Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan:win32/dynamer!ac - similar to johnsev post


  • This topic is locked This topic is locked
46 replies to this topic

#1 azeri

azeri

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 30 March 2017 - 03:26 PM

Dear Forum,

My issue is very similar to johnsev's post regarding the Trojan:Win32/Dynamer!ac being identified by Windows Defender (WD). WD then attempts to quarantine but an error message is displayed. In my situation, I cannot update WD, it will search for an update for a long time and then display an error: 0x80070490. I have run WD in normal and safe mode offline several times with the same results.

 

I have run malwarebytes anti-malware, adwcleaner, hitmanpro, Zemana and Farbar.

 

I just tried to open WD again and now "the service can't be started", error code: 0x8007139f.

 

I can provide the results from malwarebytes, adwcleaner, and Farbar if you'd like. Please let me know how to proceed.

 

Thank you!



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 30 March 2017 - 05:38 PM

Hello azeri and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
  

Malware might be stopping your PC from installing or running updates.

-----------------------------------
Please do the following.
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: Additional.txt
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 31 March 2017 - 04:58 PM

Are you still with our ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 31 March 2017 - 08:54 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017

Ran by jk (administrator) on HP (31-03-2017 21:47:11)
Running from C:\Users\jk\Downloads
Loaded Profiles: jk (Available Profiles: jk)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\jk\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [gStart] => C:\Garmin\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [PPAP] => C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe [214368 2014-01-25] (PPLive Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PPTV.lnk [2014-02-01]
ShortcutTarget: PPTV.lnk -> C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
Startup: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Mouse.lnk [2014-03-19]
ShortcutTarget: Scanner Mouse.lnk -> C:\Program Files (x86)\Scanner Mouse\Scanner Mouse.exe ()
Startup: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{FD49D65C-997E-4C30-B29F-96AC10DD2A66}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> DefaultScope {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-30] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-30] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-29] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.)
Toolbar: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-09-19] (Skype Technologies)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-02-07] ( HP)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.0.0032\npplugin2.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-55595808-3091521971-254164671-1002: @citrixonline.com/appdetectorplugin -> C:\Users\jk\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-55595808-3091521971-254164671-1002: hp.com/HPDetect -> C:\Users\jk\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default [2017-03-31]
CHR Extension: (Website Logon) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2016-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3800256 2017-03-20] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-09-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-09-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R3 BtAudioBusSrv; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-30] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-30] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-30] (Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-12-17] (Anchorfree Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2016-09-14] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2016-09-14] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2016-09-14] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-30] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-31 21:45 - 2017-03-31 21:45 - 02424832 _____ (Farbar) C:\Users\jk\Downloads\FRST64 (1).exe
2017-03-31 17:44 - 2017-03-31 17:44 - 04547889 _____ C:\Users\jk\Downloads\2017 Racing Calendar.pdf
2017-03-30 16:11 - 2017-03-30 16:11 - 00045901 _____ C:\Users\jk\Desktop\Addition.txt
2017-03-30 16:11 - 2017-03-30 16:11 - 00035111 _____ C:\Users\jk\Desktop\FRST.txt
2017-03-30 16:06 - 2017-03-30 16:08 - 00045898 _____ C:\Users\jk\Downloads\Addition.txt
2017-03-30 16:04 - 2017-03-31 21:47 - 00021925 _____ C:\Users\jk\Downloads\FRST.txt
2017-03-30 16:03 - 2017-03-31 21:47 - 00000000 ____D C:\FRST
2017-03-30 16:02 - 2017-03-30 16:02 - 02424832 _____ (Farbar) C:\Users\jk\Downloads\FRST64.exe
2017-03-30 16:02 - 2017-03-30 16:02 - 00001559 _____ C:\Users\jk\Desktop\AdwCleaner[C2].txt
2017-03-30 15:56 - 2017-03-30 15:56 - 00001606 _____ C:\Users\jk\Desktop\AdwCleaner[S1].txt
2017-03-30 15:55 - 2017-03-30 15:55 - 00006840 _____ C:\Users\jk\Desktop\AdwCleaner[C0].txt
2017-03-30 15:46 - 2017-03-30 15:46 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045 (2).exe
2017-03-30 15:44 - 2017-03-30 15:44 - 00001095 _____ C:\Users\jk\Desktop\Malwarebytes log 2017-03-30.txt
2017-03-30 15:05 - 2017-03-30 15:08 - 57131432 _____ (Malwarebytes ) C:\Users\jk\Downloads\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-30 13:34 - 2017-03-30 13:34 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable (2).exe
2017-03-30 12:11 - 2017-03-31 21:46 - 00352084 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-30 12:11 - 2017-03-31 21:46 - 00331122 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-30 12:11 - 2017-03-30 12:11 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-30 12:11 - 2017-03-30 12:11 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-30 12:10 - 2017-03-30 12:10 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable (1).exe
2017-03-30 11:58 - 2017-03-30 11:58 - 00000000 ____D C:\Users\jk\AppData\Local\Zemana
2017-03-30 11:57 - 2017-03-30 11:58 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable.exe
2017-03-29 14:29 - 2017-03-29 14:29 - 00003070 _____ C:\WINDOWS\System32\Tasks\{C1485899-2309-4C26-8247-C7EDEFE09ED5}
2017-03-29 14:15 - 2017-03-29 14:15 - 00003072 _____ C:\WINDOWS\System32\Tasks\{97FE2682-88CD-4C67-8FA3-F7987EFF07FC}
2017-03-29 13:38 - 2017-03-29 13:38 - 00001901 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-03-29 13:38 - 2017-03-29 13:38 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-29 13:35 - 2017-03-29 13:55 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-29 13:28 - 2017-03-29 13:30 - 11581544 _____ (SurfRight B.V.) C:\Users\jk\Downloads\hitmanpro_x64.exe
2017-03-29 12:58 - 2017-03-31 18:00 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-29 12:58 - 2017-03-30 15:09 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-29 12:58 - 2017-03-30 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-29 12:58 - 2017-03-29 17:25 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-29 12:58 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-29 12:57 - 2017-03-29 12:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-29 12:57 - 2017-03-29 12:57 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-29 12:51 - 2017-03-29 12:53 - 57131432 _____ (Malwarebytes ) C:\Users\jk\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-29 12:50 - 2017-03-29 12:50 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045 (1).exe
2017-03-29 12:25 - 2017-03-30 15:57 - 00000000 ____D C:\AdwCleaner
2017-03-29 12:16 - 2017-03-29 12:17 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045.exe
2017-03-28 14:06 - 2017-03-28 14:06 - 00697014 _____ C:\Users\jk\Downloads\BH_Index_2005.pdf
2017-03-20 08:55 - 2017-03-30 14:07 - 00832310 _____ C:\WINDOWS\ntbtlog.txt
2017-03-17 12:24 - 2017-03-17 12:24 - 00956499 _____ C:\Users\jk\AppData\Local\census.cache
2017-03-17 12:22 - 2017-03-17 12:22 - 01033700 _____ C:\Users\jk\AppData\Local\ars.cache
2017-03-17 12:04 - 2017-03-17 12:04 - 00000010 _____ C:\Users\jk\AppData\Local\sponge.last.runtime.cache
2017-03-17 11:50 - 2017-03-17 11:50 - 00000000 ____D C:\WINDOWS\Trend Micro
2017-03-17 11:50 - 2017-03-17 11:50 - 00000000 ____D C:\ProgramData\Trend Micro
2017-03-17 11:45 - 2017-03-17 11:45 - 00000036 _____ C:\Users\jk\AppData\Local\housecall.guid.cache
2017-03-17 11:45 - 2016-08-22 15:20 - 00332512 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-03-17 11:44 - 2017-03-17 11:44 - 02527376 _____ (Trend Micro Inc.) C:\Users\jk\Downloads\HousecallLauncher64.exe
2017-03-10 16:13 - 2017-03-10 16:13 - 00162452 _____ C:\Users\jk\Downloads\Organization of Racing Investigators Contact List 2017 Final.pdf
2017-03-10 16:13 - 2017-03-10 16:13 - 00162452 _____ C:\Users\jk\Downloads\Organization of Racing Investigators Contact List 2017 Final (1).pdf
2017-03-09 15:03 - 2017-03-09 16:10 - 00000000 __SHD C:\Users\jk\Documents\cache
2017-03-09 15:02 - 2017-03-09 15:02 - 00774728 _____ C:\Users\jk\AppData\LocalLow\PreFEFD.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00238190 _____ C:\Users\jk\AppData\LocalLow\Pre10C1.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00210246 _____ C:\Users\jk\AppData\LocalLow\PreF8F1.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00179365 _____ C:\Users\jk\AppData\LocalLow\Pre194E.tmp
2017-03-08 18:54 - 2017-03-08 18:54 - 00000449 _____ C:\Users\jk\Downloads\citations_MLA8.html
2017-03-08 18:53 - 2017-03-08 18:53 - 02416664 _____ C:\Users\jk\Downloads\Feminine_Wiles.PDF
2017-03-08 18:35 - 2017-03-08 18:35 - 00000797 _____ C:\Users\jk\Downloads\citations.ris
2017-03-08 13:43 - 2017-03-08 13:43 - 00005632 _____ C:\Users\jk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-06 13:32 - 2017-03-06 13:32 - 00000000 ____D C:\a7f0a964feafc9d9c8486234427a150b
2017-03-04 20:24 - 2017-03-04 20:24 - 00000445 _____ C:\Users\jk\Downloads\citation (2).txt
2017-03-04 20:24 - 2017-03-04 20:24 - 00000287 _____ C:\Users\jk\Downloads\citation.txt
2017-03-04 20:24 - 2017-03-04 20:24 - 00000287 _____ C:\Users\jk\Downloads\citation (1).txt
2017-03-01 17:04 - 2017-03-01 17:06 - 10215592 _____ (PDFCompressor.net ) C:\Users\jk\Downloads\pdfcompressor.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-31 21:03 - 2013-03-16 04:03 - 00000000 ____D C:\Users\jk\AppData\LocalLow\AuthenTec
2017-03-31 19:45 - 2013-06-05 19:41 - 00000000 ____D C:\Users\jk\Documents\Employment
2017-03-31 17:27 - 2015-12-15 14:49 - 00003134 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjk
2017-03-31 17:27 - 2015-12-15 14:49 - 00000326 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjk.job
2017-03-30 19:56 - 2013-03-16 04:12 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-55595808-3091521971-254164671-1002
2017-03-30 17:03 - 2013-11-22 23:03 - 00000000 ____D C:\Users\jk\Documents\Print screens
2017-03-30 15:58 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-30 15:58 - 2012-09-26 09:53 - 00000932 _____ C:\WINDOWS\SysWOW64\bscs.ini
2017-03-30 14:13 - 2014-11-21 04:44 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-30 14:13 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2017-03-30 14:03 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-03-30 12:39 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-30 12:36 - 2012-08-17 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-30 12:11 - 2016-09-13 22:20 - 00000000 ____D C:\Users\jk
2017-03-30 10:43 - 2012-08-17 02:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-03-30 10:43 - 2012-08-17 01:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-03-30 10:10 - 2014-02-01 19:57 - 00000000 ____D C:\Users\jk\Documents\Rules of Racing
2017-03-29 17:36 - 2014-03-10 14:09 - 00000000 ____D C:\Users\jk\AppData\Local\ElevatedDiagnostics
2017-03-29 14:13 - 2012-08-17 02:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-29 14:12 - 2012-08-17 02:14 - 00000000 ____D C:\ProgramData\WildTangent
2017-03-29 14:09 - 2013-03-16 04:03 - 00000000 ____D C:\Users\jk\AppData\Local\Packages
2017-03-29 14:07 - 2016-06-11 10:01 - 00000000 ____D C:\ProgramData\Oracle
2017-03-29 14:06 - 2016-06-11 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-29 14:05 - 2016-06-11 10:02 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-03-29 14:04 - 2016-06-11 10:01 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-29 12:25 - 2013-03-31 05:40 - 00000000 ____D C:\Users\jk\Documents\Resume
2017-03-24 13:17 - 2014-08-25 20:34 - 00000000 ____D C:\Users\jk\AppData\Local\doEnter_Ltd
2017-03-23 17:56 - 2013-03-30 08:31 - 00129088 _____ C:\Users\jk\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-23 16:55 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-17 12:29 - 2017-01-02 20:24 - 00000000 ____D C:\Users\jk\Documents\2017
2017-03-13 11:34 - 2013-08-22 10:44 - 00494840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-13 11:33 - 2016-05-22 22:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-13 11:33 - 2016-05-22 22:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-09 16:10 - 2015-08-19 16:04 - 00000000 ____D C:\Users\jk\AppData\LocalLow\WebEx
2017-03-09 15:03 - 2015-08-19 17:46 - 00000000 ____D C:\Users\jk\AppData\Roaming\webex
2017-03-09 15:03 - 2015-08-19 16:04 - 00000000 ____D C:\ProgramData\WebEx
2017-03-09 15:02 - 2015-08-19 16:04 - 00000000 ____D C:\Users\jk\AppData\Local\WebEx
2017-03-09 14:19 - 2014-05-16 10:25 - 00000000 ____D C:\Users\jk\AppData\Local\Cyberlink
2017-03-09 14:19 - 2013-12-28 02:42 - 00000000 ____D C:\Users\jk\AppData\Roaming\CyberLink
2017-03-08 17:35 - 2013-06-21 22:13 - 00000000 ____D C:\Users\jk\Documents\SB1
2017-03-06 17:39 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-06 16:54 - 2013-07-05 09:55 - 00000000 ____D C:\Users\jk\Documents\JK
2017-03-02 16:16 - 2017-01-12 11:06 - 00003154 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 16:16 - 2017-01-10 19:07 - 00003162 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-55595808-3091521971-254164671-1002
2017-03-02 16:16 - 2017-01-10 19:07 - 00002285 _____ C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
 
