Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 Ran by 103096 (administrator) on 103096-PC (02-08-2015 11:55:20) Running from C:\Users\103096\Desktop Loaded Profiles: 103096 (Available Profiles: 103096) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AMD) C:\Windows\System32\atieclxx.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Smadsoft) C:\Program Files (x86)\SMADAV\SMΔRTP.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Users\103096\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe () C:\Windows\Installer\{D71F1B9D-1236-6558-1064-93EEF051C6E8}\syshost.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-04-02] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-04-02] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-04-04] (Synaptics Incorporated) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-02-03] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [500736 2011-05-02] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-04-02] (Intel Corporation) HKLM-x32\...\Run: [syshost32] => C:\Windows\Installer\{D71F1B9D-1236-6558-1064-93EEF051C6E8}\syshost.exe [448000 2015-08-01] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1591615944-4240288302-870138075-1000\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [65216 2009-11-08] (WordWeb Software) Startup: C:\Users\103096\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\k.lnk [2015-05-12] ShortcutTarget: k.lnk -> C:\Users\103096\AppData\Roaming\obyfgbrqcy.exe (Miva Merchant) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.mystartsearch.com/?type=hp&ts=1429933783&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1591615944-4240288302-870138075-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://u.msn.com/id-id/?ocid=iehp SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1429933783&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type=ds&ts=1429933783&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&q={searchTerms} SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=install_ie&utm_content=ds&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&ts=1429933814&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=install_ie&utm_content=ds&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&ts=1429933814&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=install_ie&utm_content=ds&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&ts=1429933814&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1591615944-4240288302-870138075-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=wpc&utm_campaign=install_ie&utm_content=ds&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX&ts=1429933814&type=default&q={searchTerms} BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-29] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-29] (Oracle Corporation) BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll [2015-04-20] (Thinknice Co. Limited) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation) BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll [2007-02-16] (IDM) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{852DF80E-ECC5-4D31-B811-7B6970198DF9}: [DhcpNameServer] 192.168.43.1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.mystartsearch.com/?type=sc&ts=1429933783&from=wpc&uid=HitachiXHTS547564A9E384_J2180053E9UNZDE9UNZDX FireFox: ======== FF ProfilePath: C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\2c98fm30.default-1430297367737 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-18] () FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-29] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-29] (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-18] () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF user.js: detected! => C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\2c98fm30.default-1430297367737\user.js [2015-04-29] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystartsearch.xml [2015-04-25] FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2014-10-10] FF Extension: Adblock Plus - C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\2c98fm30.default-1430297367737\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-29] FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\103096\AppData\Roaming\Mozilla\Firefox\Profiles\58adn3ys.default\extensions\quick_searchff@gmail.com Chrome: ======= CHR dev: Chrome dev build detected! <======= ATTENTION CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [Not Found] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] () R2 UDisk Monitor; C:\Program Files\Smartfren Connex AC682 UI\bin\MonServiceUDisk.exe [406016 2011-05-09] () [File not signed] R2 VSSS; C:\Users\103096\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [104761024 2015-06-23] (Microsoft Corporation) [File not signed] <==== ATTENTION R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-04-03] (Advanced Micro Devices, Inc.