Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015 Ran by user (administrator) on HP (04-09-2015 06:38:13) Running from C:\Users\user\Downloads Loaded Profiles: user (Available Profiles: user) Platform: Windows 8.1 Connected (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (AMD) C:\Windows\System32\atieclxx.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe (BitTorrent Inc.) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (Microsoft Corporation) C:\Windows\System32\regsvr32.exe (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe () C:\Users\user\AppData\Roaming\GoogleUpdate\GoogleUpdate.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7535832 2014-02-13] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [704344 2015-02-05] (Alps Electric Co., Ltd.) HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-29] (Hewlett-Packard) HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-29] (Hewlett-Packard) HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-29] (Hewlett-Packard) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-18] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-09] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.) HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, HKLM\...\Policies\Explorer\Run: [1853556740] => C:\ProgramData\msbogj.exe [76288 2015-06-16] () HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0 HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [uTorrent] => C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe [1696096 2015-08-28] (BitTorrent Inc.) HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-20] (Valve Corporation) HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [YbPack] => regsvr32.exe C:\Users\user\AppData\Local\YbPack\comNetengine.dll <===== ATTENTION HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [GoogleUpdate] => C:\Users\user\AppData\Roaming\GoogleUpdate\GoogleUpdate.exe [62042624 2015-09-03] () HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [FireFoxUpdServeisSystem] => C:\Users\user\AppData\Roaming\FireFoxUpdServeis\Microsoft_raletarune@.exe [66560 2015-09-02] () HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [Update] => C:\Users\user\AppData\Roaming\GoogleUpdate\GoogleUpdate.exe [62042624 2015-09-03] () HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [xzhw] => rundll32 "C:\Users\user\AppData\Roaming\scrrunp.dll",obtmokiq HKU\S-1-5-21-934653896-176862922-3437185597-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd) ShellIconOverlayIdentifiers: [0PerformanceMonitor] -> {3B5B973C-92A4-4855-9D3F-0F3D23332208} => C:\ProgramData\Microsoft\Performance\Monitor\PerformanceMonitor.dll No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{0E2E738C-AA2B-43E7-AC64-518FDCB854EF}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/14 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/14 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14 HKU\S-1-5-21-934653896-176862922-3437185597-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL14/14 HKU\S-1-5-21-934653896-176862922-3437185597-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL14/14 SearchScopes: HKU\S-1-5-21-934653896-176862922-3437185597-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} SearchScopes: HKU\S-1-5-21-934653896-176862922-3437185597-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms} FireFox: ======== FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-03] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.facebook.com/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-16] CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-16] CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-16] CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-16] CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-16] CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-16] CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03] CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-16] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-16] CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-16] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-18] () [File not signed] R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-18] (Advanced Micro Devices, Inc.) [File not signed] R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2015-02-05] (Alps Electric Co., Ltd.