==================== Files in the root of some directories =======
 
2015-01-21 02:14 - 2015-01-21 02:14 - 0023184 _____ () C:\Users\jk\AppData\Roaming\Comma Separated Values (DOS).ADR
2014-06-01 07:55 - 2014-08-07 09:40 - 0000032 _____ () C:\Users\jk\AppData\Roaming\coreavc.ini
2015-01-21 02:27 - 2015-01-21 02:27 - 0023361 _____ () C:\Users\jk\AppData\Roaming\Microsoft Excel.ADR
2017-03-17 12:22 - 2017-03-17 12:22 - 1033700 _____ () C:\Users\jk\AppData\Local\ars.cache
2017-03-17 12:24 - 2017-03-17 12:24 - 0956499 _____ () C:\Users\jk\AppData\Local\census.cache
2017-03-08 13:43 - 2017-03-08 13:43 - 0005632 _____ () C:\Users\jk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-17 11:45 - 2017-03-17 11:45 - 0000036 _____ () C:\Users\jk\AppData\Local\housecall.guid.cache
2017-03-17 12:04 - 2017-03-17 12:04 - 0000010 _____ () C:\Users\jk\AppData\Local\sponge.last.runtime.cache
 
Some files in TEMP:
====================
2017-03-29 14:01 - 2017-03-29 14:01 - 0739904 _____ (Oracle Corporation) C:\Users\jk\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-13 16:25 - 2017-01-20 16:16 - 43918808 _____ (Skype Technologies S.A.) C:\Users\jk\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-29 13:20
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by jk (administrator) on HP (31-03-2017 21:47:11)
Running from C:\Users\jk\Downloads
Loaded Profiles: jk (Available Profiles: jk)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\jk\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [gStart] => C:\Garmin\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [PPAP] => C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe [214368 2014-01-25] (PPLive Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PPTV.lnk [2014-02-01]
ShortcutTarget: PPTV.lnk -> C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
Startup: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Mouse.lnk [2014-03-19]
ShortcutTarget: Scanner Mouse.lnk -> C:\Program Files (x86)\Scanner Mouse\Scanner Mouse.exe ()
Startup: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{FD49D65C-997E-4C30-B29F-96AC10DD2A66}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> DefaultScope {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-30] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-30] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-29] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.)
Toolbar: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-09-19] (Skype Technologies)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-02-07] ( HP)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.0.0032\npplugin2.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-55595808-3091521971-254164671-1002: @citrixonline.com/appdetectorplugin -> C:\Users\jk\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-55595808-3091521971-254164671-1002: hp.com/HPDetect -> C:\Users\jk\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default [2017-03-31]
CHR Extension: (Website Logon) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2016-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3800256 2017-03-20] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-09-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-09-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R3 BtAudioBusSrv; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-30] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-30] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-30] (Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-12-17] (Anchorfree Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2016-09-14] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2016-09-14] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2016-09-14] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-30] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-31 21:45 - 2017-03-31 21:45 - 02424832 _____ (Farbar) C:\Users\jk\Downloads\FRST64 (1).exe
2017-03-31 17:44 - 2017-03-31 17:44 - 04547889 _____ C:\Users\jk\Downloads\2017 Racing Calendar.pdf
2017-03-30 16:11 - 2017-03-30 16:11 - 00045901 _____ C:\Users\jk\Desktop\Addition.txt
2017-03-30 16:11 - 2017-03-30 16:11 - 00035111 _____ C:\Users\jk\Desktop\FRST.txt
2017-03-30 16:06 - 2017-03-30 16:08 - 00045898 _____ C:\Users\jk\Downloads\Addition.txt
2017-03-30 16:04 - 2017-03-31 21:47 - 00021925 _____ C:\Users\jk\Downloads\FRST.txt
2017-03-30 16:03 - 2017-03-31 21:47 - 00000000 ____D C:\FRST
2017-03-30 16:02 - 2017-03-30 16:02 - 02424832 _____ (Farbar) C:\Users\jk\Downloads\FRST64.exe
2017-03-30 16:02 - 2017-03-30 16:02 - 00001559 _____ C:\Users\jk\Desktop\AdwCleaner[C2].txt
2017-03-30 15:56 - 2017-03-30 15:56 - 00001606 _____ C:\Users\jk\Desktop\AdwCleaner[S1].txt
2017-03-30 15:55 - 2017-03-30 15:55 - 00006840 _____ C:\Users\jk\Desktop\AdwCleaner[C0].txt
2017-03-30 15:46 - 2017-03-30 15:46 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045 (2).exe
2017-03-30 15:44 - 2017-03-30 15:44 - 00001095 _____ C:\Users\jk\Desktop\Malwarebytes log 2017-03-30.txt
2017-03-30 15:05 - 2017-03-30 15:08 - 57131432 _____ (Malwarebytes ) C:\Users\jk\Downloads\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-30 13:34 - 2017-03-30 13:34 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable (2).exe
2017-03-30 12:11 - 2017-03-31 21:46 - 00352084 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-30 12:11 - 2017-03-31 21:46 - 00331122 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-30 12:11 - 2017-03-30 12:11 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-30 12:11 - 2017-03-30 12:11 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-30 12:10 - 2017-03-30 12:10 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable (1).exe
2017-03-30 11:58 - 2017-03-30 11:58 - 00000000 ____D C:\Users\jk\AppData\Local\Zemana
2017-03-30 11:57 - 2017-03-30 11:58 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable.exe
2017-03-29 14:29 - 2017-03-29 14:29 - 00003070 _____ C:\WINDOWS\System32\Tasks\{C1485899-2309-4C26-8247-C7EDEFE09ED5}
2017-03-29 14:15 - 2017-03-29 14:15 - 00003072 _____ C:\WINDOWS\System32\Tasks\{97FE2682-88CD-4C67-8FA3-F7987EFF07FC}
2017-03-29 13:38 - 2017-03-29 13:38 - 00001901 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-03-29 13:38 - 2017-03-29 13:38 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-29 13:35 - 2017-03-29 13:55 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-29 13:28 - 2017-03-29 13:30 - 11581544 _____ (SurfRight B.V.) C:\Users\jk\Downloads\hitmanpro_x64.exe
2017-03-29 12:58 - 2017-03-31 18:00 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-29 12:58 - 2017-03-30 15:09 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-29 12:58 - 2017-03-30 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-29 12:58 - 2017-03-29 17:25 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-29 12:58 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-29 12:57 - 2017-03-29 12:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-29 12:57 - 2017-03-29 12:57 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-29 12:51 - 2017-03-29 12:53 - 57131432 _____ (Malwarebytes ) C:\Users\jk\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-29 12:50 - 2017-03-29 12:50 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045 (1).exe
2017-03-29 12:25 - 2017-03-30 15:57 - 00000000 ____D C:\AdwCleaner
2017-03-29 12:16 - 2017-03-29 12:17 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045.exe
2017-03-28 14:06 - 2017-03-28 14:06 - 00697014 _____ C:\Users\jk\Downloads\BH_Index_2005.pdf
2017-03-20 08:55 - 2017-03-30 14:07 - 00832310 _____ C:\WINDOWS\ntbtlog.txt
2017-03-17 12:24 - 2017-03-17 12:24 - 00956499 _____ C:\Users\jk\AppData\Local\census.cache
2017-03-17 12:22 - 2017-03-17 12:22 - 01033700 _____ C:\Users\jk\AppData\Local\ars.cache
2017-03-17 12:04 - 2017-03-17 12:04 - 00000010 _____ C:\Users\jk\AppData\Local\sponge.last.runtime.cache
2017-03-17 11:50 - 2017-03-17 11:50 - 00000000 ____D C:\WINDOWS\Trend Micro
2017-03-17 11:50 - 2017-03-17 11:50 - 00000000 ____D C:\ProgramData\Trend Micro
2017-03-17 11:45 - 2017-03-17 11:45 - 00000036 _____ C:\Users\jk\AppData\Local\housecall.guid.cache
2017-03-17 11:45 - 2016-08-22 15:20 - 00332512 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-03-17 11:44 - 2017-03-17 11:44 - 02527376 _____ (Trend Micro Inc.) C:\Users\jk\Downloads\HousecallLauncher64.exe
2017-03-10 16:13 - 2017-03-10 16:13 - 00162452 _____ C:\Users\jk\Downloads\Organization of Racing Investigators Contact List 2017 Final.pdf
2017-03-10 16:13 - 2017-03-10 16:13 - 00162452 _____ C:\Users\jk\Downloads\Organization of Racing Investigators Contact List 2017 Final (1).pdf
2017-03-09 15:03 - 2017-03-09 16:10 - 00000000 __SHD C:\Users\jk\Documents\cache
2017-03-09 15:02 - 2017-03-09 15:02 - 00774728 _____ C:\Users\jk\AppData\LocalLow\PreFEFD.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00238190 _____ C:\Users\jk\AppData\LocalLow\Pre10C1.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00210246 _____ C:\Users\jk\AppData\LocalLow\PreF8F1.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00179365 _____ C:\Users\jk\AppData\LocalLow\Pre194E.tmp
2017-03-08 18:54 - 2017-03-08 18:54 - 00000449 _____ C:\Users\jk\Downloads\citations_MLA8.html
2017-03-08 18:53 - 2017-03-08 18:53 - 02416664 _____ C:\Users\jk\Downloads\Feminine_Wiles.PDF
2017-03-08 18:35 - 2017-03-08 18:35 - 00000797 _____ C:\Users\jk\Downloads\citations.ris
2017-03-08 13:43 - 2017-03-08 13:43 - 00005632 _____ C:\Users\jk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-06 13:32 - 2017-03-06 13:32 - 00000000 ____D C:\a7f0a964feafc9d9c8486234427a150b
2017-03-04 20:24 - 2017-03-04 20:24 - 00000445 _____ C:\Users\jk\Downloads\citation (2).txt
2017-03-04 20:24 - 2017-03-04 20:24 - 00000287 _____ C:\Users\jk\Downloads\citation.txt
2017-03-04 20:24 - 2017-03-04 20:24 - 00000287 _____ C:\Users\jk\Downloads\citation (1).txt
2017-03-01 17:04 - 2017-03-01 17:06 - 10215592 _____ (PDFCompressor.net ) C:\Users\jk\Downloads\pdfcompressor.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-31 21:03 - 2013-03-16 04:03 - 00000000 ____D C:\Users\jk\AppData\LocalLow\AuthenTec
2017-03-31 19:45 - 2013-06-05 19:41 - 00000000 ____D C:\Users\jk\Documents\Employment
2017-03-31 17:27 - 2015-12-15 14:49 - 00003134 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjk
2017-03-31 17:27 - 2015-12-15 14:49 - 00000326 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjk.job
2017-03-30 19:56 - 2013-03-16 04:12 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-55595808-3091521971-254164671-1002
2017-03-30 17:03 - 2013-11-22 23:03 - 00000000 ____D C:\Users\jk\Documents\Print screens
2017-03-30 15:58 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-30 15:58 - 2012-09-26 09:53 - 00000932 _____ C:\WINDOWS\SysWOW64\bscs.ini
2017-03-30 14:13 - 2014-11-21 04:44 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-30 14:13 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2017-03-30 14:03 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-03-30 12:39 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-30 12:36 - 2012-08-17 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-30 12:11 - 2016-09-13 22:20 - 00000000 ____D C:\Users\jk
2017-03-30 10:43 - 2012-08-17 02:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-03-30 10:43 - 2012-08-17 01:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-03-30 10:10 - 2014-02-01 19:57 - 00000000 ____D C:\Users\jk\Documents\Rules of Racing
2017-03-29 17:36 - 2014-03-10 14:09 - 00000000 ____D C:\Users\jk\AppData\Local\ElevatedDiagnostics
2017-03-29 14:13 - 2012-08-17 02:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-29 14:12 - 2012-08-17 02:14 - 00000000 ____D C:\ProgramData\WildTangent
2017-03-29 14:09 - 2013-03-16 04:03 - 00000000 ____D C:\Users\jk\AppData\Local\Packages
2017-03-29 14:07 - 2016-06-11 10:01 - 00000000 ____D C:\ProgramData\Oracle
2017-03-29 14:06 - 2016-06-11 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-29 14:05 - 2016-06-11 10:02 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-03-29 14:04 - 2016-06-11 10:01 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-29 12:25 - 2013-03-31 05:40 - 00000000 ____D C:\Users\jk\Documents\Resume
2017-03-24 13:17 - 2014-08-25 20:34 - 00000000 ____D C:\Users\jk\AppData\Local\doEnter_Ltd
2017-03-23 17:56 - 2013-03-30 08:31 - 00129088 _____ C:\Users\jk\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-23 16:55 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-17 12:29 - 2017-01-02 20:24 - 00000000 ____D C:\Users\jk\Documents\2017
2017-03-13 11:34 - 2013-08-22 10:44 - 00494840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-13 11:33 - 2016-05-22 22:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-13 11:33 - 2016-05-22 22:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-09 16:10 - 2015-08-19 16:04 - 00000000 ____D C:\Users\jk\AppData\LocalLow\WebEx
2017-03-09 15:03 - 2015-08-19 17:46 - 00000000 ____D C:\Users\jk\AppData\Roaming\webex
2017-03-09 15:03 - 2015-08-19 16:04 - 00000000 ____D C:\ProgramData\WebEx
2017-03-09 15:02 - 2015-08-19 16:04 - 00000000 ____D C:\Users\jk\AppData\Local\WebEx
2017-03-09 14:19 - 2014-05-16 10:25 - 00000000 ____D C:\Users\jk\AppData\Local\Cyberlink
2017-03-09 14:19 - 2013-12-28 02:42 - 00000000 ____D C:\Users\jk\AppData\Roaming\CyberLink
2017-03-08 17:35 - 2013-06-21 22:13 - 00000000 ____D C:\Users\jk\Documents\SB1
2017-03-06 17:39 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-06 16:54 - 2013-07-05 09:55 - 00000000 ____D C:\Users\jk\Documents\JK
2017-03-02 16:16 - 2017-01-12 11:06 - 00003154 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 16:16 - 2017-01-10 19:07 - 00003162 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-55595808-3091521971-254164671-1002
2017-03-02 16:16 - 2017-01-10 19:07 - 00002285 _____ C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
 
