Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Default internet browser keeps opening randomly


  • This topic is locked This topic is locked
8 replies to this topic

#1 Tadyr

Tadyr

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 20 December 2015 - 04:16 PM

I am using Windows 10, but the issue occurred on Windows 7 as well.

My laptop has two graphics adapters in it. One is an AMD Performance adapter the other is an integrated Intel adapter. If I switch to the AMD adapter, in order to play graphically intensive games, my default internet browser continually opens windows to my home page, google.com,  until my RAM is full and the computer slows to a crawl. I've tried uninstalling Google Chrome and Firefox but the issue continues with Internet Explorer. I've tried installing different graphics drivers with no change. I've also formatted and reinstalled windows, as soon as I switch to the AMD adapter the issue arises again. If I am browsing the internet while the AMD adapter is active, it takes me back to the home page automatically.

I tried different anti-virus, malware removal tools, adware removal tools. But nothing helped me to fix this issue.

 

Hoping, I would get a help from this forum.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:44 PM

Posted 21 December 2015 - 10:03 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Wait for further instructions.

#3 Tadyr

Tadyr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 21 December 2015 - 11:14 AM

Hello nasdaq,

Thank you for the assistance. I ran both scans and used the "clean" function with them, with no change. Here are the logs you requested:

# AdwCleaner v5.025 - Logfile created 21/12/2015 at 09:14:13
# Updated 13/12/2015 by Xplode
# Database : 2015-12-21.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Marcus - MARCUS-HP
# Running from : C:\Users\Marcus\Desktop\adwcleaner_5.025.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search here
[-] [C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : netfilx.com
[-] [C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.avg.com
[-] [C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mega-manager.en.softonic.com
[-] [C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : wayfair.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1727 bytes] ##########
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Marcus (administrator) on MARCUS-HP (21-12-2015 09:40:24)
Running from C:\Users\Marcus\Desktop\New folder
Loaded Profiles: Marcus (Available Profiles: Marcus)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Softros Systems, Inc.) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)
HKLM\...\Run: [IntelPAN] => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70080 2015-05-08] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-09-02] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-08-11] (Windows ® Win 7 DDK provider)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1532384 2015-09-15] (Sophos Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217672 2015-09-15] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\\sophos_detoured.dll [275352 2015-09-15] (Sophos Limited)
AppInit_DLLs-x32: ,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-09-15] (Sophos Limited)
HKLM\...\AppCertDlls: [ProcessBlocker] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib.dll [114176 2015-07-23] (Softros Systems, inc.)
HKLM\...\AppCertDlls: [ProcessBlocker86] -> C:\Program Files\Softros Systems\Process Blocker\HelperLib86.dll [95744 2015-07-23] (Softros Systems, inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8103bfa5-d5e9-4459-b94e-c6359a666e4d}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{dfc582b9-6259-42a8-bbb4-acb6c518b3a8}: [DhcpNameServer] 10.10.10.1 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-2001987691-158935152-3783661574-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-2001987691-158935152-3783661574-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM -> {FC0721A9-74CE-4BEB-9A9A-48418E788E02} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {FC0721A9-74CE-4BEB-9A9A-48418E788E02} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2001987691-158935152-3783661574-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2001987691-158935152-3783661574-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2001987691-158935152-3783661574-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2001987691-158935152-3783661574-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2001987691-158935152-3783661574-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2001987691-158935152-3783661574-1001 -> {FC0721A9-74CE-4BEB-9A9A-48418E788E02} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-12-17] (Oracle Corporation)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll [2011-08-26] (HP)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-12-17] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll [2011-08-26] (HP)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-12-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-12-17] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-29]
CHR Extension: (Google Docs) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-29]
CHR Extension: (Google Drive) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (YouTube) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Adblock Plus) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-27]
CHR Extension: (Google Search) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Google Calendar) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-14]
CHR Extension: (Google Sheets) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-29]
CHR Extension: (Google Docs Offline) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (AdBlock) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-06]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-10-29]
CHR Extension: (Twitch HTML 5 Video Player) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgcegaapnjdkkaboopicfhllkjkjpdhg [2015-08-30]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2015-08-30]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2015-08-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-29]
CHR Extension: (Gmail) - C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-29]
CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (HP)