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-07] (Windows (R) Win 7 DDK provider) [File not signed] R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-09] (Hewlett-Packard Development Company, L.P.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.) R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-29] (Softex Inc.) [File not signed] R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.) R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-02-13] (Realtek Semiconductor) S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-24] (Advanced Micro Devices, INC.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2014-03-12] (Advanced Micro Devices) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-09-03] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-04] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-10] (Panda Security, S.L.) R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-10] (Panda Security, S.L.) R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-10] (Panda Security, S.L.) R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-10] (Panda Security, S.L.) R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.) R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-10] (Panda Security, S.L.) R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-10] (Panda Security, S.L.) R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-10] (Panda Security, S.L.) R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-10] (Panda Security, S.L.) R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-10] (Panda Security, S.L.) R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-10] (Panda Security, S.L.) R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-10] (Panda Security, S.L.) R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-10] (Panda Security, S.L.) R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163576 2015-06-18] (Panda Security, S.L.) R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-26] (Panda Security, S.L.) R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-26] (Panda Security, S.L.) R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-26] (Panda Security, S.L.) R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-26] (Panda Security, S.L.) R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-26] (Panda Security, S.L.) S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.) S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-08-01] (Realtek Semiconductor Corporation ) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Development Company, L.P.) U0 yxhh; C:\Windows\System32\drivers\wcmrj.sys [79064 2015-09-03] (Malwarebytes Corporation) U3 McAPExe; no ImagePath U3 McMPFSvc; no ImagePath U3 McNaiAnn; no ImagePath U3 mcpltsvc; no ImagePath U3 mfecore; no ImagePath U3 MSK80Service; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-04 06:38 - 2015-09-04 06:39 - 00019223 _____ C:\Users\user\Downloads\FRST.txt 2015-09-03 18:55 - 2015-09-03 18:55 - 00000000 _____ C:\Recovery.txt 2015-09-03 18:52 - 2015-09-03 18:52 - 00262144 _____ C:\Windows\system32\config\userdiff 2015-09-03 18:41 - 2015-09-03 18:41 - 00000000 ____D C:\$WINDOWS.~BT 2015-09-03 13:28 - 2015-09-03 13:36 - 145680032 _____ (Microsoft Corporation) C:\Users\user\Downloads\msert.exe 2015-09-03 12:37 - 2015-09-03 12:38 - 00000000 ____D C:\Program Files\CCleaner 2015-09-03 12:37 - 2015-09-03 12:37 - 00002776 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-09-03 12:36 - 2015-09-03 12:36 - 06666544 _____ (Piriform Ltd) C:\Users\user\Downloads\ccsetup509pro.exe 2015-09-03 09:59 - 2015-09-03 09:59 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\wcmrj.sys 2015-09-03 08:20 - 2015-09-04 06:38 - 00000000 ____D C:\FRST 2015-09-03 08:00 - 2015-09-03 08:01 - 02188800 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe 2015-09-03 07:46 - 2015-09-03 07:46 - 04116296 _____ (Google) C:\Users\user\Downloads\chrome_cleanup_tool.exe 2015-09-03 02:24 - 2015-09-03 09:31 - 00043664 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2015-09-03 02:20 - 2015-09-03 02:24 - 00000000 ____D C:\ProgramData\HitmanPro 2015-09-03 02:16 - 2015-09-04 06:31 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-03 02:16 - 2015-09-03 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-09-03 02:16 - 2015-09-03 02:16 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-09-03 02:16 - 2015-09-03 02:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-09-03 