==================== Files in the root of some directories =======
 
2015-01-21 02:14 - 2015-01-21 02:14 - 0023184 _____ () C:\Users\jk\AppData\Roaming\Comma Separated Values (DOS).ADR
2014-06-01 07:55 - 2014-08-07 09:40 - 0000032 _____ () C:\Users\jk\AppData\Roaming\coreavc.ini
2015-01-21 02:27 - 2015-01-21 02:27 - 0023361 _____ () C:\Users\jk\AppData\Roaming\Microsoft Excel.ADR
2017-03-17 12:22 - 2017-03-17 12:22 - 1033700 _____ () C:\Users\jk\AppData\Local\ars.cache
2017-03-17 12:24 - 2017-03-17 12:24 - 0956499 _____ () C:\Users\jk\AppData\Local\census.cache
2017-03-08 13:43 - 2017-03-08 13:43 - 0005632 _____ () C:\Users\jk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-17 11:45 - 2017-03-17 11:45 - 0000036 _____ () C:\Users\jk\AppData\Local\housecall.guid.cache
2017-03-17 12:04 - 2017-03-17 12:04 - 0000010 _____ () C:\Users\jk\AppData\Local\sponge.last.runtime.cache
 
Some files in TEMP:
====================
2017-03-29 14:01 - 2017-03-29 14:01 - 0739904 _____ (Oracle Corporation) C:\Users\jk\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-13 16:25 - 2017-01-20 16:16 - 43918808 _____ (Skype Technologies S.A.) C:\Users\jk\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-29 13:20
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by jk (administrator) on HP (31-03-2017 21:47:11)
Running from C:\Users\jk\Downloads
Loaded Profiles: jk (Available Profiles: jk)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\jk\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [gStart] => C:\Garmin\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [PPAP] => C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe [214368 2014-01-25] (PPLive Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PPTV.lnk [2014-02-01]
ShortcutTarget: PPTV.lnk -> C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
Startup: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Mouse.lnk [2014-03-19]
ShortcutTarget: Scanner Mouse.lnk -> C:\Program Files (x86)\Scanner Mouse\Scanner Mouse.exe ()
Startup: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{FD49D65C-997E-4C30-B29F-96AC10DD2A66}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> DefaultScope {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-30] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-30] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-29] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.)
Toolbar: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-09-19] (Skype Technologies)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-02-07] ( HP)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.0.0032\npplugin2.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-55595808-3091521971-254164671-1002: @citrixonline.com/appdetectorplugin -> C:\Users\jk\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-55595808-3091521971-254164671-1002: hp.com/HPDetect -> C:\Users\jk\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default [2017-03-31]
CHR Extension: (Website Logon) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2016-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3800256 2017-03-20] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-09-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-09-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R3 BtAudioBusSrv; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-30] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-30] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-30] (Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-12-17] (Anchorfree Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2016-09-14] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2016-09-14] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2016-09-14] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-30] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-31 21:45 - 2017-03-31 21:45 - 02424832 _____ (Farbar) C:\Users\jk\Downloads\FRST64 (1).exe
2017-03-31 17:44 - 2017-03-31 17:44 - 04547889 _____ C:\Users\jk\Downloads\2017 Racing Calendar.pdf
2017-03-30 16:11 - 2017-03-30 16:11 - 00045901 _____ C:\Users\jk\Desktop\Addition.txt
2017-03-30 16:11 - 2017-03-30 16:11 - 00035111 _____ C:\Users\jk\Desktop\FRST.txt
2017-03-30 16:06 - 2017-03-30 16:08 - 00045898 _____ C:\Users\jk\Downloads\Addition.txt
2017-03-30 16:04 - 2017-03-31 21:47 - 00021925 _____ C:\Users\jk\Downloads\FRST.txt
2017-03-30 16:03 - 2017-03-31 21:47 - 00000000 ____D C:\FRST
2017-03-30 16:02 - 2017-03-30 16:02 - 02424832 _____ (Farbar) C:\Users\jk\Downloads\FRST64.exe
2017-03-30 16:02 - 2017-03-30 16:02 - 00001559 _____ C:\Users\jk\Desktop\AdwCleaner[C2].txt
2017-03-30 15:56 - 2017-03-30 15:56 - 00001606 _____ C:\Users\jk\Desktop\AdwCleaner[S1].txt
2017-03-30 15:55 - 2017-03-30 15:55 - 00006840 _____ C:\Users\jk\Desktop\AdwCleaner[C0].txt
2017-03-30 15:46 - 2017-03-30 15:46 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045 (2).exe
2017-03-30 15:44 - 2017-03-30 15:44 - 00001095 _____ C:\Users\jk\Desktop\Malwarebytes log 2017-03-30.txt
2017-03-30 15:05 - 2017-03-30 15:08 - 57131432 _____ (Malwarebytes ) C:\Users\jk\Downloads\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-30 13:34 - 2017-03-30 13:34 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable (2).exe
2017-03-30 12:11 - 2017-03-31 21:46 - 00352084 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-30 12:11 - 2017-03-31 21:46 - 00331122 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-30 12:11 - 2017-03-30 12:11 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-30 12:11 - 2017-03-30 12:11 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-30 12:10 - 2017-03-30 12:10 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable (1).exe
2017-03-30 11:58 - 2017-03-30 11:58 - 00000000 ____D C:\Users\jk\AppData\Local\Zemana
2017-03-30 11:57 - 2017-03-30 11:58 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable.exe
2017-03-29 14:29 - 2017-03-29 14:29 - 00003070 _____ C:\WINDOWS\System32\Tasks\{C1485899-2309-4C26-8247-C7EDEFE09ED5}
2017-03-29 14:15 - 2017-03-29 14:15 - 00003072 _____ C:\WINDOWS\System32\Tasks\{97FE2682-88CD-4C67-8FA3-F7987EFF07FC}
2017-03-29 13:38 - 2017-03-29 13:38 - 00001901 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-03-29 13:38 - 2017-03-29 13:38 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-29 13:35 - 2017-03-29 13:55 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-29 13:28 - 2017-03-29 13:30 - 11581544 _____ (SurfRight B.V.) C:\Users\jk\Downloads\hitmanpro_x64.exe
2017-03-29 12:58 - 2017-03-31 18:00 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-29 12:58 - 2017-03-30 15:09 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-29 12:58 - 2017-03-30 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-29 12:58 - 2017-03-29 17:25 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-29 12:58 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-29 12:57 - 2017-03-29 12:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-29 12:57 - 2017-03-29 12:57 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-29 12:51 - 2017-03-29 12:53 - 57131432 _____ (Malwarebytes ) C:\Users\jk\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-29 12:50 - 2017-03-29 12:50 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045 (1).exe
2017-03-29 12:25 - 2017-03-30 15:57 - 00000000 ____D C:\AdwCleaner
2017-03-29 12:16 - 2017-03-29 12:17 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045.exe
2017-03-28 14:06 - 2017-03-28 14:06 - 00697014 _____ C:\Users\jk\Downloads\BH_Index_2005.pdf
2017-03-20 08:55 - 2017-03-30 14:07 - 00832310 _____ C:\WINDOWS\ntbtlog.txt
2017-03-17 12:24 - 2017-03-17 12:24 - 00956499 _____ C:\Users\jk\AppData\Local\census.cache
2017-03-17 12:22 - 2017-03-17 12:22 - 01033700 _____ C:\Users\jk\AppData\Local\ars.cache
2017-03-17 12:04 - 2017-03-17 12:04 - 00000010 _____ C:\Users\jk\AppData\Local\sponge.last.runtime.cache
2017-03-17 11:50 - 2017-03-17 11:50 - 00000000 ____D C:\WINDOWS\Trend Micro
2017-03-17 11:50 - 2017-03-17 11:50 - 00000000 ____D C:\ProgramData\Trend Micro
2017-03-17 11:45 - 2017-03-17 11:45 - 00000036 _____ C:\Users\jk\AppData\Local\housecall.guid.cache
2017-03-17 11:45 - 2016-08-22 15:20 - 00332512 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-03-17 11:44 - 2017-03-17 11:44 - 02527376 _____ (Trend Micro Inc.) C:\Users\jk\Downloads\HousecallLauncher64.exe
2017-03-10 16:13 - 2017-03-10 16:13 - 00162452 _____ C:\Users\jk\Downloads\Organization of Racing Investigators Contact List 2017 Final.pdf
2017-03-10 16:13 - 2017-03-10 16:13 - 00162452 _____ C:\Users\jk\Downloads\Organization of Racing Investigators Contact List 2017 Final (1).pdf
2017-03-09 15:03 - 2017-03-09 16:10 - 00000000 __SHD C:\Users\jk\Documents\cache
2017-03-09 15:02 - 2017-03-09 15:02 - 00774728 _____ C:\Users\jk\AppData\LocalLow\PreFEFD.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00238190 _____ C:\Users\jk\AppData\LocalLow\Pre10C1.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00210246 _____ C:\Users\jk\AppData\LocalLow\PreF8F1.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00179365 _____ C:\Users\jk\AppData\LocalLow\Pre194E.tmp
2017-03-08 18:54 - 2017-03-08 18:54 - 00000449 _____ C:\Users\jk\Downloads\citations_MLA8.html
2017-03-08 18:53 - 2017-03-08 18:53 - 02416664 _____ C:\Users\jk\Downloads\Feminine_Wiles.PDF
2017-03-08 18:35 - 2017-03-08 18:35 - 00000797 _____ C:\Users\jk\Downloads\citations.ris
2017-03-08 13:43 - 2017-03-08 13:43 - 00005632 _____ C:\Users\jk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-06 13:32 - 2017-03-06 13:32 - 00000000 ____D C:\a7f0a964feafc9d9c8486234427a150b
2017-03-04 20:24 - 2017-03-04 20:24 - 00000445 _____ C:\Users\jk\Downloads\citation (2).txt
2017-03-04 20:24 - 2017-03-04 20:24 - 00000287 _____ C:\Users\jk\Downloads\citation.txt
2017-03-04 20:24 - 2017-03-04 20:24 - 00000287 _____ C:\Users\jk\Downloads\citation (1).txt
2017-03-01 17:04 - 2017-03-01 17:06 - 10215592 _____ (PDFCompressor.net ) C:\Users\jk\Downloads\pdfcompressor.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-31 21:03 - 2013-03-16 04:03 - 00000000 ____D C:\Users\jk\AppData\LocalLow\AuthenTec
2017-03-31 19:45 - 2013-06-05 19:41 - 00000000 ____D C:\Users\jk\Documents\Employment
2017-03-31 17:27 - 2015-12-15 14:49 - 00003134 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjk
2017-03-31 17:27 - 2015-12-15 14:49 - 00000326 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjk.job
2017-03-30 19:56 - 2013-03-16 04:12 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-55595808-3091521971-254164671-1002
2017-03-30 17:03 - 2013-11-22 23:03 - 00000000 ____D C:\Users\jk\Documents\Print screens
2017-03-30 15:58 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-30 15:58 - 2012-09-26 09:53 - 00000932 _____ C:\WINDOWS\SysWOW64\bscs.ini
2017-03-30 14:13 - 2014-11-21 04:44 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-30 14:13 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2017-03-30 14:03 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-03-30 12:39 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-30 12:36 - 2012-08-17 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-30 12:11 - 2016-09-13 22:20 - 00000000 ____D C:\Users\jk
2017-03-30 10:43 - 2012-08-17 02:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-03-30 10:43 - 2012-08-17 01:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-03-30 10:10 - 2014-02-01 19:57 - 00000000 ____D C:\Users\jk\Documents\Rules of Racing
2017-03-29 17:36 - 2014-03-10 14:09 - 00000000 ____D C:\Users\jk\AppData\Local\ElevatedDiagnostics
2017-03-29 14:13 - 2012-08-17 02:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-29 14:12 - 2012-08-17 02:14 - 00000000 ____D C:\ProgramData\WildTangent
2017-03-29 14:09 - 2013-03-16 04:03 - 00000000 ____D C:\Users\jk\AppData\Local\Packages
2017-03-29 14:07 - 2016-06-11 10:01 - 00000000 ____D C:\ProgramData\Oracle
2017-03-29 14:06 - 2016-06-11 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-29 14:05 - 2016-06-11 10:02 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-03-29 14:04 - 2016-06-11 10:01 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-29 12:25 - 2013-03-31 05:40 - 00000000 ____D C:\Users\jk\Documents\Resume
2017-03-24 13:17 - 2014-08-25 20:34 - 00000000 ____D C:\Users\jk\AppData\Local\doEnter_Ltd
2017-03-23 17:56 - 2013-03-30 08:31 - 00129088 _____ C:\Users\jk\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-23 16:55 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-17 12:29 - 2017-01-02 20:24 - 00000000 ____D C:\Users\jk\Documents\2017
2017-03-13 11:34 - 2013-08-22 10:44 - 00494840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-13 11:33 - 2016-05-22 22:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-13 11:33 - 2016-05-22 22:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-09 16:10 - 2015-08-19 16:04 - 00000000 ____D C:\Users\jk\AppData\LocalLow\WebEx
2017-03-09 15:03 - 2015-08-19 17:46 - 00000000 ____D C:\Users\jk\AppData\Roaming\webex
2017-03-09 15:03 - 2015-08-19 16:04 - 00000000 ____D C:\ProgramData\WebEx
2017-03-09 15:02 - 2015-08-19 16:04 - 00000000 ____D C:\Users\jk\AppData\Local\WebEx
2017-03-09 14:19 - 2014-05-16 10:25 - 00000000 ____D C:\Users\jk\AppData\Local\Cyberlink
2017-03-09 14:19 - 2013-12-28 02:42 - 00000000 ____D C:\Users\jk\AppData\Roaming\CyberLink
2017-03-08 17:35 - 2013-06-21 22:13 - 00000000 ____D C:\Users\jk\Documents\SB1
2017-03-06 17:39 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-06 16:54 - 2013-07-05 09:55 - 00000000 ____D C:\Users\jk\Documents\JK
2017-03-02 16:16 - 2017-01-12 11:06 - 00003154 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 16:16 - 2017-01-10 19:07 - 00003162 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-55595808-3091521971-254164671-1002
2017-03-02 16:16 - 2017-01-10 19:07 - 00002285 _____ C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
 
