Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2016 Ran by Wayne (administrator) on WAYNE (28-11-2016 21:51:35) Running from C:\Users\Wayne\Downloads Loaded Profiles: Wayne (Available Profiles: Wayne) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTek Computer Inc.) C:\Program Files\ASUS\ASUS VivoBook\vivokey.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Cisco) C:\Users\Wayne\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Octoshape ApS) C:\Users\Wayne\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Users\Wayne\AppData\Local\DIRECTV Player\NDSPCShowServer.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Plantronics) C:\Program Files (x86)\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.9.384\AsusWSPanel.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [111976 2013-09-11] (Intel Corporation) HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402520 2016-05-27] () HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.) HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2013-12-13] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.9.384\ASUSWSLoader.exe [63296 2014-07-17] () HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [111120 2012-05-24] (CyberLink) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [Plantronics MyHeadset Updater] => C:\Program Files (x86)\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe [80384 2015-07-14] (Plantronics) HKLM\...\Policies\Explorer: [NoViewOnDrive] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKLM\...\Policies\Explorer: [NoViewContextMenu] 0 HKLM\...\Policies\Explorer: [NoShellSearchButton] 0 HKLM\...\Policies\Explorer: [NoFind] 0 HKLM\...\Policies\Explorer: [NoFile] 0 HKLM\...\Policies\Explorer: [HideClock] 0 HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0 HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKLM\...\Policies\Explorer: [NoSetFolders] 0 HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKLM\...\Policies\Explorer: [NoSetTaskbar] 0 HKLM\...\Policies\Explorer: [NoDeletePrinter] 0 HKLM\...\Policies\Explorer: [NoDFSTab] 0 HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0 HKLM\...\Policies\Explorer: [NoLogoff] 0 HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0 HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0 HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKLM\...\Policies\Explorer: [NoResolveSearch] 0 HKLM\...\Policies\Explorer: [NoSaveSettings] 0 HKLM\...\Policies\Explorer: [NoHardwareTab] 0 HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0 HKLM\...\Policies\Explorer: [NoDesktop] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Run: [Power2GoExpress] => 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Run: [PCShowServer] => C:\Users\Wayne\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1632504 2016-02-14] (Cisco) HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Wayne\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS) HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Run: [Chromium] => c:\users\wayne\appdata\local\chromium\application\chrome.exe [1044480 2016-01-25] (The Chromium Authors) HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\RunOnce: [Uninstall C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64" HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [NoDispAppearancePage] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [NoDispBackgroundPage] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\system: [NoDispSettingsPage] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoViewOnDrive] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoViewContextMenu] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoShellSearchButton] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoFind] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoFile] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [HideClock] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoTrayContextMenu] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoSetFolders] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoSetTaskbar] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoDeletePrinter] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoDFSTab] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoChangeStartMenu] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoLogoff] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoEncryptOnMove] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoResolveSearch] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoSaveSettings] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoHardwareTab] 0 HKU\S-1-5-21-2185679930-222367793-746031767-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0 ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\FileSyncShell64.dll [2016-10-02] (Microsoft Corporation) ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.9.384\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-10-02] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-10-02] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncShell.dll [2016-10-02] (Microsoft Corporation) Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-09-23] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 74.40.74.41 Tcpip\..