R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [226240 2015-05-08] ()
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [4333712 2015-05-12] ()
S3 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-17] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-12-16] (The OpenVPN Project)
R2 Process Blocker; C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe [2198352 2015-07-23] (Softros Systems, Inc.)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [291080 2015-09-15] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [270120 2015-09-15] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [607136 2015-09-15] (Sophos Limited)
R3 Sophos Device Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe [659752 2015-09-15] (Sophos Limited)
R2 Sophos MCS Agent; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe [331016 2015-09-11] (Sophos Limited)
R2 Sophos MCS Client; C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe [910088 2015-09-11] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2015-07-13] (Sophos Limited)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [300808 2015-09-15] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3278600 2015-09-15] (Sophos Limited)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [2032344 2015-05-14] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (VMware)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [530648 2015-05-26] (VMware, Inc.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [82672 2015-09-02] (Advanced Micro Devices, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2015-09-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-09-19] (Windows ® Win 7 DDK provider)
S3 ptun0901; C:\Windows\System32\drivers\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S3 Razerlow; C:\Windows\system32\drivers\DB3G.sys [21120 2015-12-20] (Razer (Asia-Pacific) Pte Ltd)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [161024 2015-07-13] (Sophos Limited)
R3 sdcfilter; C:\Windows\system32\DRIVERS\sdcfilter.sys [38144 2015-07-13] (Sophos Limited)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-09-02] (Synaptics Incorporated)
S4 SophosBootDriver; C:\Windows\system32\DRIVERS\SophosBootDriver.sys [27904 2015-07-13] (Sophos Limited)
R1 swi_callout; C:\Windows\system32\DRIVERS\swi_callout.sys [32512 2015-09-15] (Sophos Limited)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-09-02] (HP)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-21 09:40 - 2015-12-21 09:40 - 00000000 ____D C:\FRST
2015-12-21 09:39 - 2015-12-21 09:39 - 00016148 _____ C:\WINDOWS\system32\MARCUS-HP_Marcus_HistoryPrediction.bin
2015-12-21 09:12 - 2015-12-21 09:14 - 00000000 ____D C:\AdwCleaner
2015-12-21 09:10 - 2015-12-21 09:40 - 00000000 ____D C:\Users\Marcus\Desktop\New folder
2015-12-21 09:09 - 2015-12-21 09:09 - 01740288 _____ C:\Users\Marcus\Desktop\adwcleaner_5.025.exe
2015-12-20 14:42 - 2015-12-20 14:42 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\.minecraft
2015-12-20 14:34 - 2015-12-20 14:34 - 00001226 _____ C:\Users\Marcus\Desktop\Configure Process Blocker.lnk
2015-12-20 14:26 - 2015-12-20 14:26 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Process Blocker
2015-12-20 14:26 - 2015-12-20 14:26 - 00000000 ____D C:\Program Files\Softros Systems
2015-12-20 14:25 - 2015-12-20 14:25 - 11932520 _____ C:\Users\Marcus\Downloads\processblocker.zip
2015-12-20 14:23 - 2015-12-20 14:23 - 00002378 _____ C:\Users\Marcus\Documents\MumbleAutomaticCertificateBackup.p12
2015-12-20 14:21 - 2015-12-20 14:41 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\Mumble
2015-12-20 14:21 - 2015-12-20 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
2015-12-20 14:21 - 2015-12-20 14:21 - 00000000 ____D C:\Program Files (x86)\Mumble
2015-12-20 14:20 - 2015-12-21 09:10 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\.purple
2015-12-20 14:20 - 2015-12-20 14:20 - 16712192 _____ C:\Users\Marcus\Downloads\mumble-1.2.12.msi
2015-12-20 14:20 - 2015-12-20 14:20 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2015-12-20 14:20 - 2015-12-20 14:20 - 00001048 _____ C:\Users\Public\Desktop\Pidgin.lnk
2015-12-20 14:20 - 2015-12-20 14:20 - 00000000 ____D C:\Program Files (x86)\Pidgin
2015-12-20 14:19 - 2015-12-20 14:19 - 09670472 _____ C:\Users\Marcus\Downloads\pidgin-2.10.11.exe
2015-12-20 14:18 - 2015-12-20 14:18 - 00021120 _____ (Razer (Asia-Pacific) Pte Ltd) C:\WINDOWS\system32\Drivers\DB3G.sys
2015-12-19 12:00 - 2015-12-19 12:00 - 12201778 _____ C:\Users\Marcus\Downloads\F9L1002v1_N300_US.exe
2015-12-18 21:42 - 2015-12-18 21:42 - 00000953 _____ C:\Users\Public\Desktop\OpenVPN GUI.lnk
2015-12-18 21:42 - 2015-12-18 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-12-18 21:42 - 2015-12-18 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-12-18 21:42 - 2015-12-18 21:42 - 00000000 ____D C:\Program Files\TAP-Windows
2015-12-18 21:42 - 2015-12-18 21:42 - 00000000 ____D C:\Program Files\OpenVPN
2015-12-18 21:41 - 2015-12-18 21:41 - 01822368 _____ C:\Users\Marcus\Downloads\openvpn-install-2.3.9-I601-x86_64.exe
2015-12-18 21:36 - 2015-12-18 21:38 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2015-12-18 21:35 - 2015-12-18 21:36 - 27410968 _____ (OpenVPN Technologies) C:\Users\Marcus\Downloads\privatetunnel-win-2.4.exe
2015-12-18 19:45 - 2015-12-18 19:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-12-18 19:45 - 2015-12-18 19:45 - 00000000 ____D C:\Program Files\ATI Technologies
2015-12-18 19:43 - 2015-12-18 19:43 - 00000000 ____D C:\ProgramData\ATI
2015-12-18 19:40 - 2015-12-18 19:40 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 39720944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 30775792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 10211016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 08982432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-12-18 19:40 - 2015-12-18 19:40 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-12-18 19:40 - 2015-12-18 19:40 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-12-18 19:40 - 2015-12-18 19:40 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-12-18 19:40 - 2015-12-18 19:40 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-12-18 19:40 - 2015-12-18 19:40 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-12-18 19:40 - 2015-12-18 19:40 - 00662400 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-12-18 19:40 - 2015-12-18 19:40 - 00662400 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-12-18 19:40 - 2015-12-18 19:40 - 00631792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00471320 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-12-18 19:40 - 2015-12-18 19:40 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-12-18 19:40 - 2015-12-18 19:40 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