==================== Files in the root of some directories =======
 
2015-01-21 02:14 - 2015-01-21 02:14 - 0023184 _____ () C:\Users\jk\AppData\Roaming\Comma Separated Values (DOS).ADR
2014-06-01 07:55 - 2014-08-07 09:40 - 0000032 _____ () C:\Users\jk\AppData\Roaming\coreavc.ini
2015-01-21 02:27 - 2015-01-21 02:27 - 0023361 _____ () C:\Users\jk\AppData\Roaming\Microsoft Excel.ADR
2017-03-17 12:22 - 2017-03-17 12:22 - 1033700 _____ () C:\Users\jk\AppData\Local\ars.cache
2017-03-17 12:24 - 2017-03-17 12:24 - 0956499 _____ () C:\Users\jk\AppData\Local\census.cache
2017-03-08 13:43 - 2017-03-08 13:43 - 0005632 _____ () C:\Users\jk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-17 11:45 - 2017-03-17 11:45 - 0000036 _____ () C:\Users\jk\AppData\Local\housecall.guid.cache
2017-03-17 12:04 - 2017-03-17 12:04 - 0000010 _____ () C:\Users\jk\AppData\Local\sponge.last.runtime.cache
 
Some files in TEMP:
====================
2017-03-29 14:01 - 2017-03-29 14:01 - 0739904 _____ (Oracle Corporation) C:\Users\jk\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-13 16:25 - 2017-01-20 16:16 - 43918808 _____ (Skype Technologies S.A.) C:\Users\jk\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-29 13:20
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by jk (administrator) on HP (31-03-2017 21:47:11)
Running from C:\Users\jk\Downloads
Loaded Profiles: jk (Available Profiles: jk)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\jk\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [gStart] => C:\Garmin\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [PPAP] => C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe [214368 2014-01-25] (PPLive Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PPTV.lnk [2014-02-01]
ShortcutTarget: PPTV.lnk -> C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
Startup: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Mouse.lnk [2014-03-19]
ShortcutTarget: Scanner Mouse.lnk -> C:\Program Files (x86)\Scanner Mouse\Scanner Mouse.exe ()
Startup: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{FD49D65C-997E-4C30-B29F-96AC10DD2A66}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> DefaultScope {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-30] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-30] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-29] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.)
Toolbar: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-09-19] (Skype Technologies)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-02-07] ( HP)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.0.0032\npplugin2.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-55595808-3091521971-254164671-1002: @citrixonline.com/appdetectorplugin -> C:\Users\jk\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-55595808-3091521971-254164671-1002: hp.com/HPDetect -> C:\Users\jk\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default [2017-03-31]
CHR Extension: (Website Logon) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2016-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3800256 2017-03-20] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-09-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-09-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R3 BtAudioBusSrv; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-30] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-30] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-30] (Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-12-17] (Anchorfree Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2016-09-14] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2016-09-14] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2016-09-14] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-30] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-31 21:45 - 2017-03-31 21:45 - 02424832 _____ (Farbar) C:\Users\jk\Downloads\FRST64 (1).exe
2017-03-31 17:44 - 2017-03-31 17:44 - 04547889 _____ C:\Users\jk\Downloads\2017 Racing Calendar.pdf
2017-03-30 16:11 - 2017-03-30 16:11 - 00045901 _____ C:\Users\jk\Desktop\Addition.txt
2017-03-30 16:11 - 2017-03-30 16:11 - 00035111 _____ C:\Users\jk\Desktop\FRST.txt
2017-03-30 16:06 - 2017-03-30 16:08 - 00045898 _____ C:\Users\jk\Downloads\Addition.txt
2017-03-30 16:04 - 2017-03-31 21:47 - 00021925 _____ C:\Users\jk\Downloads\FRST.txt
2017-03-30 16:03 - 2017-03-31 21:47 - 00000000 ____D C:\FRST
2017-03-30 16:02 - 2017-03-30 16:02 - 02424832 _____ (Farbar) C:\Users\jk\Downloads\FRST64.exe
2017-03-30 16:02 - 2017-03-30 16:02 - 00001559 _____ C:\Users\jk\Desktop\AdwCleaner[C2].txt
2017-03-30 15:56 - 2017-03-30 15:56 - 00001606 _____ C:\Users\jk\Desktop\AdwCleaner[S1].txt
2017-03-30 15:55 - 2017-03-30 15:55 - 00006840 _____ C:\Users\jk\Desktop\AdwCleaner[C0].txt
2017-03-30 15:46 - 2017-03-30 15:46 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045 (2).exe
2017-03-30 15:44 - 2017-03-30 15:44 - 00001095 _____ C:\Users\jk\Desktop\Malwarebytes log 2017-03-30.txt
2017-03-30 15:05 - 2017-03-30 15:08 - 57131432 _____ (Malwarebytes ) C:\Users\jk\Downloads\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-30 13:34 - 2017-03-30 13:34 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable (2).exe
2017-03-30 12:11 - 2017-03-31 21:46 - 00352084 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-30 12:11 - 2017-03-31 21:46 - 00331122 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-30 12:11 - 2017-03-30 12:11 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-30 12:11 - 2017-03-30 12:11 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-30 12:10 - 2017-03-30 12:10 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable (1).exe
2017-03-30 11:58 - 2017-03-30 11:58 - 00000000 ____D C:\Users\jk\AppData\Local\Zemana
2017-03-30 11:57 - 2017-03-30 11:58 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable.exe
2017-03-29 14:29 - 2017-03-29 14:29 - 00003070 _____ C:\WINDOWS\System32\Tasks\{C1485899-2309-4C26-8247-C7EDEFE09ED5}
2017-03-29 14:15 - 2017-03-29 14:15 - 00003072 _____ C:\WINDOWS\System32\Tasks\{97FE2682-88CD-4C67-8FA3-F7987EFF07FC}
2017-03-29 13:38 - 2017-03-29 13:38 - 00001901 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-03-29 13:38 - 2017-03-29 13:38 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-29 13:35 - 2017-03-29 13:55 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-29 13:28 - 2017-03-29 13:30 - 11581544 _____ (SurfRight B.V.) C:\Users\jk\Downloads\hitmanpro_x64.exe
2017-03-29 12:58 - 2017-03-31 18:00 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-29 12:58 - 2017-03-30 15:09 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-29 12:58 - 2017-03-30 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-29 12:58 - 2017-03-29 17:25 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-29 12:58 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-29 12:57 - 2017-03-29 12:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-29 12:57 - 2017-03-29 12:57 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-29 12:51 - 2017-03-29 12:53 - 57131432 _____ (Malwarebytes ) C:\Users\jk\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-29 12:50 - 2017-03-29 12:50 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045 (1).exe
2017-03-29 12:25 - 2017-03-30 15:57 - 00000000 ____D C:\AdwCleaner
2017-03-29 12:16 - 2017-03-29 12:17 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045.exe
2017-03-28 14:06 - 2017-03-28 14:06 - 00697014 _____ C:\Users\jk\Downloads\BH_Index_2005.pdf
2017-03-20 08:55 - 2017-03-30 14:07 - 00832310 _____ C:\WINDOWS\ntbtlog.txt
2017-03-17 12:24 - 2017-03-17 12:24 - 00956499 _____ C:\Users\jk\AppData\Local\census.cache
2017-03-17 12:22 - 2017-03-17 12:22 - 01033700 _____ C:\Users\jk\AppData\Local\ars.cache
2017-03-17 12:04 - 2017-03-17 12:04 - 00000010 _____ C:\Users\jk\AppData\Local\sponge.last.runtime.cache
2017-03-17 11:50 - 2017-03-17 11:50 - 00000000 ____D C:\WINDOWS\Trend Micro
2017-03-17 11:50 - 2017-03-17 11:50 - 00000000 ____D C:\ProgramData\Trend Micro
2017-03-17 11:45 - 2017-03-17 11:45 - 00000036 _____ C:\Users\jk\AppData\Local\housecall.guid.cache
2017-03-17 11:45 - 2016-08-22 15:20 - 00332512 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-03-17 11:44 - 2017-03-17 11:44 - 02527376 _____ (Trend Micro Inc.) C:\Users\jk\Downloads\HousecallLauncher64.exe
2017-03-10 16:13 - 2017-03-10 16:13 - 00162452 _____ C:\Users\jk\Downloads\Organization of Racing Investigators Contact List 2017 Final.pdf
2017-03-10 16:13 - 2017-03-10 16:13 - 00162452 _____ C:\Users\jk\Downloads\Organization of Racing Investigators Contact List 2017 Final (1).pdf
2017-03-09 15:03 - 2017-03-09 16:10 - 00000000 __SHD C:\Users\jk\Documents\cache
2017-03-09 15:02 - 2017-03-09 15:02 - 00774728 _____ C:\Users\jk\AppData\LocalLow\PreFEFD.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00238190 _____ C:\Users\jk\AppData\LocalLow\Pre10C1.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00210246 _____ C:\Users\jk\AppData\LocalLow\PreF8F1.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00179365 _____ C:\Users\jk\AppData\LocalLow\Pre194E.tmp
2017-03-08 18:54 - 2017-03-08 18:54 - 00000449 _____ C:\Users\jk\Downloads\citations_MLA8.html
2017-03-08 18:53 - 2017-03-08 18:53 - 02416664 _____ C:\Users\jk\Downloads\Feminine_Wiles.PDF
2017-03-08 18:35 - 2017-03-08 18:35 - 00000797 _____ C:\Users\jk\Downloads\citations.ris
2017-03-08 13:43 - 2017-03-08 13:43 - 00005632 _____ C:\Users\jk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-06 13:32 - 2017-03-06 13:32 - 00000000 ____D C:\a7f0a964feafc9d9c8486234427a150b
2017-03-04 20:24 - 2017-03-04 20:24 - 00000445 _____ C:\Users\jk\Downloads\citation (2).txt
2017-03-04 20:24 - 2017-03-04 20:24 - 00000287 _____ C:\Users\jk\Downloads\citation.txt
2017-03-04 20:24 - 2017-03-04 20:24 - 00000287 _____ C:\Users\jk\Downloads\citation (1).txt
2017-03-01 17:04 - 2017-03-01 17:06 - 10215592 _____ (PDFCompressor.net ) C:\Users\jk\Downloads\pdfcompressor.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-31 21:03 - 2013-03-16 04:03 - 00000000 ____D C:\Users\jk\AppData\LocalLow\AuthenTec
2017-03-31 19:45 - 2013-06-05 19:41 - 00000000 ____D C:\Users\jk\Documents\Employment
2017-03-31 17:27 - 2015-12-15 14:49 - 00003134 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjk
2017-03-31 17:27 - 2015-12-15 14:49 - 00000326 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjk.job
2017-03-30 19:56 - 2013-03-16 04:12 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-55595808-3091521971-254164671-1002
2017-03-30 17:03 - 2013-11-22 23:03 - 00000000 ____D C:\Users\jk\Documents\Print screens
2017-03-30 15:58 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-30 15:58 - 2012-09-26 09:53 - 00000932 _____ C:\WINDOWS\SysWOW64\bscs.ini
2017-03-30 14:13 - 2014-11-21 04:44 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-30 14:13 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2017-03-30 14:03 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-03-30 12:39 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-30 12:36 - 2012-08-17 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-30 12:11 - 2016-09-13 22:20 - 00000000 ____D C:\Users\jk
2017-03-30 10:43 - 2012-08-17 02:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-03-30 10:43 - 2012-08-17 01:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-03-30 10:10 - 2014-02-01 19:57 - 00000000 ____D C:\Users\jk\Documents\Rules of Racing
2017-03-29 17:36 - 2014-03-10 14:09 - 00000000 ____D C:\Users\jk\AppData\Local\ElevatedDiagnostics
2017-03-29 14:13 - 2012-08-17 02:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-29 14:12 - 2012-08-17 02:14 - 00000000 ____D C:\ProgramData\WildTangent
2017-03-29 14:09 - 2013-03-16 04:03 - 00000000 ____D C:\Users\jk\AppData\Local\Packages
2017-03-29 14:07 - 2016-06-11 10:01 - 00000000 ____D C:\ProgramData\Oracle
2017-03-29 14:06 - 2016-06-11 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-29 14:05 - 2016-06-11 10:02 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-03-29 14:04 - 2016-06-11 10:01 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-29 12:25 - 2013-03-31 05:40 - 00000000 ____D C:\Users\jk\Documents\Resume
2017-03-24 13:17 - 2014-08-25 20:34 - 00000000 ____D C:\Users\jk\AppData\Local\doEnter_Ltd
2017-03-23 17:56 - 2013-03-30 08:31 - 00129088 _____ C:\Users\jk\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-23 16:55 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-17 12:29 - 2017-01-02 20:24 - 00000000 ____D C:\Users\jk\Documents\2017
2017-03-13 11:34 - 2013-08-22 10:44 - 00494840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-13 11:33 - 2016-05-22 22:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-13 11:33 - 2016-05-22 22:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-09 16:10 - 2015-08-19 16:04 - 00000000 ____D C:\Users\jk\AppData\LocalLow\WebEx
2017-03-09 15:03 - 2015-08-19 17:46 - 00000000 ____D C:\Users\jk\AppData\Roaming\webex
2017-03-09 15:03 - 2015-08-19 16:04 - 00000000 ____D C:\ProgramData\WebEx
2017-03-09 15:02 - 2015-08-19 16:04 - 00000000 ____D C:\Users\jk\AppData\Local\WebEx
2017-03-09 14:19 - 2014-05-16 10:25 - 00000000 ____D C:\Users\jk\AppData\Local\Cyberlink
2017-03-09 14:19 - 2013-12-28 02:42 - 00000000 ____D C:\Users\jk\AppData\Roaming\CyberLink
2017-03-08 17:35 - 2013-06-21 22:13 - 00000000 ____D C:\Users\jk\Documents\SB1
2017-03-06 17:39 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-06 16:54 - 2013-07-05 09:55 - 00000000 ____D C:\Users\jk\Documents\JK
2017-03-02 16:16 - 2017-01-12 11:06 - 00003154 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 16:16 - 2017-01-10 19:07 - 00003162 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-55595808-3091521971-254164671-1002
2017-03-02 16:16 - 2017-01-10 19:07 - 00002285 _____ C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
 