02:16 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-09-03 02:16 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-09-03 02:16 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-09-03 02:15 - 2015-09-03 02:15 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.1.8.1057.exe 2015-09-03 02:15 - 2015-09-03 02:15 - 11352032 _____ (SurfRight B.V.) C:\Users\user\Downloads\HitmanPro_x64.exe 2015-09-03 01:58 - 2015-09-03 02:04 - 00000000 ____D C:\AdwCleaner 2015-09-03 01:57 - 2015-09-03 01:57 - 01654272 _____ C:\Users\user\Downloads\adwcleaner_5.005.exe 2015-09-03 01:49 - 2015-09-03 01:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-09-03 01:47 - 2015-09-04 06:30 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-03 01:47 - 2015-09-03 15:52 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-03 01:47 - 2015-09-03 01:47 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-09-03 01:47 - 2015-09-03 01:47 - 00003636 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-09-03 01:07 - 2015-09-03 01:07 - 00453120 __RSH C:\Users\user\AppData\Roaming\scrrunp.dll 2015-09-02 13:19 - 2015-09-02 17:49 - 00000000 __RHD C:\ESD 2015-09-02 05:22 - 2015-09-02 05:22 - 00000000 ____D C:\Users\user\AppData\Roaming\FireFoxUpdServeis 2015-08-30 10:39 - 2015-09-03 01:20 - 00000712 ____H C:\ProgramData\@system.temp 2015-08-30 10:38 - 2015-09-04 06:31 - 00000000 ____D C:\Users\user\AppData\Roaming\GoogleUpdate 2015-08-30 10:38 - 2015-09-03 01:20 - 00000448 ____H C:\ProgramData\@system3.att 2015-08-30 10:38 - 2015-08-30 10:38 - 00000464 ____H C:\Users\user\AppData\Roaming\½ž’“Ó™œ‰ 2015-08-18 23:51 - 2015-08-18 23:56 - 00000000 ____D C:\ProgramData\pauhu 2015-08-17 02:34 - 2015-09-03 09:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HoMM3 HD 2015-08-16 21:30 - 2015-08-16 21:30 - 00000000 ____D C:\Windows\wb 2015-08-14 18:15 - 2015-09-02 05:12 - 00000000 ____D C:\Users\user\AppData\Local\YbPack 2015-08-14 17:25 - 2015-09-03 15:49 - 00000000 ____D C:\Users\user\AppData\Local\Ufrmedia 2015-08-12 15:01 - 2015-09-03 13:23 - 00000000 ____D C:\Windows\Minidump 2015-08-11 13:46 - 2015-08-11 13:46 - 00000000 ____D C:\Users\user\Documents\Ubisoft 2015-08-11 13:46 - 2015-08-11 13:46 - 00000000 ____D C:\Users\user\AppData\Roaming\Steam 2015-08-11 13:33 - 2015-08-16 21:45 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll 2015-08-11 13:33 - 2015-08-16 21:45 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll 2015-08-11 13:33 - 2015-08-16 21:45 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll 2015-08-11 13:33 - 2015-08-16 21:45 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll 2015-08-11 13:33 - 2015-08-11 13:33 - 00000000 ____D C:\Program Files (x86)\OpenAL 2015-08-10 16:20 - 2015-08-10 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft 2015-08-10 16:20 - 2015-08-10 16:27 - 00000000 ____D C:\Program Files (x86)\Anvisoft 2015-08-10 14:27 - 2015-08-10 14:27 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2015-08-07 20:33 - 2015-08-07 20:33 - 00000000 ____D C:\Users\user\AppData\Local\GWX 2015-08-07 17:04 - 2015-08-31 13:51 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2015-08-07 16:47 - 2015-08-07 16:47 - 00000000 ____D C:\Users\user\AppData\Local\Steam 2015-08-07 16:47 - 2015-08-07 16:47 - 00000000 ____D C:\Users\user\AppData\Local\CEF 2015-08-07 12:47 - 2015-08-07 12:47 - 00000000 ____D C:\Users\user\AppData\Roaming\LaunchPad 2015-08-05 16:46 - 2015-08-05 16:46 - 00000000 ____D C:\Users\user\Downloads\Robert Jordan & Brandon Sanderson - Wheel of Time 14 - A Memory of Light (v4.0) 2015-08-05 16:24 - 2015-08-05 16:24 - 00000000 ____D C:\Users\user\AppData\Local\calibre-cache 2015-08-05 16:23 - 2015-08-05 16:54 - 00000000 ____D C:\Users\user\Documents\Calibre Library 2015-08-05 16:22 - 2015-08-05 16:24 - 00000000 ____D C:\Users\user\AppData\Roaming\calibre 2015-08-05 16:22 - 2015-08-05 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2015-08-05 16:22 - 2015-08-05 16:22 - 00000000 ____D C:\Program Files\Calibre2 2015-08-05 15:13 - 2015-08-05 15:13 - 00000000 ____D C:\Users\user\AppData\Roaming\WinRAR 2015-08-05 13:56 - 2015-08-05 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-04 06:40 - 2015-07-17 00:03 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent 2015-09-04 06:35 - 2015-03-19 07:23 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-934653896-176862922-3437185597-1002 