2015-12-18 19:40 - 2015-12-18 19:40 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe
2015-12-18 19:40 - 2015-12-18 19:40 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-12-18 19:40 - 2015-12-18 19:40 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00143056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-12-18 19:40 - 2015-12-18 19:40 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-12-18 19:40 - 2015-12-18 19:40 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-12-18 19:35 - 2015-12-18 19:36 - 14337320 _____ (2BrightSparks Pte Ltd ) C:\Users\Marcus\Downloads\SyncBack_Setup.exe
2015-12-17 16:33 - 2015-12-17 16:33 - 00185706 _____ C:\Users\Marcus\Downloads\OptiFine_1.6.4_L_C9.jar
2015-12-17 16:33 - 2015-09-15 11:56 - 00032512 _____ (Sophos Limited) C:\WINDOWS\system32\Drivers\swi_callout.sys
2015-12-17 16:31 - 2015-12-17 16:31 - 00000000 ____D C:\Users\Marcus\AppData\Local\AMD
2015-12-17 16:19 - 2015-12-17 16:19 - 00000605 _____ C:\Users\Marcus\Desktop\ATLauncher - Shortcut.lnk
2015-12-17 16:05 - 2015-12-01 01:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-17 16:05 - 2015-12-01 00:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-17 16:05 - 2015-11-30 23:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-17 16:05 - 2015-11-30 23:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-17 16:05 - 2015-11-30 22:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-17 16:05 - 2015-11-24 23:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-17 16:05 - 2015-11-24 23:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-17 16:05 - 2015-11-24 23:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-17 16:05 - 2015-11-24 23:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-17 16:05 - 2015-11-24 23:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-17 16:05 - 2015-11-24 23:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-17 16:05 - 2015-11-24 23:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-17 16:05 - 2015-11-24 23:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-17 16:05 - 2015-11-24 23:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-17 16:05 - 2015-11-24 23:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-17 16:05 - 2015-11-24 23:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-17 16:05 - 2015-11-24 22:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-17 16:05 - 2015-11-24 22:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-17 16:05 - 2015-11-24 22:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-17 16:05 - 2015-11-24 22:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-17 16:05 - 2015-11-24 22:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-17 16:05 - 2015-11-24 22:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-17 16:05 - 2015-11-24 22:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-17 16:05 - 2015-11-24 22:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-17 16:05 - 2015-11-24 22:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-17 16:05 - 2015-11-24 22:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-17 16:05 - 2015-11-24 22:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-17 16:05 - 2015-11-24 22:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-17 16:05 - 2015-11-24 22:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-17 16:05 - 2015-11-24 22:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-17 16:05 - 2015-11-24 22:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-17 16:05 - 2015-11-24 22:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-17 16:05 - 2015-11-24 22:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-17 16:05 - 2015-11-24 22:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-17 16:05 - 2015-11-24 22:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-17 16:05 - 2015-11-24 22:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-17 16:05 - 2015-11-24 22:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-17 16:05 - 2015-11-24 22:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-17 16:05 - 2015-11-24 22:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-17 16:05 - 2015-11-24 22:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-17 16:05 - 2015-11-24 22:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-17 16:05 - 2015-11-24 22:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-17 16:05 - 2015-11-24 22:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-17 16:05 - 2015-11-24 22:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-17 16:05 - 2015-11-24 22:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-17 16:05 - 2015-11-24 22:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-17 16:05 - 2015-11-24 22:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-17 16:05 - 2015-11-24 22:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-17 16:05 - 2015-11-24 22:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-17 16:05 - 2015-11-24 22:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-17 16:05 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-17 16:05 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-17 16:05 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-17 16:05 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-17 16:05 - 2015-11-24 22:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-17 16:05 - 2015-11-24 22:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-17 16:05 - 2015-11-24 22:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-17 16:05 - 2015-11-24 22:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-17 16:05 - 2015-11-24 22:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-17 16:05 - 2015-11-24 22:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-17 16:05 - 2015-11-24 22:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-17 16:05 - 2015-11-24 22:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-17 16:05 - 2015-11-24 22:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-17 16:05 - 