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-04-25] () S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [42784 2007-09-18] (PCTEL Inc.) R2 rimssne; C:\Windows\System32\DRIVERS\rimssne64.sys [102912 2012-04-03] (REDC) S3 UsbModemDriver; C:\Windows\System32\DRIVERS\USB_MODEM_T.sys [28160 2011-04-08] () S3 USB_BusEnum_T; C:\Windows\System32\DRIVERS\USB_BusEnum_T.sys [44544 2009-11-05] () S3 USB_ETS_T; C:\Windows\System32\DRIVERS\USB_ETS_T.sys [21760 2008-05-30] (Via Telecom, Inc.) S3 USB_WinMux_T; C:\Windows\System32\DRIVERS\USB_WinMux_T.sys [37376 2009-10-27] () S3 swmsflt; \SystemRoot\System32\drivers\swmsflt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-02 11:55 - 2015-08-02 12:06 - 00014114 _____ C:\Users\103096\Desktop\FRST.txt 2015-08-02 11:52 - 2015-08-02 11:52 - 00012122 _____ C:\Users\103096\Downloads\FRST.txt 2015-08-02 11:51 - 2015-08-02 11:55 - 00000000 ____D C:\FRST 2015-08-02 11:50 - 2015-08-02 11:50 - 02856736 _____ (MyCity) C:\Users\103096\Downloads\MCShield-Setup.exe 2015-08-02 11:48 - 2015-08-02 11:48 - 02168832 _____ (Farbar) C:\Users\103096\Desktop\FRST64.exe 2015-08-02 11:41 - 2015-08-02 11:48 - 00379844 _____ C:\Users\103096\Desktop\Windows 7 won't open Avast or Malwarebytes [Solved] - Geeks to Go Forum.htm 2015-08-02 11:41 - 2015-08-02 11:48 - 00000000 ____D C:\Users\103096\Desktop\Windows 7 won't open Avast or Malwarebytes [Solved] - Geeks to Go Forum_files 2015-08-01 23:37 - 2015-08-01 23:37 - 01415680 _____ (wj32) C:\Program Files\LNPRWY02.exe 2015-08-01 23:32 - 2015-08-02 00:43 - 00000000 ____D C:\ProgramData\AVAST Software 2015-08-01 23:32 - 2015-08-01 23:32 - 05685584 _____ (AVAST Software) C:\Users\103096\Downloads\avast_free_antivirus_setup_online.exe 2015-08-01 22:51 - 2015-08-01 22:51 - 00000000 ____D C:\Users\103096\AppData\Local\Avg2015 2015-08-01 22:41 - 2015-08-01 22:41 - 05021528 _____ (AVG Technologies) C:\Users\103096\Downloads\avg_free_stb_all_6086p1_177.exe 2015-08-01 22:35 - 2015-08-02 00:43 - 00369916 _____ C:\Windows\PFRO.log 2015-07-26 12:04 - 2015-07-26 12:04 - 00000000 _____ C:\Windows\setuperr.log 2015-07-16 01:18 - 2015-07-16 01:18 - 00000000 ____D C:\Users\103096\Documents\SUPER JUNIOR - DEVIL (SPECIAL ALBUM) 2015-07-16 01:08 - 2015-07-16 01:15 - 88197599 _____ C:\Users\103096\Documents\SUPER JUNIOR - DEVIL (SPECIAL ALBUM) [k2nblog.com].7z 2015-07-09 13:37 - 2015-08-02 11:35 - 00001568 _____ C:\Windows\setupact.log 2015-07-08 13:16 - 2015-07-08 13:16 - 00003168 _____ C:\Windows\System32\Tasks\{E3551B81-70A9-4B5E-871A-54E1CDFC5C27} ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-02 12:03 - 2014-09-18 15:31 - 01798194 _____ C:\Windows\WindowsUpdate.log 2015-08-02 11:42 - 2009-07-14 12:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-02 11:41 - 2015-01-29 12:22 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-02 11:35 - 2014-10-04 22:58 - 00000000 ____D C:\Program Files (x86)\SMADAV 2015-08-02 11:35 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-02 00:50 - 2009-07-14 11:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-08-02 00:50 - 2009-07-14 11:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-08-01 23:17 - 2014-09-18 16:08 - 00000000 ____D C:\ProgramData\MFAData 2015-08-01 22:50 - 2014-09-18 16:24 - 00000000 ____D C:\ProgramData\AVG2015 2015-08-01 22:35 - 2014-09-18 16:03 - 00000000 ____D C:\Users\103096\AppData\Roaming\DMCache 2015-08-01 22:24 - 2014-09-18 16:03 - 00000000 ____D C:\Users\103096\Downloads\Compressed 2015-07-30 23:49 - 2014-10-03 08:57 - 00000000 ____D C:\KMPlayer 2015-07-29 23:02 - 2014-09-19 15:25 - 00000000 ____D C:\Users\103096\AppData\Local\Microsoft Help 2015-07-26 12:06 - 2014-09-18 16:03 - 00000000 ____D C:\Users\103096\Downloads\Video 2015-07-19 22:44 - 2015-02-03 23:28 - 00000000 ____D C:\ProgramData\AVG 2015-07-18 21:42 - 2015-01-29 12:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-18 21:42 - 2014-09-18 16:20 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-18 21:42 - 2014-09-18 16:20 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-04 12:14 - 2014-08-16 13:25 - 00000000 ____D C:\Users\103096\Desktop\1rene 2015-07-04 12:12 - 2012-11-05 12:05 - 00000000 ____D C:\Users\103096\Desktop\GRACEPAT 2015-07-04 10:05 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF ==================== Files in the root of some directories ======= 2015-08-01 23:37 - 2015-08-01 23:37 - 1415680 _____ (wj32) C:\Program Files\LNPRWY02.exe 2015-02-05 08:23 - 2015-02-20 18:21 - 0000000 _____ () C:\Users\103096\AppData\Roaming\droid4xinstaller.log 2015-05-12 08:45 - 2015-05-12 08:45 - 80957440 __RSH (Miva Merchant) C:\Users\103096\AppData\Roaming\obyfgbrqcy.exe 2014-12-11 09:32 - 2015-01-12 12:33 - 0007617 _____ () C:\Users\103096\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== C:\Users\103096\AppData\Local\Temp\cdo1093227661.dll C:\Users\103096\AppData\Local\Temp\cdo171498507.dll C:\Users\103096\AppData\Local\Temp\cdo3728911830.dll C:\Users\103096\AppData\Local\Temp\drm_dyndata_7400009.dll C:\Users\103096\AppData\Local\Temp\DseShExt-x64.dll C:\Users\103096\AppData\Local\Temp\DseShExt-x86.dll C:\Users\103096\AppData\Local\Temp\SDShelEx-win32.dll C:\Users\103096\AppData\Local\Temp\SDShelEx-x64.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-23 01:08 ==================== End of log ============================