03-10 19:30 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-24 19:00 - 2014-12-23 13:42 - 00000000 __RDO C:\Users\Home\OneDrive
2015-11-24 18:59 - 2015-07-29 12:11 - 00000000 ____D C:\Users\Home
2015-11-24 18:59 - 2015-07-10 12:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-24 18:59 - 2014-10-07 15:59 - 03793857 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2015-11-24 18:58 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-24 18:40 - 2015-03-08 21:35 - 00004138 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0616614E-9381-4E59-95FB-26B725CA0D46}
2015-11-23 00:43 - 2015-07-29 12:06 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-11-23 00:43 - 2015-07-29 12:02 - 00082364 _____ C:\WINDOWS\PFRO.log
2015-11-23 00:43 - 2015-07-10 09:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-23 00:05 - 2015-07-10 12:20 - 00210552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-23 00:04 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\System
2015-11-22 23:42 - 2015-07-12 18:37 - 00000000 ____D C:\Program Files (x86)\Sample IME for IME extension API
2015-11-22 23:42 - 2015-07-11 07:29 - 00000000 ____D C:\Program Files (x86)\SaverEoxtensiuon
2015-11-22 23:42 - 2015-07-11 07:28 - 00000000 ____D C:\Program Files (x86)\SaVerExteNsion
2015-11-22 23:42 - 2015-07-11 07:27 - 00000000 ____D C:\Program Files (x86)\SavEerEXtiensioon
2015-11-22 23:42 - 2015-03-27 08:12 - 00000000 ____D C:\Program Files (x86)\SualePulus
2015-11-22 23:37 - 2015-07-12 18:38 - 00000000 ____D C:\Program Files (x86)\FFuin2Suave
2015-11-22 23:37 - 2015-07-12 18:36 - 00000000 ____D C:\Program Files (x86)\Fuon2SAve
2015-11-22 23:37 - 2015-06-07 23:22 - 00000000 ____D C:\Program Files (x86)\DeallExpressa
2015-11-22 23:37 - 2015-06-07 23:21 - 00000000 ____D C:\Program Files (x86)\Jewel Academy
2015-11-22 23:37 - 2015-05-27 11:56 - 00000000 ____D C:\Program Files (x86)\DeealExPreSs
2015-11-22 23:37 - 2015-05-13 03:12 - 00000000 ____D C:\Program Files (x86)\Microformats for Google Chrome
2015-11-22 23:37 - 2015-04-24 19:11 - 00000000 ____D C:\Program Files (x86)\NetoCCoupon
2015-11-22 23:32 - 2015-06-07 23:22 - 00000000 ____D C:\Program Files (x86)\DDeoaolExpress
2015-11-22 16:10 - 2015-06-02 18:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-21 19:21 - 2015-07-29 13:00 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-20 16:19 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-11-19 19:03 - 2014-05-06 23:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-11-19 19:03 - 2014-05-06 23:12 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-19 15:03 - 2014-05-06 23:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-19 15:03 - 2014-05-06 23:11 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-19 15:03 - 2014-05-06 23:07 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-19 15:00 - 2015-03-08 21:39 - 00000000 ____D C:\Users\Home\AppData\Roaming\hpqlog
2015-11-19 14:59 - 2014-04-01 01:07 - 00000000 ____D C:\SWSetup
2015-11-18 16:40 - 2015-03-30 15:28 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-11-15 00:43 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-14 19:16 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-11-14 19:16 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-11-14 19:16 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-14 19:12 - 2015-03-13 08:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-14 18:47 - 2015-07-10 12:20 - 00023945 _____ C:\WINDOWS\setupact.log
2015-11-14 18:47 - 2015-03-13 08:38 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-14 18:46 - 2015-07-17 06:51 - 01804696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-11-14 18:46 - 2015-07-17 06:51 - 00764616 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-11-14 18:46 - 2015-07-17 06:51 - 00619208 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-11-14 18:46 - 2015-07-17 06:51 - 00269000 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-11-11 21:15 - 2015-06-16 16:08 - 00000000 ____D C:\ProgramData\Skype
2015-11-11 16:24 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 15:34 - 2015-03-10 19:44 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-10 11:43 - 2014-12-12 12:52 - 00000000 ____D C:\Users\Home\AppData\Local\Packages
2015-11-03 18:20 - 2015-07-10 11:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 18:20 - 2015-07-10 11:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-03 14:40 - 2015-07-29 12:09 - 00968010 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-03 13:54 - 2015-03-08 21:34 - 00000000 ____D C:\Users\Home\AppData\Local\VirtualStore
2015-11-03 10:27 - 2015-07-29 12:51 - 00002338 _____ C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-02 11:54 - 2015-06-09 17:43 - 00000000 ____D C:\ProgramData\{117254f3-4ce0-8cd6-1172-254f34ce53cd}
2015-11-02 11:54 - 2015-03-27 08:12 - 00000000 ____D C:\ProgramData\{2c290b0b-63ef-0ebc-2c29-90b0b63e2c2d}
2015-11-02 11:54 - 2015-03-27 08:10 - 00000000 ____D C:\ProgramData\{12035594-8d06-9537-1203-355948d05652}
2015-11-02 11:54 - 2014-05-06 23:27 - 00000000 ____D C:\ProgramData\{C19CA186-4F06-4E22-A1E6-6BAB4723A0DE}
 
==================== Files in the root of some directories =======
 
2015-04-17 02:46 - 2015-07-12 18:36 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-03-16 13:05 - 2015-03-16 13:05 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-05-17 14:04 - 2015-07-19 15:07 - 0000024 _____ () C:\Users\Home\AppData\Roaming\appdataFr25.bin
2015-04-03 14:46 - 2015-05-06 05:20 - 0000020 _____ () C:\Users\Home\AppData\Roaming\appdataFr3.bin
2015-03-28 22:23 - 2015-03-28 22:23 - 0011638 _____ () C:\Users\Home\AppData\Local\Temp-log.txt
 
Some files in TEMP:
====================
C:\Users\Home\AppData\Local\Temp\BingSvc.exe
C:\Users\Home\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Home\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Home\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Home\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Home\AppData\Local\Temp\Extract.exe
C:\Users\Home\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Home\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Home\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Home\AppData\Local\Temp\UninstallHPSA.exe
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-11-24 16:35
 
==================== End of FRST.txt ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:51 AM

Posted 25 November 2015 - 06:15 PM

Hi,

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:51 AM

Posted 29 November 2015 - 07:12 AM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:51 AM

Posted 01 December 2015 - 01:04 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users