2015-11-24 22:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-17 16:05 - 2015-11-24 22:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-17 16:05 - 2015-11-24 22:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-17 16:05 - 2015-11-24 22:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-17 16:05 - 2015-11-24 22:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-17 16:05 - 2015-11-24 22:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-17 16:05 - 2015-11-24 22:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-17 16:05 - 2015-11-24 22:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-17 16:05 - 2015-11-24 22:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-17 16:05 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-17 16:05 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-17 16:05 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-17 16:05 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-17 16:05 - 2015-11-24 20:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-17 16:05 - 2015-11-24 20:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-17 16:04 - 2015-11-30 23:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-17 16:04 - 2015-11-30 23:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-17 15:50 - 2015-12-17 15:50 - 00000000 ____D C:\Users\Marcus\AppData\Roaming\.atlauncher
2015-12-17 15:49 - 2015-12-17 15:49 - 00320424 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2015-12-17 15:49 - 2015-12-17 15:49 - 00189864 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2015-12-17 15:49 - 2015-12-17 15:49 - 00189864 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2015-12-17 15:49 - 2015-12-17 15:49 - 00111016 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-12-17 15:49 - 2015-12-17 15:49 - 00000000 ____D C:\Users\Marcus\AppData\LocalLow\Sun
2015-12-17 15:49 - 2015-12-17 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-17 15:49 - 2015-12-17 15:49 - 00000000 ____D C:\Program Files\Java
2015-12-17 15:48 - 2015-12-17 15:48 - 31239592 _____ (Oracle Corporation) C:\Users\Marcus\Downloads\jre-7u80-windows-x64.exe
2015-12-17 15:43 - 2015-12-17 15:49 - 00000000 ____D C:\MC
2015-11-30 18:23 - 2015-11-30 18:26 - 335526902 _____ C:\Users\Marcus\Downloads\cm-13.0-20151130-NIGHTLY-bacon.zip
2015-11-30 17:50 - 2015-11-30 17:51 - 125806531 _____ C:\Users\Marcus\Downloads\gapps-600-base-20151016-1-signed.zip
2015-11-21 16:46 - 2015-11-21 16:47 - 16615176 _____ (Sophos Limited) C:\Users\Marcus\Downloads\SophosMcsEndpoint_5EX0I1IND9UAO1466 (1).exe
2015-11-21 15:27 - 2015-12-18 22:02 - 00002242 ____H C:\Users\Marcus\Documents\Default.rdp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-21 09:40 - 2015-07-10 03:05 - 00000000 ____D C:\Windows
2015-12-21 09:39 - 2015-08-29 20:37 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-21 09:39 - 2015-08-20 17:59 - 00000000 ____D C:\Users\Marcus\AppData\LocalLow\AuthenTec
2015-12-21 09:20 - 2015-09-02 18:36 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-21 09:20 - 2015-07-10 05:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-21 09:16 - 2015-07-10 06:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-21 09:15 - 2015-07-10 06:20 - 00193696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-21 09:14 - 2015-07-10 03:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-20 14:53 - 2015-08-29 20:37 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-20 14:27 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-20 14:26 - 2015-08-21 18:55 - 00000000 ____D C:\Riot Games
2015-12-20 14:20 - 2015-08-20 18:01 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DFA81A93-01FC-41D7-97F1-F00999532534}
2015-12-20 14:18 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-20 14:17 - 2015-09-02 18:55 - 00002405 _____ C:\Users\Marcus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-20 14:17 - 2015-09-02 18:55 - 00000000 ___RD C:\Users\Marcus\OneDrive
2015-12-18 21:37 - 2015-07-10 04:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-18 21:35 - 2015-08-20 20:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-18 20:02 - 2015-09-02 21:31 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-18 20:02 - 2015-08-20 20:31 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-18 19:59 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-18 19:44 - 2015-09-02 18:58 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-18 19:42 - 2015-09-02 18:57 - 00000000 ____D C:\AMD
2015-12-18 19:40 - 2015-10-29 16:08 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-12-18 19:40 - 2015-10-29 16:08 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-12-18 19:40 - 2015-10-29 16:08 - 00130064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-12-18 19:40 - 2015-10-29 16:07 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-12-18 19:40 - 2015-10-29 16:07 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-12-18 19:40 - 2015-09-02 18:56 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-12-18 19:40 - 2015-09-02 18:56 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-12-18 19:40 - 2015-09-02 18:56 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-12-18 19:40 - 2015-09-02 18:56 - 01223544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-12-18 19:40 - 2015-09-02 18:56 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-12-18 19:40 - 2015-09-02 18:56 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-12-18 19:40 - 2015-09-02 18:56 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-12-18 19:40 - 2015-09-02 18:56 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-12-18 19:40 - 2015-09-02 18:56 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-12-18 19:40 - 2015-09-02 18:56 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-12-18 19:19 - 2015-07-10 05:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-06 15:48 - 2015-08-29 20:37 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-06 15:48 - 2015-08-29 20:37 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-30 18:32 - 2015-07-10 05:06 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-30 18:32 - 2015-07-10 05:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-27 20:36 - 2011-11-08 12:30 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-27 12:57 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-22 14:38 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\rescache
 