2015-09-04 06:33 - 2015-03-19 07:20 - 00000000 ____D C:\Users\user\Documents\Youcam 2015-09-04 06:33 - 2015-03-19 07:18 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{962FEC79-917D-4E82-BD62-17EA45F302FE} 2015-09-04 06:30 - 2015-07-18 17:41 - 00000000 ____D C:\Program Files (x86)\Steam 2015-09-04 06:30 - 2015-07-16 18:48 - 00000000 __RDO C:\Users\user\OneDrive 2015-09-04 06:29 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\system32\sru 2015-09-03 14:05 - 2014-03-18 19:53 - 00956476 _____ C:\Windows\system32\PerfStringBackup.INI 2015-09-03 09:59 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\WinStore 2015-09-03 09:00 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\LiveKernelReports 2015-09-03 09:00 - 2013-08-23 00:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-03 02:05 - 2015-03-19 06:41 - 00065536 _____ C:\Windows\system32\spu_storage.bin 2015-09-03 01:49 - 2015-07-16 18:36 - 00000000 ____D C:\Program Files (x86)\Google 2015-09-03 01:47 - 2015-07-16 18:33 - 00000000 ____D C:\Users\user\AppData\Local\Deployment 2015-09-02 13:37 - 2015-07-18 18:59 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc 2015-09-02 13:14 - 2015-07-16 18:35 - 00000000 ____D C:\Users\user\AppData\Local\Google 2015-09-01 00:31 - 2013-08-22 23:25 - 00262144 ___SH C:\Windows\system32\config\BBI 2015-08-31 13:57 - 2014-05-13 18:10 - 00000000 ____D C:\Program Files (x86)\WildGames 2015-08-31 13:53 - 2014-05-13 18:10 - 00000000 ____D C:\ProgramData\WildTangent 2015-08-31 13:53 - 2014-05-13 18:10 - 00000000 ____D C:\Program Files (x86)\WildTangent Games 2015-08-20 18:52 - 2013-08-23 01:36 - 00000000 ____D C:\Windows\rescache 2015-08-16 21:10 - 2013-08-23 01:20 - 00000000 ____D C:\Windows\CbsTemp 2015-08-16 21:09 - 2015-07-19 17:20 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplayx.dll 2015-08-16 21:09 - 2015-07-19 17:19 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpwsockx.dll 2015-08-16 21:09 - 2015-07-19 17:10 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpmodemx.dll 2015-08-16 21:09 - 2015-07-19 17:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe 2015-08-16 21:09 - 2013-08-22 21:22 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll 2015-08-16 21:09 - 2013-08-22 21:22 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe 2015-08-16 21:09 - 2013-08-22 21:17 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll 2015-08-16 21:09 - 2013-08-22 21:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhupnp.dll 2015-08-16 21:09 - 2013-08-22 21:17 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\dpnhpast.dll 2015-08-16 21:09 - 2013-08-22 13:56 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll 2015-08-16 21:09 - 2013-08-22 13:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe 2015-08-16 21:09 - 2013-08-22 13:51 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnathlp.dll 2015-08-16 21:09 - 2013-08-22 13:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhupnp.dll 2015-08-16 21:09 - 2013-08-22 13:51 - 00009216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnhpast.dll 2015-08-14 18:15 - 2015-07-10 16:02 - 00000000 __SHD C:\Users\user\AppData\Local\EmieUserList 2015-08-14 18:15 - 2015-07-10 16:02 - 00000000 __SHD C:\Users\user\AppData\Local\EmieSiteList 2015-08-11 13:39 - 2015-03-19 06:39 - 00000000 ____D C:\ProgramData\Package Cache 2015-08-10 16:25 - 2014-04-02 20:25 - 00000000 ____D C:\Windows\Panther 2015-08-05 13:47 - 2013-08-23 00:44 - 00383584 _____ C:\Windows\system32\FNTCACHE.DAT ==================== Files in the root of some directories ======= 2015-09-03 01:07 - 2015-09-03 01:07 - 0453120 __RSH () C:\Users\user\AppData\Roaming\scrrunp.dll 2015-08-30 10:38 - 2015-08-30 10:38 - 0000464 ____H () C:\Users\user\AppData\Roaming\½ž’“Ó™œ‰ 2015-08-30 10:39 - 2015-09-03 01:20 - 0000712 ____H () C:\ProgramData\@system.temp 2015-08-30 10:38 - 2015-09-03 01:20 - 0000448 ____H () C:\ProgramData\@system3.att 2015-07-19 15:22 - 2015-06-16 07:16 - 0076288 ___SH () C:\ProgramData\msbogj.exe Files to move or delete: ==================== C:\ProgramData\msbogj.exe Some files in TEMP: ==================== C:\Users\user\AppData\Local\Temp\linstocks.dll C:\Users\user\AppData\Local\Temp\sqlite3.dll C:\Users\user\AppData\Local\Temp\update.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-02 16:27 ==================== End of FRST.txt ============================