==================== Files in the root of some directories =======
 
2015-01-21 02:14 - 2015-01-21 02:14 - 0023184 _____ () C:\Users\jk\AppData\Roaming\Comma Separated Values (DOS).ADR
2014-06-01 07:55 - 2014-08-07 09:40 - 0000032 _____ () C:\Users\jk\AppData\Roaming\coreavc.ini
2015-01-21 02:27 - 2015-01-21 02:27 - 0023361 _____ () C:\Users\jk\AppData\Roaming\Microsoft Excel.ADR
2017-03-17 12:22 - 2017-03-17 12:22 - 1033700 _____ () C:\Users\jk\AppData\Local\ars.cache
2017-03-17 12:24 - 2017-03-17 12:24 - 0956499 _____ () C:\Users\jk\AppData\Local\census.cache
2017-03-08 13:43 - 2017-03-08 13:43 - 0005632 _____ () C:\Users\jk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-17 11:45 - 2017-03-17 11:45 - 0000036 _____ () C:\Users\jk\AppData\Local\housecall.guid.cache
2017-03-17 12:04 - 2017-03-17 12:04 - 0000010 _____ () C:\Users\jk\AppData\Local\sponge.last.runtime.cache
 
Some files in TEMP:
====================
2017-03-29 14:01 - 2017-03-29 14:01 - 0739904 _____ (Oracle Corporation) C:\Users\jk\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-13 16:25 - 2017-01-20 16:16 - 43918808 _____ (Skype Technologies S.A.) C:\Users\jk\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-29 13:20
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by jk (administrator) on HP (31-03-2017 21:47:11)
Running from C:\Users\jk\Downloads
Loaded Profiles: jk (Available Profiles: jk)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\Windows\System32\valWBFPolicyService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\jk\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [basicsmssmenu] => C:\Program Files (x86)\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe [169328 2007-10-09] (Maxtor Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [gStart] => C:\Garmin\gStart.exe [1891416 2008-08-13] (GARMIN Corp.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe [1000288 2012-05-22] (AppEx Networks Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [PPAP] => C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe [214368 2014-01-25] (PPLive Corporation)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-07-08] (Apple Inc.)
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\Run: [Power2GoExpress8] => NA
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PPTV.lnk [2014-02-01]
ShortcutTarget: PPTV.lnk -> C:\Program Files (x86)\PPLive\PPTV\PPLive.exe (PPLive Corporation)
Startup: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Mouse.lnk [2014-03-19]
ShortcutTarget: Scanner Mouse.lnk -> C:\Program Files (x86)\Scanner Mouse\Scanner Mouse.exe ()
Startup: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{FD49D65C-997E-4C30-B29F-96AC10DD2A66}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> DefaultScope {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-30] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-30] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.)
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-29] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-03-29] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.)
Toolbar: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-30] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll [2012-09-19] (Skype Technologies)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-02-07] ( HP)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.0.0032\npplugin2.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-55595808-3091521971-254164671-1002: @citrixonline.com/appdetectorplugin -> C:\Users\jk\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-05-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-55595808-3091521971-254164671-1002: hp.com/HPDetect -> C:\Users\jk\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default [2017-03-31]
CHR Extension: (Website Logon) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2016-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-13]
CHR Extension: (Chrome Media Router) - C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 Basics Service; C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe [124280 2007-10-09] (Seagate Technology LLC)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3800256 2017-03-20] (Microsoft Corporation)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-09-14] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-09-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [225504 2014-03-28] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R3 BtAudioBusSrv; C:\WINDOWS\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-30] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-30] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-30] (Malwarebytes)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [273040 2012-08-08] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-12-17] (Anchorfree Inc.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2016-09-14] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [270168 2016-09-14] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2016-09-14] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-03-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-03-30] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-31 21:45 - 2017-03-31 21:45 - 02424832 _____ (Farbar) C:\Users\jk\Downloads\FRST64 (1).exe
2017-03-31 17:44 - 2017-03-31 17:44 - 04547889 _____ C:\Users\jk\Downloads\2017 Racing Calendar.pdf
2017-03-30 16:11 - 2017-03-30 16:11 - 00045901 _____ C:\Users\jk\Desktop\Addition.txt
2017-03-30 16:11 - 2017-03-30 16:11 - 00035111 _____ C:\Users\jk\Desktop\FRST.txt
2017-03-30 16:06 - 2017-03-30 16:08 - 00045898 _____ C:\Users\jk\Downloads\Addition.txt
2017-03-30 16:04 - 2017-03-31 21:47 - 00021925 _____ C:\Users\jk\Downloads\FRST.txt
2017-03-30 16:03 - 2017-03-31 21:47 - 00000000 ____D C:\FRST
2017-03-30 16:02 - 2017-03-30 16:02 - 02424832 _____ (Farbar) C:\Users\jk\Downloads\FRST64.exe
2017-03-30 16:02 - 2017-03-30 16:02 - 00001559 _____ C:\Users\jk\Desktop\AdwCleaner[C2].txt
2017-03-30 15:56 - 2017-03-30 15:56 - 00001606 _____ C:\Users\jk\Desktop\AdwCleaner[S1].txt
2017-03-30 15:55 - 2017-03-30 15:55 - 00006840 _____ C:\Users\jk\Desktop\AdwCleaner[C0].txt
2017-03-30 15:46 - 2017-03-30 15:46 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045 (2).exe
2017-03-30 15:44 - 2017-03-30 15:44 - 00001095 _____ C:\Users\jk\Desktop\Malwarebytes log 2017-03-30.txt
2017-03-30 15:05 - 2017-03-30 15:08 - 57131432 _____ (Malwarebytes ) C:\Users\jk\Downloads\mb3-setup-1878.1878-3.0.6.1469-1075.exe
2017-03-30 13:34 - 2017-03-30 13:34 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable (2).exe
2017-03-30 12:11 - 2017-03-31 21:46 - 00352084 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-30 12:11 - 2017-03-31 21:46 - 00331122 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-30 12:11 - 2017-03-30 12:11 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-03-30 12:11 - 2017-03-30 12:11 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-03-30 12:10 - 2017-03-30 12:10 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable (1).exe
2017-03-30 11:58 - 2017-03-30 11:58 - 00000000 ____D C:\Users\jk\AppData\Local\Zemana
2017-03-30 11:57 - 2017-03-30 11:58 - 14549952 _____ (Copyright 2017.) C:\Users\jk\Downloads\Zemana.AntiMalware.Portable.exe
2017-03-29 14:29 - 2017-03-29 14:29 - 00003070 _____ C:\WINDOWS\System32\Tasks\{C1485899-2309-4C26-8247-C7EDEFE09ED5}
2017-03-29 14:15 - 2017-03-29 14:15 - 00003072 _____ C:\WINDOWS\System32\Tasks\{97FE2682-88CD-4C67-8FA3-F7987EFF07FC}
2017-03-29 13:38 - 2017-03-29 13:38 - 00001901 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2017-03-29 13:38 - 2017-03-29 13:38 - 00000000 ____D C:\Program Files\HitmanPro
2017-03-29 13:35 - 2017-03-29 13:55 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-29 13:28 - 2017-03-29 13:30 - 11581544 _____ (SurfRight B.V.) C:\Users\jk\Downloads\hitmanpro_x64.exe
2017-03-29 12:58 - 2017-03-31 18:00 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-29 12:58 - 2017-03-30 16:00 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-29 12:58 - 2017-03-30 15:09 - 00001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-29 12:58 - 2017-03-30 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-29 12:58 - 2017-03-29 17:25 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-29 12:58 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-29 12:57 - 2017-03-29 12:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-29 12:57 - 2017-03-29 12:57 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-29 12:51 - 2017-03-29 12:53 - 57131432 _____ (Malwarebytes ) C:\Users\jk\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-29 12:50 - 2017-03-29 12:50 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045 (1).exe
2017-03-29 12:25 - 2017-03-30 15:57 - 00000000 ____D C:\AdwCleaner
2017-03-29 12:16 - 2017-03-29 12:17 - 04089296 _____ C:\Users\jk\Downloads\adwcleaner_6.045.exe