Some files in TEMP:
====================
C:\Users\Marcus\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-21 09:26
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Marcus (2015-12-21 09:41:42)
Running from C:\Users\Marcus\Desktop\New folder
Windows 10 Home (X64) (2015-09-03 00:53:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2001987691-158935152-3783661574-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2001987691-158935152-3783661574-503 - Limited - Disabled)
Guest (S-1-5-21-2001987691-158935152-3783661574-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2001987691-158935152-3783661574-1002 - Limited - Enabled)
Marcus (S-1-5-21-2001987691-158935152-3783661574-1001 - Administrator - Enabled) => C:\Users\Marcus
SophosSAUMARCUS-HP0 (S-1-5-21-2001987691-158935152-3783661574-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.0) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
AuthenTec TrueAPI (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Fresco Logic USB3.0 Host Controller (HKLM\...\{104898A0-CA37-4BB4-AC27-46B6FE3280DD}) (Version: 3.3.44.0 - Fresco Logic Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{16B7BDA1-B967-4D2D-8B27-E12727C28350}) (Version: 2.10.3 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}) (Version: 2.5.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard)
HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{0EF86E06-C755-4C6F-8E47-2528D0546C0A}) (Version: 1.1.1.0581 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mumble 1.2.12 (HKLM-x32\...\{F726A594-D506-4CE4-813C-5A260A243620}) (Version: 1.2.12 - Thorvald Natvig)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
OpenVPN 2.3.9-I601  (HKLM\...\OpenVPN) (Version: 2.3.9-I601 - )
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
Process Blocker 1.0.13.1 (HKLM\...\{20F9CFAA-04FD-423D-869A-279985494E09}) (Version: 1.0.13.1 - Softros Systems, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.)
Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.117 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{36333618-1CE1-4EF2-8FFD-7F17394891CE}) (Version: 10.6.2.509 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{BCF53039-A7FC-4C79-A3E3-437AE28FD918}) (Version: 5.2.0.221 - Sophos Limited)
Sophos Management Communications System (HKLM-x32\...\{1FFD3F20-5D24-4C9A-B9F6-A207A53CF179}) (Version: 2.0.2.3 - Sophos Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Tixati (HKLM-x32\...\tixati) (Version:  - )
Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.)
VIP Access SDK (1.0.1.2)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.)
VMware Horizon Client (HKLM\...\{AAC8DB2E-95D9-416D-BAF1-53395D81CBB3}) (Version: 3.4.0.27772 - VMware, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2001987691-158935152-3783661574-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Marcus\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
 