\Interfaces\{85ca883e-d6c7-48a7-9343-a28d600f30a3}: [DhcpNameServer] 192.168.254.254 74.40.74.41 Tcpip\..\Interfaces\{a2173767-5295-477c-9b93-609793b8211b}: [DhcpNameServer] 40.52.1.201 40.52.1.203 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2185679930-222367793-746031767-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB SearchScopes: HKU\S-1-5-21-2185679930-222367793-746031767-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-10-11] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation) DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Wayne\AppData\Roaming\Philips-Songbird\Profiles\atviq4na.default [2015-04-12] FF NetworkProxy: Philips-Songbird\Profiles\atviq4na.default -> no_proxies_on", "*.local" FF NetworkProxy: Philips-Songbird\Profiles\atviq4na.default -> type", 4 FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\albumart@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\cd-rip@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\concerts@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewaacdec@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\ewmp3enc@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\fileassociation@philips.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gogear@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gonzo@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\gracenote@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mashTape@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\msc@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\mtp@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-addon-manager@philips.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-branding@philips.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-likemusic@philips.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-msc-mtp-switch@philips.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-promotions@philips.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-skin@philips.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-ui@philips.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\purplerain@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\rhapsody@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\windowsmedia@songbirdnest.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\philips-minimizetotray@philips.com [not found] FF Extension: (No Name) - C:\Program Files (x86)\Philips\Philips Songbird\extensions\sharing@songbirdnest.com [not found] FF SearchPlugin: C:\Users\Wayne\AppData\Roaming\Philips-Songbird\Profiles\atviq4na.default\searchplugins\7digital.xml [2014-08-05] FF SearchPlugin: C:\Users\Wayne\AppData\Roaming\Philips-Songbird\Profiles\atviq4na.default\searchplugins\d8686a0c-81ee-4ec1-979c-61950edf4860.xml [2014-08-05] FF ProfilePath: C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\bngh0j09.default [2016-11-28] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-02] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-05] () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2185679930-222367793-746031767-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Wayne\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS) FF Plugin ProgramFiles/Appdata: C:\Users\Wayne\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2016-05-30] (Octoshape ApS) Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.malwarebytes.com/restorebrowser/index.html","hxxps://www.google.com/" CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C210US91088D20161008&p={searchTerms} CHR DefaultSearchKeyword: Default -> mcafee CHR Profile: C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default [2016-11-28] CHR Extension: (Google Slides) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06] CHR Extension: (Google Docs) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06] CHR Extension: (Google Drive) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Sheets) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06] CHR Extension: (Google Docs Offline) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] CHR Extension: (Chrome Media Router) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-29] (ASUS) R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3040496 2016-10-04] (Microsoft Corporation) R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [115632 2013-09-11] (Intel Corporation) R2 DptfPolicyConfigTDPService; C:\WINDOWS\system32\DptfPolicyConfigTDPService.exe [116656 2013-09-11] (Intel Corporation) R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [148688 2013-09-11] (Intel Corporation) R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [124880 