2017-03-28 14:06 - 2017-03-28 14:06 - 00697014 _____ C:\Users\jk\Downloads\BH_Index_2005.pdf
2017-03-20 08:55 - 2017-03-30 14:07 - 00832310 _____ C:\WINDOWS\ntbtlog.txt
2017-03-17 12:24 - 2017-03-17 12:24 - 00956499 _____ C:\Users\jk\AppData\Local\census.cache
2017-03-17 12:22 - 2017-03-17 12:22 - 01033700 _____ C:\Users\jk\AppData\Local\ars.cache
2017-03-17 12:04 - 2017-03-17 12:04 - 00000010 _____ C:\Users\jk\AppData\Local\sponge.last.runtime.cache
2017-03-17 11:50 - 2017-03-17 11:50 - 00000000 ____D C:\WINDOWS\Trend Micro
2017-03-17 11:50 - 2017-03-17 11:50 - 00000000 ____D C:\ProgramData\Trend Micro
2017-03-17 11:45 - 2017-03-17 11:45 - 00000036 _____ C:\Users\jk\AppData\Local\housecall.guid.cache
2017-03-17 11:45 - 2016-08-22 15:20 - 00332512 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2017-03-17 11:44 - 2017-03-17 11:44 - 02527376 _____ (Trend Micro Inc.) C:\Users\jk\Downloads\HousecallLauncher64.exe
2017-03-10 16:13 - 2017-03-10 16:13 - 00162452 _____ C:\Users\jk\Downloads\Organization of Racing Investigators Contact List 2017 Final.pdf
2017-03-10 16:13 - 2017-03-10 16:13 - 00162452 _____ C:\Users\jk\Downloads\Organization of Racing Investigators Contact List 2017 Final (1).pdf
2017-03-09 15:03 - 2017-03-09 16:10 - 00000000 __SHD C:\Users\jk\Documents\cache
2017-03-09 15:02 - 2017-03-09 15:02 - 00774728 _____ C:\Users\jk\AppData\LocalLow\PreFEFD.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00238190 _____ C:\Users\jk\AppData\LocalLow\Pre10C1.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00210246 _____ C:\Users\jk\AppData\LocalLow\PreF8F1.tmp
2017-03-09 15:02 - 2017-03-09 15:02 - 00179365 _____ C:\Users\jk\AppData\LocalLow\Pre194E.tmp
2017-03-08 18:54 - 2017-03-08 18:54 - 00000449 _____ C:\Users\jk\Downloads\citations_MLA8.html
2017-03-08 18:53 - 2017-03-08 18:53 - 02416664 _____ C:\Users\jk\Downloads\Feminine_Wiles.PDF
2017-03-08 18:35 - 2017-03-08 18:35 - 00000797 _____ C:\Users\jk\Downloads\citations.ris
2017-03-08 13:43 - 2017-03-08 13:43 - 00005632 _____ C:\Users\jk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-06 13:32 - 2017-03-06 13:32 - 00000000 ____D C:\a7f0a964feafc9d9c8486234427a150b
2017-03-04 20:24 - 2017-03-04 20:24 - 00000445 _____ C:\Users\jk\Downloads\citation (2).txt
2017-03-04 20:24 - 2017-03-04 20:24 - 00000287 _____ C:\Users\jk\Downloads\citation.txt
2017-03-04 20:24 - 2017-03-04 20:24 - 00000287 _____ C:\Users\jk\Downloads\citation (1).txt
2017-03-01 17:04 - 2017-03-01 17:06 - 10215592 _____ (PDFCompressor.net ) C:\Users\jk\Downloads\pdfcompressor.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-03-31 21:03 - 2013-03-16 04:03 - 00000000 ____D C:\Users\jk\AppData\LocalLow\AuthenTec
2017-03-31 19:45 - 2013-06-05 19:41 - 00000000 ____D C:\Users\jk\Documents\Employment
2017-03-31 17:27 - 2015-12-15 14:49 - 00003134 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjk
2017-03-31 17:27 - 2015-12-15 14:49 - 00000326 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjk.job
2017-03-30 19:56 - 2013-03-16 04:12 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-55595808-3091521971-254164671-1002
2017-03-30 17:03 - 2013-11-22 23:03 - 00000000 ____D C:\Users\jk\Documents\Print screens
2017-03-30 15:58 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-30 15:58 - 2012-09-26 09:53 - 00000932 _____ C:\WINDOWS\SysWOW64\bscs.ini
2017-03-30 14:13 - 2014-11-21 04:44 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-30 14:13 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2017-03-30 14:03 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2017-03-30 12:39 - 2013-08-22 11:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-30 12:36 - 2012-08-17 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-30 12:11 - 2016-09-13 22:20 - 00000000 ____D C:\Users\jk
2017-03-30 10:43 - 2012-08-17 02:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2017-03-30 10:43 - 2012-08-17 01:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-03-30 10:10 - 2014-02-01 19:57 - 00000000 ____D C:\Users\jk\Documents\Rules of Racing
2017-03-29 17:36 - 2014-03-10 14:09 - 00000000 ____D C:\Users\jk\AppData\Local\ElevatedDiagnostics
2017-03-29 14:13 - 2012-08-17 02:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-03-29 14:12 - 2012-08-17 02:14 - 00000000 ____D C:\ProgramData\WildTangent
2017-03-29 14:09 - 2013-03-16 04:03 - 00000000 ____D C:\Users\jk\AppData\Local\Packages
2017-03-29 14:07 - 2016-06-11 10:01 - 00000000 ____D C:\ProgramData\Oracle
2017-03-29 14:06 - 2016-06-11 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-29 14:05 - 2016-06-11 10:02 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-03-29 14:04 - 2016-06-11 10:01 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-29 12:25 - 2013-03-31 05:40 - 00000000 ____D C:\Users\jk\Documents\Resume
2017-03-24 13:17 - 2014-08-25 20:34 - 00000000 ____D C:\Users\jk\AppData\Local\doEnter_Ltd
2017-03-23 17:56 - 2013-03-30 08:31 - 00129088 _____ C:\Users\jk\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-23 16:55 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-03-17 12:29 - 2017-01-02 20:24 - 00000000 ____D C:\Users\jk\Documents\2017
2017-03-13 11:34 - 2013-08-22 10:44 - 00494840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-13 11:33 - 2016-05-22 22:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-13 11:33 - 2016-05-22 22:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-09 16:10 - 2015-08-19 16:04 - 00000000 ____D C:\Users\jk\AppData\LocalLow\WebEx
2017-03-09 15:03 - 2015-08-19 17:46 - 00000000 ____D C:\Users\jk\AppData\Roaming\webex
2017-03-09 15:03 - 2015-08-19 16:04 - 00000000 ____D C:\ProgramData\WebEx
2017-03-09 15:02 - 2015-08-19 16:04 - 00000000 ____D C:\Users\jk\AppData\Local\WebEx
2017-03-09 14:19 - 2014-05-16 10:25 - 00000000 ____D C:\Users\jk\AppData\Local\Cyberlink
2017-03-09 14:19 - 2013-12-28 02:42 - 00000000 ____D C:\Users\jk\AppData\Roaming\CyberLink
2017-03-08 17:35 - 2013-06-21 22:13 - 00000000 ____D C:\Users\jk\Documents\SB1
2017-03-06 17:39 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-06 16:54 - 2013-07-05 09:55 - 00000000 ____D C:\Users\jk\Documents\JK
2017-03-02 16:16 - 2017-01-12 11:06 - 00003154 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-03-02 16:16 - 2017-01-10 19:07 - 00003162 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-55595808-3091521971-254164671-1002
2017-03-02 16:16 - 2017-01-10 19:07 - 00002285 _____ C:\Users\jk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
 
==================== Files in the root of some directories =======
 
2015-01-21 02:14 - 2015-01-21 02:14 - 0023184 _____ () C:\Users\jk\AppData\Roaming\Comma Separated Values (DOS).ADR
2014-06-01 07:55 - 2014-08-07 09:40 - 0000032 _____ () C:\Users\jk\AppData\Roaming\coreavc.ini
2015-01-21 02:27 - 2015-01-21 02:27 - 0023361 _____ () C:\Users\jk\AppData\Roaming\Microsoft Excel.ADR
2017-03-17 12:22 - 2017-03-17 12:22 - 1033700 _____ () C:\Users\jk\AppData\Local\ars.cache
2017-03-17 12:24 - 2017-03-17 12:24 - 0956499 _____ () C:\Users\jk\AppData\Local\census.cache
2017-03-08 13:43 - 2017-03-08 13:43 - 0005632 _____ () C:\Users\jk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-17 11:45 - 2017-03-17 11:45 - 0000036 _____ () C:\Users\jk\AppData\Local\housecall.guid.cache
2017-03-17 12:04 - 2017-03-17 12:04 - 0000010 _____ () C:\Users\jk\AppData\Local\sponge.last.runtime.cache
 
Some files in TEMP:
====================
2017-03-29 14:01 - 2017-03-29 14:01 - 0739904 _____ (Oracle Corporation) C:\Users\jk\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-01-13 16:25 - 2017-01-20 16:16 - 43918808 _____ (Skype Technologies S.A.) C:\Users\jk\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-03-29 13:20
 
==================== End of FRST.txt ============================


#5 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 31 March 2017 - 09:04 PM

Hi Yilmaz,

 

Thank you for your reply and your assistance.

 

I copied and pasted the Farbar FRST log. I will attach the Additions log as soon as I figure out how to attach to this reply. Would you be so kind as to let me know where to find the "attach" symbol?

 

Thank you! Your assistance is greatly appreciated.

Azeri



#6 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 01 April 2017 - 10:01 AM

Hi azeri,

All the logs, just copy and paste on the page.
Please look;
https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/#gmer

Sample:Additional.txt file.

attach-files.jpg
You will now be at a screen asking you to choose a file to upload. Click on the Desktop button as shown by the red arrow in Figure 11 below.

attach-addition-log.jpg

 

I am waiting Additional.txt file.


Edited by olgun52, 01 April 2017 - 12:01 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 01 April 2017 - 05:12 PM

Hi Yilmaz,

My screen does NOT have the option to attach files. Below this area that I am typing are the icons for twitter, google, digg, etc. There are not links for attaching.  I will copy and paste the Additions log.

 

 

