Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-10-2017 Ran by Admin PC (administrator) on ADMINPC-PC (08-10-2017 14:05:17) Running from C:\Users\Admin PC\Downloads Loaded Profiles: Admin PC (Available Profiles: Admin PC) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (SMSC) C:\Program Files\SGFX\sgfxmgr.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe () C:\Users\Admin PC\AppData\Local\ntuserlitelist\dataup\dataup.exe () C:\Windows\System32\tprdpw32.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe () C:\Users\Admin PC\AppData\Local\Temp\WS\WindowService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe () C:\Program Files\SGFX\SgfxConfig.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe () C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Gold Click Ltd) C:\Program Files (x86)\ProxyGate\PGChk.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Gold Click Ltd) C:\Program Files (x86)\ProxyGate\Cloud.exe () C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe () C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe (BitTorrent Inc.) C:\Users\Admin PC\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.) C:\Users\Admin PC\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe (BitTorrent Inc.) C:\Users\Admin PC\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe () C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe () C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe () C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\vmxclient.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-20] (IDT, Inc.) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-04-07] (Synaptics Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-01-14] (Intel Corporation) HKLM-x32\...\Run: [SgfxConfig] => C:\Program Files\SGFX\sgfxconfig.exe [2233592 2013-05-01] () HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [cpx] => "C:\Users\Admin PC\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [896512 2017-01-13] () <==== ATTENTION HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated) HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\...\Run: [amling] => rundll32.exe "C:\Users\Admin PC\AppData\Local\amling.dll",amling <==== ATTENTION HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-04-24] (Disc Soft Ltd) HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\...\Run: [Chromium] => c:\users\admin pc\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-17] (Valve Corporation) HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\...\MountPoints2: {1840d1c8-5d2a-11e7-8d4d-b4b67635ed2c} - D:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\...\MountPoints2: {d3a1689a-540c-11e7-ab78-b4b67635ed2c} - D:\SETUP.EXE HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2017-04-13] (Microsoft Corporation) GroupPolicy: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => 127.0.0.1:8003 ProxyEnable: [S-1-5-19] => Proxy is enabled. ProxyServer: [S-1-5-19] => 127.0.0.1:8003 ProxyEnable: [S-1-5-20] => Proxy is enabled. ProxyServer: [S-1-5-20] => 127.0.0.1:8003 ProxyServer: [S-1-5-21-2646362462-3843373758-3894818330-1000] => 127.0.0.1:8003 Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{6BD0DC8B-87D9-470B-BE9C-B61DF4294810}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{80928C37-89F9-4DA6-878C-085173B632C5}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131461414245892032&GUID=00000000-0000-0000-0000-000000000000 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131461414245912033&GUID=00000000-0000-0000-0000-000000000000 HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131461414245932034&GUID=00000000-0000-0000-0000-000000000000 HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2646362462-3843373758-3894818330-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2646362462-3843373758-3894818330-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\S-1-5-21-2646362462-3843373758-3894818330-1000 -> {8CD6BB0A-4A3C-4B74-AC7B-EBC28F144610} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=435371&p={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-10-02] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-10-02] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-10-02] (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-02] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-10-02] (Microsoft Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-10-02] (Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-02] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-02] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-02] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-10-02] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation) Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation) Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation) Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF DefaultProfile: s2g8co12.default FF ProfilePath: C:\Users\Admin PC\AppData\Roaming\Mozilla\Firefox\Profiles\s2g8co12.default [2017-10-08] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\s2g8co12.default -> Yahoo! FF SelectedSearchEngine: Mozilla\Firefox\Profiles\s2g8co12.default -> Yahoo! FF Homepage: Mozilla\Firefox\Profiles\s2g8co12.default -> about:home FF Session Restore: Mozilla\Firefox\Profiles\s2g8co12.default -> is enabled. FF Keyword.URL: Mozilla\Firefox\Profiles\s2g8co12.default -> hxxps://search.yahoo.com/search?fr=chr-greentree_ff&ei=utf-8&ilc=12&type=435371&p={searchTerms} FF Extension: (SilveOSWidget) - C:\Users\Admin PC\AppData\Roaming\Mozilla\Firefox\Profiles\s2g8co12.default\Extensions\jid0-8PuBX6ppPYHJ9qopWqHMf11w69g@jetpack.xpi [2017-06-18] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-02] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-02] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-03] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-12-18] (Adobe Systems Inc.) Chrome: ======= CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms} CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms} CHR Profile: C:\Users\Admin PC\AppData\Local\Google\Chrome\User Data\Default [2017-08-21] CHR Extension: (Google Slides) - C:\Users\Admin PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-04-13] CHR Extension: (Google Docs) - C:\Users\Admin PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-04-13] CHR Extension: (Google Drive) - C:\Users\Admin PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-13] CHR Extension: (YouTube) - C:\Users\Admin PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-13] CHR Extension: (Google Sheets) - C:\Users\Admin PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-04-13] CHR Extension: (Google Docs Offline) - C:\Users\Admin PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-13] CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-13] CHR Extension: (Gmail) - C:\Users\Admin PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-13] CHR Extension: (Chrome Media Router) - C:\Users\Admin PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-17] CHR HKLM\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2646362462-3843373758-3894818330-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [nahhmpbckpgdidfnmfkfgiflpjijilce] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761608 2017-09-08] (Microsoft Corporation) R2 Dataup; C:\Users\Admin PC\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-04-24] (Disc Soft Ltd) R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company) R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-08-05] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation) S2 pgt_svc; C:\Program Files (x86)\ProxyGate\MainService.exe [2285664 2017-02-22] (Gold Click Ltd) <==== ATTENTION R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc) R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [8481280 2013-05-01] (SMSC) [File not signed] R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-20] (IDT, Inc.) [File not signed] R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [82944 2016-08-10] (Synaptics Incorporated) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) R2 WindowService; C:\Users\Admin PC\AppData\Local\Temp\WS\WindowService.exe [8192 2017-04-26] () [File not signed] <==== ATTENTION S2 windowsmanagementservice; C:\Users\Admin PC\AppData\Local\xchbncxt\ct.exe [947200 2017-03-29] (Google Inc.) [File not signed] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [87424 2012-10-22] (Motorola Solutions, Inc.) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [131968 2012-10-30] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.) R0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [78112 2013-09-28] () [File not signed] <==== ATTENTION R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-06-04] (Disc Soft Ltd) R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-06-04] (Disc Soft Ltd) R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [157432 2013-05-02] (SMSC) R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [18168 2013-05-02] (SMSC) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2014-04-07] (Synaptics Incorporated) R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2012-09-23] (Sunplus) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-08 14:05 - 2017-10-08 14:05 - 000022027 _____ C:\Users\Admin PC\Downloads\FRST.txt 2017-10-08 14:05 - 2017-10-08 14:05 - 000000000 ____D C:\FRST 2017-10-08 14:04 - 2017-10-08 14:05 - 002401792 _____ (Farbar) C:\Users\Admin PC\Downloads\FRST64.exe 2017-10-08 14:04 - 2017-10-08 14:04 - 001797632 _____ (Farbar) C:\Users\Admin PC\Downloads\FRST.exe 2017-10-08 13:57 - 2017-10-08 13:57 - 006654960 _____ (AVAST Software) C:\Users\Admin PC\Downloads\avast_free_antivirus_setup_online_cnet2.exe 2017-10-07 12:16 - 2017-10-07 12:16 - 000000000 ____D C:\Users\Admin PC\Documents\Custom Office Templates 2017-10-03 10:42 - 2017-10-03 10:42 - 000003182 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2646362462-3843373758-3894818330-1000 2017-10-02 23:57 - 2017-10-03 10:42 - 000002131 _____ C:\Users\Admin PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2017-10-02 23:57 - 2017-10-03 10:42 - 000000000 ___RD C:\Users\Admin PC\OneDrive 2017-10-02 23:57 - 2017-10-02 