2013-09-11] (Intel Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-08-03] (WildTangent) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-11-07] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation) R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-09-24] (Nitro PDF Software) R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation) S3 CSRBC; C:\WINDOWS\System32\Drivers\csrbcx64.sys [38400 2015-07-14] (CSR plc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 DptfDevDram; C:\WINDOWS\system32\DRIVERS\DptfDevDram.sys [143568 2013-09-11] (Intel Corporation) R3 DptfDevPch; C:\WINDOWS\system32\DRIVERS\DptfDevPch.sys [114680 2013-09-11] (Intel Corporation) R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [287160 2013-09-11] (Intel Corporation) R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [494272 2013-09-11] (Intel Corporation) R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] () R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-08] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] () R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-07] () R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( ) R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2013-08-29] (Windows (R) Win 7 DDK provider) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-27 22:00 - 2016-11-28 21:48 - 00000000 ____D C:\Users\Wayne\AppData\LocalLow\Mozilla 2016-11-27 18:59 - 2016-11-27 18:59 - 00584482 _____ C:\Users\Wayne\Downloads\Malwarebytes _ Restore Browser Settings.pdf 2016-11-27 18:41 - 2016-11-27 18:42 - 00107399 _____ C:\Users\Wayne\Downloads\WAYNE.txt 2016-11-27 18:37 - 2016-11-27 18:37 - 00000839 _____ C:\Users\Public\Desktop\Speccy.lnk 2016-11-27 18:37 - 2016-11-27 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2016-11-27 18:37 - 2016-11-27 18:37 - 00000000 ____D C:\Program Files\Speccy 2016-11-27 18:36 - 2016-11-27 18:36 - 06293184 _____ (Piriform Ltd) C:\Users\Wayne\Downloads\spsetup130.exe 2016-11-27 18:35 - 2016-11-28 20:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-11-27 16:10 - 2016-11-27 16:10 - 00007454 _____ C:\Users\Wayne\Downloads\BSOD.txt 2016-11-27 15:56 - 2016-11-27 15:56 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView 2016-11-27 15:56 - 2016-11-27 15:56 - 00000000 ____D C:\Program Files (x86)\NirSoft 2016-11-27 15:55 - 2016-11-27 15:55 - 00141864 _____ C:\Users\Wayne\Downloads\bluescreenview_setup.exe 2016-11-27 15:50 - 2016-11-27 15:52 - 00038086 _____ C:\Users\Wayne\Downloads\Addition.txt 2016-11-27 15:49 - 2016-11-28 21:52 - 00028119 _____ C:\Users\Wayne\Downloads\FRST.txt 2016-11-27 15:48 - 2016-11-27 15:48 - 00023482 _____ C:\Users\Wayne\Downloads\fixlist.txt 2016-11-27 15:30 - 2016-11-27 15:48 - 00000000 ____D C:\Users\Wayne\Downloads\FRST-OlderVersion 2016-11-27 08:06 - 2016-11-28 21:51 - 00000000 ____D C:\FRST 2016-11-27 07:59 - 2016-11-27 15:30 - 02411520 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64.exe 2016-11-27 07:54 - 2016-11-27 07:54 - 00000821 _____ C:\Users\Wayne\Downloads\JRT.txt 2016-11-27 07:47 - 2016-11-27 07:47 - 01631928 _____ (Malwarebytes) C:\Users\Wayne\Downloads\JRT.exe 2016-11-27 07:45 - 2016-11-27 07:45 - 00002366 _____ C:\Users\Wayne\Downloads\AdwCleaner[C0].txt 2016-11-27 07:35 - 2016-11-27 07:40 - 00000000 ____D C:\AdwCleaner 2016-11-27 07:35 - 2016-11-27 07:35 - 03910208 _____ C:\Users\Wayne\Downloads\AdwCleaner.exe 2016-11-24 19:50 - 2016-11-25 07:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2016-11-23 21:58 - 2016-11-23 21:58 - 00000735 _____ C:\Users\Wayne\Documents\Videos - Shortcut.lnk 2016-11-19 10:20 - 2016-11-19 10:20 - 00338164 _____ C:\Users\Wayne\Desktop\Marine letter.pdf 2016-11-10 07:23 - 2016-11-10 07:23 - 00000000 ____D C:\Program Files\McAfee 2016-11-07 17:30 - 2016-11-07 17:31 - 00543020 _____ C:\WINDOWS\Minidump\110716-29546-01.dmp 2016-11-04 06:39 - 2016-11-04 06:39 - 00028755 _____ C:\ProgramData\agent.1478263154.bdinstall.bin 2016-11-03 21:12 - 2016-11-03 21:14 - 00551212 _____ C:\WINDOWS\Minidump\110316-75218-01.dmp 2016-10-29 12:27 - 2016-10-29 12:29 - 00411796 _____ C:\WINDOWS\Minidump\102916-37234-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-11-28 21:34 - 2016-10-01 15:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-11-28 21:33 - 2016-05-10 22:05 - 00000000 ____D C:\Program Files\Bitdefender Agent 2016-11-28 21:02 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-11-28 20:40 - 2016-03-10 00:17 - 01616930 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-11-28 20:36 - 2014-08-02 15:27 - 00000074 _____ C:\Users\Wayne\AppData\Roaming\sp_data.sys 2016-11-28 20:34 - 2016-08-10 17:44 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture 2016-11-28 20:33 - 2016-10-01 16:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-11-28 20:33 - 2016-10-01 16:00 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-11-28 20:33 - 2016-03-10 07:12 - 00000000 __SHD C:\Users\Wayne\IntelGraphicsProfiles 2016-11-28 20:33 - 2014-08-28 21:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-11-28 20:32 - 2016-07-16 00:04 - 01835008 _____ C:\WINDOWS\system32\config\BBI 2016-11-28 15:16 - 2016-10-01 16:20 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1 2016-11-28 15:16 - 2016-10-01 16:20 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2 2016-11-27 18:59 - 2014-08-04 19:00 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Nitro PDF 2016-11-27 15:19 - 2016-03-20 19:16 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Sun 2016-11-27 15:19 - 2015-02-04 07:47 - 00000000 ____D C:\Users\Wayne\AppData\LocalLow\Oracle 2016-11-27 15:19 - 2014-09-09 06:17 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Oracle 2016-11-27 15:19 - 2014-08-03 16:18 - 00000000 ____D C:\ProgramData\Oracle 2016-11-27 15:19 - 2014-08-03 16:16 - 00000000 ____D C:\Users\Wayne\AppData\LocalLow\Sun 2016-11-27 07:46 - 2014-09-05 18:22 - 00000000 ____D C:\Users\Wayne\Documents\Church 2016-11-27 07:45 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2016-11-24 20:17 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-11-23 22:16 - 2016-10-08 19:51 - 00000000 ____D C:\ProgramData\McAfee 2016-11-23 22:15 - 2016-10-01 16:04 - 00000000 ____D C:\Users\Wayne 2016-11-23 19:49 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-11-22 08:24 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-11-22 08:23 - 2014-08-02 18:55 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-11-17 06:40 - 2014-08-02 18:10 - 00000707 _____ C:\Users\Wayne\AppData\Roaming\burnaware.ini 2016-11-16 15:11 - 2014-08-28 21:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-11-14 20:04 - 2014-08-28 21:06 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-11-14 20:04 - 2014-08-28 21:06 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-11-13 00:37 - 2016-07-09 09:04 - 00000000 ____D C:\Users\Wayne\Desktop\New folder 2016-11-08 22:05 - 2014-08-05 21:23 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-11-08 22:02 - 2014-08-05 21:23 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-11-08 21:22 - 2016-10-01 16:20 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-11-08 21:22 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-11-08 21:22 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-11-07 21:31 - 2016-10-01 16:20 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-11-07 17:30 - 2016-10-04 21:41 - 00000000 ____D C:\WINDOWS\Minidump 2016-11-07 17:30 - 2014-10-04 09:21 - 684400863 _____ C:\WINDOWS\MEMORY.DMP 2016-11-03 21:15 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF 2016-11-01 06:27 - 2014-08-28 20:56 - 00000000 ____D C:\Users\Wayne\AppData\Local\Google 2016-10-30 18:08 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache 2016-10-29 12:37 - 2014-08-03 06:49 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-10-29 12:34 - 2016-10-01 15:57 - 00231288 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-10-29 12:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-10-29 12:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-10-29 12:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-10-29 12:32 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-10-29 12:31 - 2016-07-16 05:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml ==================== Files in the root of some directories ======= 2014-08-02 16:05 - 2014-11-15 23:00 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe 2014-08-02 18:10 - 2016-11-17 06:40 - 0000707 _____ () C:\Users\Wayne\AppData\Roaming\burnaware.ini 2015-12-15 21:39 - 2015-12-15 22:11 - 0000115 _____ () C:\Users\Wayne\AppData\Roaming\LogFile.txt 2015-02-27 07:39 - 2015-02-27 07:39 - 0000021 _____ () C:\Users\Wayne\AppData\Roaming\my_intel.sys 2014-08-02 15:27 - 2016-11-28 20:36 - 0000074 _____ () C:\Users\Wayne\AppData\Roaming\sp_data.sys 2016-09-19 21:23 - 2016-09-19 21:23 - 0026705 _____ () C:\ProgramData\agent.1474341804.bdinstall.bin 2016-11-04 06:39 - 2016-11-04 06:39 - 0028755 _____ () C:\ProgramData\agent.1478263154.bdinstall.bin 2016-10-01 15:59 - 2016-10-01 15:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-12-13 14:22 - 2012-09-07 05:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd 2013-12-13 14:22 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2013-12-13 14:22 - 2012-09-07 05:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS 2014-08-02 17:03 - 2014-08-02 17:04 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2014-08-02 17:03 - 2014-08-02 17:03 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP: ==================== C:\Users\Wayne\AppData\Local\Temp\jre-8u111-windows-au.exe C:\Users\Wayne\AppData\Local\Temp\libeay32.dll C:\Users\Wayne\AppData\Local\Temp\msvcr120.dll C:\Users\Wayne\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-11-26 18:20 ==================== End of FRST.txt ============================