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017

Ran by jk (31-03-2017 21:48:38)
Running from C:\Users\jk\Downloads
Windows 8.1 (Update) (X64) (2016-09-14 12:50:49)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-55595808-3091521971-254164671-500 - Administrator - Disabled)
Guest (S-1-5-21-55595808-3091521971-254164671-501 - Limited - Disabled)
jk (S-1-5-21-55595808-3091521971-254164671-1002 - Administrator - Enabled) => C:\Users\jk
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - Canon Inc.)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Drive Manager (HKLM-x32\...\InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}) (Version: 1.00.0012 - Seagate Technology)
Drive Manager (x32 Version: 1.00.0012 - Seagate Technology) Hidden
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
E-Z Contact Book version 3.0.4.4 (HKLM-x32\...\{1B758D8A-B999-45AD-B7AA-14D10FDC19D2}_is1) (Version: 3.0.4.4 - Dmitri Karshakevich)
Free VPN version 3.0 (HKLM-x32\...\{353EDE50-22AA-419E-8D7B-2012134CF56E}_is1) (Version: 3.0 - VPNMaster Inc.)
Garmin Training Center (HKLM-x32\...\{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}) (Version: 3.4.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP AC Power Control (HKLM-x32\...\{03E3548E-8B2E-4F8E-8222-63CA135B54EF}) (Version: 1.0.6 - Hewlett-Packard)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{92524C67-A99D-44C6-8995-04F5E76486AF}) (Version: 1.1.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Port Replicator Software Installer (HKLM-x32\...\{6313BCDF-1109-4682-A19D-413189817787}) (Version: 1.3.23 - HP)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.3.50.9 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{E7F7C2F3-0BEF-471A-A6F3-4B43002034F4}) (Version: 12.5.32.203 - HP Inc.)
HP USB Docking Video (HKLM\...\{5954B537-883E-4266-8E3B-B1E5F6EB67FA}) (Version: 7.2.47873.0 - Hewlett-Packard)
HP Utility Center (HKLM\...\{2AFEFC93-F0C7-4390-BB51-F914EC546B30}) (Version: 2.1.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Maxis Broadband (HKLM-x32\...\Maxis Broadband) (Version: 16.001.06.10.99 - Huawei Technologies Co.,Ltd)
MeadCo ScriptX (v7.1.0.60 (x86)) (HKLM-x32\...\{BC15EFA7-97B7-43A3-A293-5117EC3C1A86}) (Version: 7.1.0 - Mead & Co Ltd.)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7967.2030 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Windows 8 ESU (HKLM-x32\...\{E7E058CF-4638-49D4-936D-AC6DAE3B002E}) (Version: 1.1.1 - Hewlett-Packard)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2030 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7927.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2030 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
PandaPow 2.3.8 (HKLM-x32\...\PandaPow) (Version: 2.3.8 - )
PPTV V3.5.0.0032 (HKLM-x32\...\PPLive) (Version: 3.5.0 - PPLive Corporation)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ralink Bluetooth Stack64 (HKLM\...\{95DF815D-BE2D-9118-F549-39794C5869CF}) (Version: 9.0.725.0 - Ralink Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
Reviewer (HKLM-x32\...\{02338B81-427D-4DE4-BFAA-28F3327EE4D7}) (Version: 1.11.39.0 - Sorna Corporation)
Scanner Mouse (HKLM-x32\...\{77113497-B67B-415A-8621-C94E6FF3F037}) (Version: 1.6.1 - Dacuda)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SoftPaq (HKLM-x32\...\SoftPaq) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-55595808-3091521971-254164671-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\jk\AppData\Local\Microsoft\OneDrive\17.3.6798.0207\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04F34E69-22C1-4DC0-B64D-9C0FDE848972} - System32\Tasks\HPCeeScheduleForjk => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {0CD28AD6-2B90-4148-B2E1-7DC8286E5C04} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1D67CC53-E6DD-4CA5-93D3-BB3813D4F083} - System32\Tasks\AVAST Software\Avast upgrade utility => C:\Program Files\Common Files\AV\avast! Antivirus\upgrade.exe [2016-03-28] (AVAST Software)
Task: {38000404-7B96-439B-B833-86AFA4EC89A3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-03-10] (HP Inc.)
Task: {3C272752-D7E7-482B-AABC-3FAFC63E4AF3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN2C5CXK3G => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-03-10] (HP Inc.)
Task: {452EB160-B28C-4F6B-8FF9-9DF572B3E650} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-20] (Microsoft Corporation)
Task: {4DCBD95C-A351-411C-B985-649028CC5A8A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {50D86FE0-A5FC-42CE-9215-43E83325863E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {5748FF71-41BB-4220-A925-E66FFE3C093F} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {653E6DF0-8E99-4458-9228-94AEFF85D197} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {66B003E8-8CD1-4D3C-929D-641786C120DF} - System32\Tasks\{C1485899-2309-4C26-8247-C7EDEFE09ED5} => pcalua.exe -a "C:\Program Files (x86)\HP Games\Uninstall.exe"
Task: {678D2F39-B1C4-481A-A078-21005BF2EEED} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {7F1CD230-BC76-4409-802E-6D4CBA7D424F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-30] (Microsoft Corporation)
Task: {80ECF89E-BCCE-48B7-8078-E488CC1181D2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-03-30] (Microsoft Corporation)
Task: {858DAF6F-2021-4F79-878C-548651A13667} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {8DDE6357-C038-4577-A51E-2789BF77ED09} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {96BD26BD-4776-4ACE-BC7A-1CB073BA3541} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {A32929A3-F9E7-469B-AE04-387746B0FD87} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {A9ADA062-E41E-4E1A-A50B-86077C63EA13} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {AD7441FA-31C7-4C8D-B7B4-BF2D37305E5C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {AF80EDD3-CD79-46A2-90C0-41FB0F2B71FE} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {B6767FB9-4A80-4270-8D22-13083FF6C2FD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-20] (Microsoft Corporation)
Task: {C080243C-C93E-41F3-9521-664470218802} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-30] (Microsoft Corporation)
Task: {C7FDB8E3-C486-4569-9E98-012B6AFEEC40} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {E5244147-AB92-4CC7-951E-244C168DC16C} - System32\Tasks\{97FE2682-88CD-4C67-8FA3-F7987EFF07FC} => pcalua.exe -a "C:\Program Files (x86)\WildGames\Uninstall.exe"
Task: {F4210E57-D60F-4A0B-BEF0-143F32BDDF34} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\HPCeeScheduleForjk.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Network Shortcuts\My Web Sites on MSN\target.lnk -> hxxp://www.msnusers.co
Shortcut: C:\Users\jk\AppData\Roaming\Microsoft\Windows\Network Shortcuts\hkjc on www.racing.scmp.com\target.lnk -> hxxp://www.racing.scmp.com/news/hkj
 
ShortcutWithArgument: C:\Users\Public\Desktop\PPGame.lnk -> C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation) -> /loadmodule mngmodule.dll /T 3 /L hxxp://tj.g.pptv.com/click.php?t=cms&cid=71
ShortcutWithArgument: C:\Users\Public\Desktop\PPShow.lnk -> C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation) -> /loadmodule mngmodule.dll /T 3 /L hxxp://tj.g.pptv.com/s.php?cid=2&go=http%3A%2F%2Fshow.pptv.com%2F
ShortcutWithArgument: C:\Users\Public\Desktop\PPTV Online Video.lnk -> C:\Program Files (x86)\Common Files\PPLiveNetwork\PPAP.exe (PPLive Corporation) -> /loadmodule mngmodule.dll /T 3 /L hxxp://www.pptv.com/?rcc_id=d7ff9d0c59ed065e257390a84dd5831b
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-04-17 22:29 - 2014-04-17 22:29 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 02:28 - 2016-11-17 02:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-06 05:47 - 2012-09-06 05:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2017-03-29 12:58 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\system32\BsTrace.dll
2017-01-10 18:46 - 2017-03-30 12:34 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-02-07 09:19 - 2013-02-07 09:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\WINDOWS\SYSTEM32\BsTrace.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2016-09-13 19:22 - 2013-08-05 03:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-02-07 09:19 - 2013-02-07 09:19 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2017-02-26 20:44 - 2017-02-01 05:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-26 20:44 - 2017-02-01 05:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\incompasssolutions.com -> hxxps://rto.incompasssolutions.com
IE trusted site: HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\sharepoint.com -> hxxps://titansbrevardcc-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\jk\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "PPTV.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "AdAwareTray"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "basicsmssmenu"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "BtTray"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\StartupFolder: => "Scanner Mouse.lnk"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "gStart"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "PPAP"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-55595808-3091521971-254164671-1002\...\StartupApproved\Run: => "Power2GoExpress8"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F49AC1B9-AB15-45B8-B3BC-9B894459EF1C}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{2C37AC5C-E18A-40E3-BE5B-3238FB10FCF9}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
FirewallRules: [{98DE1B39-E895-41CC-8EA2-23DB7BC2FA43}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{AD8BA99C-408E-4165-9AA9-81A6B9EBC109}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FE3EA5AE-8795-488A-98C6-41F64DD337BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{148F7750-71B2-4C90-A5FD-9CDB7F248858}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5028BEF6-D892-4C2C-AB4E-9EE6A6232AA0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{37A34000-5A64-4330-BA31-A9F66DFD9F13}] => (Allow) LPort=2869
FirewallRules: [{C7517D51-2718-45CA-B78A-7BC0EE9925D7}] => (Allow) LPort=2869
FirewallRules: [{C0ABFB9A-10F6-49BB-A07F-1B8092714B37}] => (Allow) LPort=1900
FirewallRules: [{8000DCD4-6CB2-411A-89EC-D365CF7AFD66}] => (Allow) LPort=1900
FirewallRules: [{90DD3823-C9E3-4A2A-AF98-AEEDBFC76409}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{0B82D96F-4FA2-4A26-8A9C-EEF9BF8A2FAF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{F2E3E704-8F0E-4FB6-B0B4-FC4909801552}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{ADDA7542-8727-4915-B81A-0EAC9B426D7C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{784C0D0F-A9E5-45A4-8ADF-D64CA21C5A28}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{29F4A800-924F-443C-AB93-0EA7E947E690}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4C595842-5B01-448B-8366-5CD64AB661DB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F39F6B21-798A-4F26-9831-09A4E4D8D45F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{2825C326-4847-4D37-B7F7-003FDF5ED0C5}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.0.0032\PluginInstaller.exe
FirewallRules: [{38D6AB97-E41C-4C0A-862A-5F52520581E7}] => (Allow) C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.0.0032\PluginInstaller.exe
FirewallRules: [UDP Query User{8EA1650A-FF44-49DE-85C8-E3A1D85B9CF6}C:\program files (x86)\common files\pplivenetwork\ppap.exe] => (Allow) C:\program files (x86)\common files\pplivenetwork\ppap.exe
FirewallRules: [TCP Query User{6404AE39-6D78-45F7-A84A-696D3AA25EB1}C:\program files (x86)\common files\pplivenetwork\ppap.exe] => (Allow) C:\program files (x86)\common files\pplivenetwork\ppap.exe
FirewallRules: [{03DC0127-596C-47DF-AABA-E92B59886EC5}] => (Allow) C:\Windows\System32\PPTVLauncher.exe
FirewallRules: [{D861D442-B8DB-4898-A874-937E7F363D2F}] => (Allow) C:\Windows\System32\PPTVLauncher.exe
FirewallRules: [{F502A1E9-041D-43F3-8C64-BD2D5CDD7A54}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.5.0.0032\crashreporter.exe
FirewallRules: [{DCFD706B-7794-44F7-94AF-0AC679278967}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.5.0.0032\crashreporter.exe
FirewallRules: [{AD6B68E6-00DC-489B-8CB8-E116B1217B1B}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.5.0.0032\RepairSetup.exe
FirewallRules: [{48B52F45-376A-4BCA-84F4-59E1A7F42737}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.5.0.0032\RepairSetup.exe
FirewallRules: [{6D118651-D4D2-4DCA-9C98-9819DB02DE08}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.5.0.0032\PPLiveU.exe
FirewallRules: [{4E00EA96-4CA8-4130-AF68-B4A3FAAF9032}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\3.5.0.0032\PPLiveU.exe
FirewallRules: [{960C672D-C3C7-4AC3-A405-8084DCCDFE89}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
FirewallRules: [{63800891-145E-4836-9818-7105F5A60C93}] => (Allow) C:\Program Files (x86)\PPLive\PPTV\PPLive.exe
FirewallRules: [{5751AA4E-EFBD-40F6-BA56-2A0116363F8E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{3DC6463E-9D3E-46A0-A7B8-615C408BECE2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{6C223ECA-53B5-449F-9F08-790EDCDBB806}] => (Allow) LPort=1900
FirewallRules: [{F15DE162-7FC0-400C-900A-A55034F8700F}] => (Allow) LPort=2869
FirewallRules: [{C2E3CB1D-B01E-486C-A839-70C842691A90}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{15625A11-315E-4064-9BD0-3D785057E13B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4E3BE02B-BA9B-4D35-A3CF-9524F2F86E38}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{9C48EF4F-B6BF-4D0B-A75A-6EFDF09EE1C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3E6D8F02-A405-4C56-97AC-20D0258EA0A9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{18D7E246-1820-46A3-B23F-0FF3C9B87CB0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{BE75EBB7-23C3-4822-B3B2-7E0E42873687}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A36166E4-E6E0-434D-A964-DF612E7B850E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-03-2017 12:24:50 Scheduled Checkpoint
29-03-2017 13:51:09 Checkpoint by HitmanPro
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/31/2017 04:07:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPSF.exe, version: 8.3.50.9, time stamp: 0x58472b92
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18264, time stamp: 0x56e1bd71
Exception code: 0xe0434352
Fault offset: 0x0000000000008a5c
Faulting process id: 0xb10
Faulting application start time: 0x01d2aa5a736b3b05
Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: b5787771-164d-11e7-bed1-082e5f7bc149
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/31/2017 04:07:46 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPSF.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at HP.SupportAssistant.HPSA_UI.App.Main()
 
Error: (03/31/2017 03:37:50 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsSMSEditor.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
 
Error: (03/31/2017 03:33:13 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/30/2017 07:44:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPSF.exe, version: 8.3.50.9, time stamp: 0x58472b92
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18264, time stamp: 0x56e1bd71
Exception code: 0xe0434352
Fault offset: 0x0000000000008a5c
Faulting process id: 0x4f4
Faulting application start time: 0x01d2a9af98d0a1e7
Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: d9e440f3-15a2-11e7-bed1-082e5f7bc149
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/30/2017 07:44:44 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPSF.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at HP.SupportAssistant.HPSA_UI.App.Main()
 
Error: (03/30/2017 07:23:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsSMSEditor.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
 