23:57 - 000002104 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2017-10-02 23:57 - 2017-10-02 23:57 - 000002104 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2017-10-02 23:57 - 2017-10-02 23:57 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive 2017-10-02 23:56 - 2017-10-02 23:56 - 000000000 ____D C:\Users\Admin PC\AppData\Roaming\Skype 2017-10-02 23:56 - 2017-10-02 23:56 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2017-10-02 23:53 - 2017-10-02 23:56 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-10-02 23:53 - 2017-10-02 23:53 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk 2017-10-02 23:53 - 2017-10-02 23:53 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk 2017-10-02 23:53 - 2017-10-02 23:53 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk 2017-10-02 23:53 - 2017-10-02 23:53 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk 2017-10-02 23:53 - 2017-10-02 23:53 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2017-10-02 23:53 - 2017-10-02 23:53 - 000002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk 2017-10-02 23:53 - 2017-10-02 23:53 - 000002372 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2017-10-02 23:53 - 2017-10-02 23:53 - 000002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2017-10-02 23:53 - 2017-10-02 23:53 - 000002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2017-10-02 23:53 - 2017-10-02 23:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools 2017-10-02 23:39 - 2017-10-02 23:39 - 000000000 ____D C:\Program Files\Microsoft Office 15 2017-09-30 20:42 - 2017-09-30 20:42 - 000007014 _____ C:\Users\Admin PC\Downloads\Christopher-Mendez(2).pdf 2017-09-30 15:49 - 2017-09-30 15:49 - 000000000 ____D C:\Users\Admin PC\Documents\My Received Files 2017-09-30 12:11 - 2017-09-30 12:11 - 000007841 _____ C:\Users\Admin PC\Downloads\Christopher-Mendez(1).pdf 2017-09-30 11:21 - 2017-09-30 11:22 - 071089112 _____ (Malwarebytes ) C:\Users\Admin PC\Downloads\mb3-setup-consumer-3.2.2.2029-1.0.207-1.0.2899.exe 2017-09-23 22:44 - 2017-09-23 22:51 - 000000000 ____D C:\Users\Admin PC\Desktop\sd card 2017-09-22 13:39 - 2017-09-22 13:39 - 000000340 _____ C:\Users\Admin PC\Documents\psych notes 22.09.txt 2017-09-19 00:16 - 2017-09-20 01:44 - 000000000 ____D C:\Users\Admin PC\Downloads\8ThStreetLatinas - Ariana Cruz, Gina Valentina (Super Freaks) NEW 13 November 2015 2017-09-19 00:14 - 2017-10-08 13:52 - 000000000 ____D C:\Users\Admin PC\AppData\LocalLow\uTorrent 2017-09-11 09:23 - 2017-09-11 09:23 - 000006393 _____ C:\Users\Admin PC\Downloads\Christopher-Mendez.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-10-08 14:04 - 2017-04-26 19:55 - 000000000 ____D C:\Users\Admin PC\AppData\Roaming\uTorrent 2017-10-08 13:57 - 2009-07-14 00:45 - 000018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-10-08 13:57 - 2009-07-14 00:45 - 000018512 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-10-07 10:16 - 2017-06-05 00:14 - 000000000 ____D C:\Program Files (x86)\Steam 2017-10-07 10:14 - 2009-07-14 01:13 - 000799186 _____ C:\Windows\system32\PerfStringBackup.INI 2017-10-07 10:14 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf 2017-10-07 10:08 - 2017-04-13 12:17 - 000000000 ____D C:\ProgramData\Synaptics 2017-10-07 10:08 - 2017-04-13 12:01 - 000000000 __SHD C:\Users\Admin PC\IntelGraphicsProfiles 2017-10-07 10:08 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-10-06 22:58 - 2017-06-18 15:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-10-06 22:58 - 2017-06-18 15:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-10-06 10:53 - 2017-06-04 21:39 - 000000258 __RSH C:\ProgramData\ntuser.pol 2017-10-04 10:50 - 2009-07-14 00:45 - 000459112 _____ C:\Windows\system32\FNTCACHE.DAT 2017-10-02 23:57 - 2017-04-11 19:40 - 000000000 ____D C:\Users\Admin PC 2017-10-02 23:54 - 2017-04-13 11:57 - 000121056 _____ C:\Users\Admin PC\AppData\Local\GDIPFONTCACHEV1.DAT 2017-10-02 23:53 - 2017-06-09 00:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2017-10-02 23:53 - 2009-07-13 23:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared 2017-09-27 21:51 - 2017-04-26 20:13 - 000000000 ____D C:\Windows\Minidump 2017-09-22 00:12 - 2017-04-13 12:14 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-09-20 01:44 - 2016-01-03 21:53 - 000000000 ____D C:\Users\Admin PC\Documents\Psych and Self ==================== Files in the root of some directories ======= 2017-06-05 00:40 - 2017-06-05 00:40 - 000000046 _____ () C:\Users\Admin PC\AppData\Roaming\WB.CFG 2017-04-26 20:04 - 2017-04-26 20:04 - 000014336 _____ () C:\Users\Admin PC\AppData\Local\amling.dll 2017-04-26 20:04 - 2017-04-26 20:04 - 000002048 _____ () C:\Users\Admin PC\AppData\Local\uninstallro.exe 2017-06-13 19:14 - 2017-06-13 19:14 - 000000057 _____ () C:\ProgramData\Ament.ini Files to move or delete: ==================== C:\Users\Admin PC\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed C:\Windows\system32\drivers\ndistpr64.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully LastRegBack: 2017-09-19 08:31 ==================== End of FRST.txt ============================