==================== Restore Points =========================
 
17-12-2015 15:49:15 Installed Java 7 Update 80 (64-bit)
18-12-2015 19:43:58 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
18-12-2015 19:44:23 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
20-12-2015 14:20:48 Installed Mumble 1.2.12
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0D66070E-3E8C-4EA4-8D23-B6F398384639} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {22A2FE86-081C-4B42-BC7E-54F2126A900C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {26372CE9-BE44-495E-9939-24B67791B1B5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {31197C72-DAA0-475C-B45B-990392D69151} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {35878A68-FE19-4247-9D62-C8482295CD75} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {469E322C-E88E-4078-A862-8CCB856203AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4CADC6C7-E381-4A1A-8D50-1EBA44F2473B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {615296FB-4AE8-4B2F-9387-12CF0CAF2190} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {95E88EC9-F52B-4593-AFDA-02E41C8C8CA4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\First Boot => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {965562CA-D862-47E6-964F-2A9279ED321A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A3BDCD4F-27A9-4396-A3D5-5B9B03EC4A4A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ABF7099A-A119-4AA8-A6C8-0D60F908A6DF} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe
Task: {B411A026-4AAD-4162-9AA4-02568EAAE220} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BB4FAC05-A479-4A08-8B17-819EB5B5CBDB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe
Task: {C5ED6FEF-3EBA-4FBC-9AF7-73D10596ED00} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DE1C868B-6627-4079-87D4-37631648550D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Task: {EEFBF479-2B9F-4778-9D13-8E3A42518E98} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F067545E-8DF3-48F2-8439-674C2AC114DC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-18] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 05:00 - 2015-07-10 05:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-09-02 21:26 - 2015-09-02 21:26 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-05-08 17:09 - 2015-05-08 17:09 - 00226240 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2015-09-02 21:26 - 2015-09-02 21:26 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-05-12 11:07 - 2015-05-12 11:07 - 04333712 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
2015-10-04 11:37 - 2015-09-17 00:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-04 11:37 - 2015-09-17 00:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-04 11:36 - 2015-09-16 23:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-17 16:05 - 2015-11-24 22:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-17 16:05 - 2015-11-24 22:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-17 16:05 - 2015-11-24 22:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-04 11:37 - 2015-09-16 23:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-10 05:00 - 2015-07-10 05:00 - 00215352 _____ () c:\windows\system32\WerEtw.dll
2015-05-08 16:57 - 2015-05-08 16:57 - 00239552 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2015-08-20 18:44 - 2015-08-20 18:44 - 00306472 _____ () C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\log4cplus.dll
2015-11-09 15:20 - 2015-11-09 15:20 - 00172544 _____ () C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\IsdiInterop\cf88a4e813c9e5e732a42bed7d587a5f\IsdiInterop.ni.dll
2013-07-03 22:35 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2001987691-158935152-3783661574-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{AA102C61-ECB9-4BA8-A63F-3D74F382CD36}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{FBA7906E-28C1-4BEC-970C-D1222DBEF1CB}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{1A8C3D6C-40D6-4175-B09C-2EA2EFECD868}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{72F1822E-A3AC-4E07-A911-DD07BE51378B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{A859F832-1D95-4CD5-93B6-EB6EB7623C3D}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{87859C22-1CAE-4B3D-A5EF-CEACB261EBAB}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{D33D433D-C8E6-4074-BEC7-577E6BECFC86}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{833DA696-92BC-483C-B0FB-6AFA9529B7B5}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{79D4A296-FC36-4E45-86F8-646E9C9489ED}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{079A2D34-A0B4-40A2-95D4-699EEAE6D443}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{92B1F113-7B9D-4C74-A8B7-B7F91EF16F85}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{4A16B69A-743B-42BB-B01B-AF5CE4BEE147}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{3E9EA40E-6583-491A-983E-602FE069559F}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{C7AEC5CA-FE54-4E0B-B66A-73C2D43B8D68}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E9C2365E-5442-4D46-A965-FD6566C82B1D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{629DE703-90F0-4526-9A68-B7C9BAA654A7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{DAC2A47C-A48C-4FD9-B714-988E1BD542F0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe
FirewallRules: [{93FB8754-4972-459C-A4AF-CFDD08B51F35}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{B824CBCB-B316-4339-A8EB-7A33747DF10F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [TCP Query User{16E4A84F-C604-491D-A3F3-6EF473BB2418}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{68EEF28B-118C-4435-A3E2-55F8516F467E}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{973CAA52-8A47-4B21-A7D1-F57A5AE888D5}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{4DDFBF11-EDD8-4DF1-B78C-01E9AD22B4AC}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [{5CAB4349-3959-48AC-A131-84FA0EC7B6D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7E94057F-46A7-4854-BDEE-65E62E9CC0C9}] => (Allow) C:\Program Files\Softros Systems\Process Blocker\Process Blocker.exe
FirewallRules: [TCP Query User{A5C8E61C-18BD-491C-AD20-973F669A09EC}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{ABA54192-18AE-4A0B-B514-D5EB455596CB}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/21/2015 09:39:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mediasrv.exe, version: 1.1.0.2054, time stamp: 0x4e023114
Faulting module name: mediasrv.exe, version: 1.1.0.2054, time stamp: 0x4e023114
Exception code: 0xc0000005
Fault offset: 0x0009fd98
Faulting process id: 0x1c54
Faulting application start time: 0xmediasrv.exe0
Faulting application path: mediasrv.exe1
Faulting module path: mediasrv.exe2
Report Id: mediasrv.exe3
Faulting package full name: mediasrv.exe4
Faulting package-relative application ID: mediasrv.exe5
 
Error: (12/21/2015 09:39:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: obexsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5ab8
Faulting module name: obexsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5ab8
Exception code: 0xc0000005
Fault offset: 0x0005225c
Faulting process id: 0x1c5c
Faulting application start time: 0xobexsrv.exe0
Faulting application path: obexsrv.exe1
Faulting module path: obexsrv.exe2
Report Id: obexsrv.exe3
Faulting package full name: obexsrv.exe4
Faulting package-relative application ID: obexsrv.exe5
 
Error: (12/21/2015 09:39:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devmonsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5bd3
Faulting module name: devmonsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5bd3
Exception code: 0xc0000005
Fault offset: 0x00043c86
Faulting process id: 0x904
Faulting application start time: 0xdevmonsrv.exe0
Faulting application path: devmonsrv.exe1
Faulting module path: devmonsrv.exe2
Report Id: devmonsrv.exe3
Faulting package full name: devmonsrv.exe4
Faulting package-relative application ID: devmonsrv.exe5
 
Error: (12/21/2015 09:16:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devmonsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5bd3
Faulting module name: devmonsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5bd3
Exception code: 0xc0000005
Fault offset: 0x00043c86
Faulting process id: 0xa18
Faulting application start time: 0xdevmonsrv.exe0
Faulting application path: devmonsrv.exe1
Faulting module path: devmonsrv.exe2
Report Id: devmonsrv.exe3
Faulting package full name: devmonsrv.exe4
Faulting package-relative application ID: devmonsrv.exe5
 