Error: (03/30/2017 07:17:07 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/30/2017 04:02:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPSF.exe, version: 8.3.50.9, time stamp: 0x58472b92
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18264, time stamp: 0x56e1bd71
Exception code: 0xe0434352
Fault offset: 0x0000000000008a5c
Faulting process id: 0xe34
Faulting application start time: 0x01d2a99090779040
Faulting application path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: d72f9195-1583-11e7-bed1-082e5f7bc149
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (03/30/2017 04:02:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPSF.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Windows.Markup.XamlParseException
Stack:
   at System.Windows.Markup.WpfXamlLoader.Load(System.Xaml.XamlReader, System.Xaml.IXamlObjectWriterFactory, Boolean, System.Object, System.Xaml.XamlObjectWriterSettings, System.Uri)
   at System.Windows.Markup.WpfXamlLoader.LoadBaml(System.Xaml.XamlReader, Boolean, System.Object, System.Xaml.Permissions.XamlAccessLevel, System.Uri)
   at System.Windows.Markup.XamlReader.LoadBaml(System.IO.Stream, System.Windows.Markup.ParserContext, System.Object, Boolean)
   at HP.SupportAssistant.HPSA_UI.App.Main()
 
 
System errors:
=============
Error: (03/30/2017 08:24:45 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (03/30/2017 07:57:13 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (03/30/2017 07:56:41 PM) (Source: DCOM) (EventID: 10010) (User: HP)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (03/30/2017 03:59:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (03/30/2017 03:57:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (03/30/2017 03:57:31 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (03/30/2017 03:57:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/30/2017 03:57:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IconMan_R service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (03/30/2017 03:57:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (03/30/2017 03:57:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-03-30 15:59:42.787
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2017-03-29 13:24:18.591
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-24 12:31:12.639
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-03-13 21:44:44.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-02 16:06:50.193
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-02 16:06:49.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-02 16:06:49.420
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-02 16:06:49.120
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-29 15:44:01.675
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-10-29 15:44:00.947
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-4500M APU with Radeon™ HD Graphics 
Percentage of memory in use: 34%
Total physical RAM: 5596.26 MB
Available physical RAM: 3687.1 MB
Total Virtual: 6300.26 MB
Available Virtual: 4335.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:670.28 GB) (Free:554.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:27.15 GB) (Free:0.05 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: A50E1C7D)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#8 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 01 April 2017 - 07:42 PM

Hi azeri,

The ZoneAlarm Uninstall Tool will uninstall all versions of the ZoneAlarm firewall from your computer in the event that it will not uninstall properly via the Windows control panel.  When you run the program it will ask if you want to remove the ZoneAlarm Extreme version, but will in fact remove all versions of the ZoneAlarm Firewall.

Please run,Zone Alarm Firewall Uninstall
https://www.bleepingcomputer.com/download/zonealarm-uninstall-tool/
===============================================================
Please run Avast Software Uninstall Utility
https://www.bleepingcomputer.com/download/avast-software-uninstall-utility/
==================================================================
Ad-Aware Uninstall.
http://www.lavasoftsupport.com/index.php?showtopic=28
=================================================
Please Hitman Pro Uninstall.
===============================
Please uninstall;Free VPN version 3.0

Why Free Software Downloads Aren't Always Safe
https://us.norton.com/yoursecurityresource/detail.jsp?aid=freewarerisks

===============================================================
PC restart now

 

Let me know when you get that done all.

 

Good day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 01 April 2017 - 11:26 PM

Hi Olgun52,

I followed your directions to run zonealarm uninstall.

I ran Avast Software uninstall.

I tried to follow to directions in the link to uninstall Lavasoft Ad-Aware. The directions gave several places to locate the Lavasoft Ad-Aware file but I could not locate the Ad-aware file. 

Do I proceed to uninstall HitmanPro?

Thanks for your help,

Azeri



#10 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 02 April 2017 - 03:14 PM

Hi again,

Running from C:\Users\jk\Downloads

Please,run the software from the desktop only.
-------------------------------------------------------------------

Do I proceed to uninstall HitmanPro?

This is just my advice.Windows Defender is enough. You can use the Eset Online scanner for external scans.
It run without being installed on the system and has the ability to delete.
=================================================================
Step 1:
FRST Script:
Please download this attached  Attached File  Fixlist.txt   4.52KB   4 downloads  and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

============================================================

In your next reply please include the following logs. Please be sure to copy and paste the requested logs.

  • Fixlog.txt
  • RogueKiller log.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 02 April 2017 - 07:12 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by jk (02-04-2017 17:58:48) Run:1
Running from C:\Users\jk\Desktop
Loaded Profiles: jk (Available Profiles: jk)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> DefaultScope {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {71570097-846B-47C3-BB88-0B9FE2ECB60F} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=EN&q={searchTerms}&gu=8a682656d7684f12a8762771c52365ce&tu=10G9z00JO2D33N0&sku=&tstsId=&ver=&&r=983
SearchScopes: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll => No File
Toolbar: HKU\S-1-5-21-55595808-3091521971-254164671-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @pptv.com/plugin -> C:\Program Files (x86)\Internet Explorer\PPLite\plugin\3.5.0.0032\npplugin2.dll [No File]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
C:\WINDOWS\Tasks\HPCeeScheduleForjk.job
Task: {1D67CC53-E6DD-4CA5-93D3-BB3813D4F083} - System32\Tasks\AVAST Software\Avast upgrade utility => C:\Program Files\Common Files\AV\avast! Antivirus\upgrade.exe [2016-03-28] (AVAST Software)
Task: {A32929A3-F9E7-469B-AE04-387746B0FD87} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {AF80EDD3-CD79-46A2-90C0-41FB0F2B71FE} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
FirewallRules: [{784C0D0F-A9E5-45A4-8ADF-D64CA21C5A28}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{29F4A800-924F-443C-AB93-0EA7E947E690}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4C595842-5B01-448B-8366-5CD64AB661DB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F39F6B21-798A-4F26-9831-09A4E4D8D45F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "AdAwareTray" /f
Reg: reg delete HKLM\...\StartupApproved\Run /v "AdAwareTray" /f
cmd: dir /a d:\a7f0a964feafc9d9c8486234427a150b
cmd: type C:\Users\jk\Desktop\AdwCleaner[C2].txt
CMD: ipconfig /flushdns
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71570097-846B-47C3-BB88-0B9FE2ECB60F} => key removed successfully
HKCR\CLSID\{71570097-846B-47C3-BB88-0B9FE2ECB60F} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{71570097-846B-47C3-BB88-0B9FE2ECB60F} => key removed successfully
HKCR\Wow6432Node\CLSID\{71570097-846B-47C3-BB88-0B9FE2ECB60F} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-55595808-3091521971-254164671-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71570097-846B-47C3-BB88-0B9FE2ECB60F} => key removed successfully
HKCR\CLSID\{71570097-846B-47C3-BB88-0B9FE2ECB60F} => key not found. 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} => key removed successfully
HKCR\CLSID\{D4124C53-1ABA-4E24-BAA1-FD1D64D7AD3E} => key not found. 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => key removed successfully
HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => key not found. 
HKU\S-1-5-21-55595808-3091521971-254164671-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@pptv.com/plugin => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => key removed successfully
C:\WINDOWS\Tasks\HPCeeScheduleForjk.job => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D67CC53-E6DD-4CA5-93D3-BB3813D4F083} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D67CC53-E6DD-4CA5-93D3-BB3813D4F083} => key removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast upgrade utility => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast upgrade utility => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A32929A3-F9E7-469B-AE04-387746B0FD87} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A32929A3-F9E7-469B-AE04-387746B0FD87} => key removed successfully
C:\WINDOWS\System32\Tasks\AVAST Software\Avast settings backup => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AF80EDD3-CD79-46A2-90C0-41FB0F2B71FE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF80EDD3-CD79-46A2-90C0-41FB0F2B71FE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\EOSNotify => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{784C0D0F-A9E5-45A4-8ADF-D64CA21C5A28} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29F4A800-924F-443C-AB93-0EA7E947E690} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C595842-5B01-448B-8366-5CD64AB661DB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F39F6B21-798A-4F26-9831-09A4E4D8D45F} => value removed successfully
 
========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v "AdAwareTray" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg delete HKLM\...\StartupApproved\Run /v "AdAwareTray" /f =========
 
ERROR: The system was unable to find the specified registry key or value.
 
 
========= End of Reg: =========
 
 
========= dir /a d:\a7f0a964feafc9d9c8486234427a150b =========
 
 Volume in drive D is RECOVERY
 Volume Serial Number is 627B-D60A
 
 Directory of d:\
 
File Not Found
 
========= End of CMD: =========
 
 
========= type C:\Users\jk\Desktop\AdwCleaner[C2].txt =========
 
# AdwCleaner v6.045 - Logfile created 30/03/2017 at 15:57:05
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-30.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : jk - HP
# Running from : C:\Users\jk\Downloads\adwcleaner_6.045 (2).exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\jk\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [6840 Bytes] - [29/03/2017 12:34:12]
C:\AdwCleaner\AdwCleaner[C2].txt - [1261 Bytes] - [30/03/2017 15:57:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [6462 Bytes] - [29/03/2017 12:28:39]
C:\AdwCleaner\AdwCleaner[S1].txt - [1606 Bytes] - [30/03/2017 15:53:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1480 Bytes] ##########
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 22317084 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 50392876 B
Edge => 0 B
Chrome => 853029070 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 403172 B
NetworkService => 1713810 B
jk => 436622142 B
 
RecycleBin => 75107804 B
EmptyTemp: => 1.3 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 18:00:16 ====
 
Olgun52,
Roguekiller did not provide a log. I can click "open report" and there are several options: open HTML, open TXT, export HTML,export JSON, or export TXT. Which should I select?
Thank you,
Azeri


#12 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 03 April 2017 - 05:32 AM

Roguekiller did not provide a log. I can click "open report" and there are several options: open HTML, open TXT, export HTML,export JSON, or export TXT. Which should I select?

Please,export TXT.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 03 April 2017 - 01:01 PM

RogueKiller V12.10.2.0 (x64) [Mar 27 2017] (Free) by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : jk [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 04/02/2017 18:14:21 (Duration : 01:23:18)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 3 ¤¤¤
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} (C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FD49D65C-997E-4C30-B29F-96AC10DD2A66} | DhcpNameServer : 172.20.10.1 ([])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS541075A9E680 SATA Disk Device +++++
--- User ---
[MBR] 5563ee86216a1c21e78cfa8297c1cea8
[BSP] 6a3125a7f090a24988d63ba5cae1a61d : Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1353728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1615872 | Size: 686362 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1407285248 | Size: 451 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1408208896 | Size: 27802 MB
User = LL1 ... OK
User = LL2 ... OK


#14 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 AM

Posted 03 April 2017 - 04:15 PM

Hello,
 
Please open RogueKiller again.

  • Close all the running processes
  • Double click the RogueKiller icon to run the program again.
    Vista/Win7 users should right click the icon and select Run as Administrator.
  • Wait for the Prescan to finish.
  • Make sure only the following lines are checked:-
[PUP.Gen0] (X64) HKEY_CLASSES_ROOT\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} (C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 172.20.10.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{FD49D65C-997E-4C30-B29F-96AC10DD2A66} | DhcpNameServer : 172.20.10.1 ([])  -> Found
  • Now click the Delete button.
  • Please copy and paste the report in your next reply. A copy of the RKreport.txt can be found on your desktop.

========================================
SecurityCheck
Please download SecurityCheck: LINK1.LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

===============================================
How is your PC running now and any issue ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 azeri

azeri
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:04 PM

Posted 04 April 2017 - 04:24 PM

I ran roguekiller with no problems.

i downloaded security check Link1 with no problems.

I downloades security check Link 2 (from majorgeeks.com), when I tried to save the notepad log I received "notepad not responding".

Why is the Link 2 from an external website? All other downloads were located at bleepingcomputer.com.

These are the "notepad not responding" details:

Description:

  A problem caused this program to stop interacting with Windows.

 

Problem signature:

  Problem Event Name:                        AppHangB1

  Application Name:                             notepad.exe

  Application Version:                           6.3.9600.17930

  Application Timestamp:                     559ea1b6

  Hang Signature:                                  23f9

  Hang Type:                                          134218241

  OS Version:                                          6.3.9600.2.0.0.768.101

  Locale ID:                                             1033

  Additional Hang Signature 1:           23f925eea6bbccd1504a927a03884247

  Additional Hang Signature 2:           95d8

  Additional Hang Signature 3:           95d8a165a961752bbfd57123e389433e

  Additional Hang Signature 4:           23f9

  Additional Hang Signature 5:           23f925eea6bbccd1504a927a03884247

  Additional Hang Signature 6:           95d8

  Additional Hang Signature 7:           95d8a165a961752bbfd57123e389433e

 

Read our privacy statement online:

  http://go.microsoft.com/fwlink/?linkid=280262

 

If the online privacy statement is not available, please read our privacy statement offline:

  C:\WINDOWS\system32\en-US\erofflps.txt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users