Error: (12/21/2015 09:16:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: obexsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5ab8
Faulting module name: obexsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5ab8
Exception code: 0xc0000005
Fault offset: 0x0005225c
Faulting process id: 0xa28
Faulting application start time: 0xobexsrv.exe0
Faulting application path: obexsrv.exe1
Faulting module path: obexsrv.exe2
Report Id: obexsrv.exe3
Faulting package full name: obexsrv.exe4
Faulting package-relative application ID: obexsrv.exe5
 
Error: (12/21/2015 09:14:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Marcus-HP)
Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147024882 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/20/2015 02:52:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devmonsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5bd3
Faulting module name: devmonsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5bd3
Exception code: 0xc0000005
Fault offset: 0x00043c86
Faulting process id: 0xbcc
Faulting application start time: 0xdevmonsrv.exe0
Faulting application path: devmonsrv.exe1
Faulting module path: devmonsrv.exe2
Report Id: devmonsrv.exe3
Faulting package full name: devmonsrv.exe4
Faulting package-relative application ID: devmonsrv.exe5
 
Error: (12/20/2015 02:49:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10240.16603, time stamp: 0x56553bcd
Faulting module name: windows.storage.dll, version: 10.0.10240.16515, time stamp: 0x55fa5db0
Exception code: 0xc00000fd
Fault offset: 0x00000000001c59e7
Faulting process id: 0x121c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (12/20/2015 02:40:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devmonsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5bd3
Faulting module name: devmonsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5bd3
Exception code: 0xc0000005
Fault offset: 0x00043c86
Faulting process id: 0x21e4
Faulting application start time: 0xdevmonsrv.exe0
Faulting application path: devmonsrv.exe1
Faulting module path: devmonsrv.exe2
Report Id: devmonsrv.exe3
Faulting package full name: devmonsrv.exe4
Faulting package-relative application ID: devmonsrv.exe5
 
Error: (12/20/2015 02:34:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: devmonsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5bd3
Faulting module name: devmonsrv.exe, version: 1.1.0.51, time stamp: 0x4d6e5bd3
Exception code: 0xc0000005
Fault offset: 0x00043c86
Faulting process id: 0x1e3c
Faulting application start time: 0xdevmonsrv.exe0
Faulting application path: devmonsrv.exe1
Faulting module path: devmonsrv.exe2
Report Id: devmonsrv.exe3
Faulting package full name: devmonsrv.exe4
Faulting package-relative application ID: devmonsrv.exe5
 
 
System errors:
=============
Error: (12/21/2015 09:39:26 AM) (Source: DCOM) (EventID: 10005) (User: Marcus-HP)
Description: 1053Bluetooth Media ServiceUnavailable{9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}
 
Error: (12/21/2015 09:39:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth Media Service service failed to start due to the following error: 
%%1053
 
Error: (12/21/2015 09:39:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Bluetooth Media Service service to connect.
 
Error: (12/21/2015 09:39:26 AM) (Source: DCOM) (EventID: 10005) (User: Marcus-HP)
Description: 1053Bluetooth OBEX ServiceUnavailable{E9E0D51D-F407-4D91-B294-C111F721A3AF}
 
Error: (12/21/2015 09:39:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth OBEX Service service failed to start due to the following error: 
%%1053
 
Error: (12/21/2015 09:39:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Bluetooth OBEX Service service to connect.
 
Error: (12/21/2015 09:39:26 AM) (Source: DCOM) (EventID: 10005) (User: Marcus-HP)
Description: 1053Bluetooth Device MonitorUnavailable{DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
 
Error: (12/21/2015 09:39:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth Device Monitor service failed to start due to the following error: 
%%1053
 
Error: (12/21/2015 09:39:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Bluetooth Device Monitor service to connect.
 
Error: (12/21/2015 09:16:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth OBEX Service service failed to start due to the following error: 
%%1053
 
 
CodeIntegrity:
===================================
  Date: 2015-12-21 09:15:09.933
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Softros Systems\Process Blocker\HelperLib86.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-12-21 09:15:09.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Softros Systems\Process Blocker\HelperLib.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-12-21 09:15:09.761
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Program Files\Softros Systems\Process Blocker\HelperLib86.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-12-21 09:15:09.744
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Program Files\Softros Systems\Process Blocker\HelperLib.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-12-20 14:30:46.488
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Softros Systems\Process Blocker\HelperLib86.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-12-20 14:30:46.474
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Softros Systems\Process Blocker\HelperLib.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-12-20 14:30:44.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Program Files\Softros Systems\Process Blocker\HelperLib86.dll that did not meet the Windows signing level requirements.
 
  Date: 2015-12-20 14:30:44.217
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Program Files\Softros Systems\Process Blocker\HelperLib.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 27%
Total physical RAM: 8139.6 MB
Available physical RAM: 5909.01 MB
Total Virtual: 16331.6 MB
Available Virtual: 14183.09 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:673.98 GB) (Free:617.2 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:20.49 GB) (Free:2.2 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 9594F422)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=674 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End of Addition.txt ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:44 PM

Posted 21 December 2015 - 01:57 PM



Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2001987691-158935152-3783661574-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2001987691-158935152-3783661574-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
Task: {0D66070E-3E8C-4EA4-8D23-B6F398384639} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {22A2FE86-081C-4B42-BC7E-54F2126A900C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {26372CE9-BE44-495E-9939-24B67791B1B5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {31197C72-DAA0-475C-B45B-990392D69151} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {35878A68-FE19-4247-9D62-C8482295CD75} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {615296FB-4AE8-4B2F-9387-12CF0CAF2190} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {965562CA-D862-47E6-964F-2A9279ED321A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A3BDCD4F-27A9-4396-A3D5-5B9B03EC4A4A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B411A026-4AAD-4162-9AA4-02568EAAE220} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C5ED6FEF-3EBA-4FBC-9AF7-73D10596ED00} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EEFBF479-2B9F-4778-9D13-8E3A42518E98} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)

How is the computer running now?

#5 Tadyr

Tadyr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 21 December 2015 - 02:37 PM

no, change on the browser issue.
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Marcus (2015-12-21 13:03:06) Run:1
Running from C:\Users\Marcus\Desktop\New folder
Loaded Profiles: Marcus (Available Profiles: Marcus)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2001987691-158935152-3783661574-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2001987691-158935152-3783661574-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
Task: {0D66070E-3E8C-4EA4-8D23-B6F398384639} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {22A2FE86-081C-4B42-BC7E-54F2126A900C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {26372CE9-BE44-495E-9939-24B67791B1B5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {31197C72-DAA0-475C-B45B-990392D69151} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {35878A68-FE19-4247-9D62-C8482295CD75} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {615296FB-4AE8-4B2F-9387-12CF0CAF2190} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {965562CA-D862-47E6-964F-2A9279ED321A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A3BDCD4F-27A9-4396-A3D5-5B9B03EC4A4A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B411A026-4AAD-4162-9AA4-02568EAAE220} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C5ED6FEF-3EBA-4FBC-9AF7-73D10596ED00} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EEFBF479-2B9F-4778-9D13-8E3A42518E98} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
"HKU\S-1-5-21-2001987691-158935152-3783661574-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
"HKU\S-1-5-21-2001987691-158935152-3783661574-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfully
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D66070E-3E8C-4EA4-8D23-B6F398384639}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D66070E-3E8C-4EA4-8D23-B6F398384639}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{22A2FE86-081C-4B42-BC7E-54F2126A900C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22A2FE86-081C-4B42-BC7E-54F2126A900C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{26372CE9-BE44-495E-9939-24B67791B1B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26372CE9-BE44-495E-9939-24B67791B1B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31197C72-DAA0-475C-B45B-990392D69151}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31197C72-DAA0-475C-B45B-990392D69151}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35878A68-FE19-4247-9D62-C8482295CD75}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35878A68-FE19-4247-9D62-C8482295CD75}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{615296FB-4AE8-4B2F-9387-12CF0CAF2190}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{615296FB-4AE8-4B2F-9387-12CF0CAF2190}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{965562CA-D862-47E6-964F-2A9279ED321A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{965562CA-D862-47E6-964F-2A9279ED321A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A3BDCD4F-27A9-4396-A3D5-5B9B03EC4A4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3BDCD4F-27A9-4396-A3D5-5B9B03EC4A4A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B411A026-4AAD-4162-9AA4-02568EAAE220}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B411A026-4AAD-4162-9AA4-02568EAAE220}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5ED6FEF-3EBA-4FBC-9AF7-73D10596ED00}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5ED6FEF-3EBA-4FBC-9AF7-73D10596ED00}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EEFBF479-2B9F-4778-9D13-8E3A42518E98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEFBF479-2B9F-4778-9D13-8E3A42518E98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
EmptyTemp: => 715.6 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:03:17 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:44 PM

Posted 22 December 2015 - 08:47 AM

my default internet browser continually opens windows to my home page, google.com, until my RAM is full

Which browser is the default at the time?
What games are you playing?

Let me know and see if this can help.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

#7 Tadyr

Tadyr
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 22 December 2015 - 12:36 PM

No change. I've tried completely reinstalling Windows and even with a fresh install the issue still arises once the secondary graphics card is activated.

Browser doesn't seem to matter. If i uninstall Chrome then IE starts doing the same thing. I don't even need to launch a game for the issue to arise, I just have to activate the secondary graphics card. 


Edited by Tadyr, 22 December 2015 - 12:37 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:44 PM

Posted 23 December 2015 - 08:40 AM

My assumption is that the card is compromised.

Looking around I found this interested article.

https://heatsoftware.com/security-blog/10082/is-your-graphics-card-hiding-a-rootkit-or-keylogger/



This Google search is for you information.
https://www.google.ca/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=graphics%20card%20infected

Personally I would check with the Internal Hardware forum.
An expert in graphics card can possibly give you better advice than I can. This is not my forte.

http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

I will leave this topic open for 6 days.
If you need to return please do.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,747 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:44 PM

Posted 29 December 2015 - 08:48 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users