Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

my computer is infected mostly when I am playing aol poker game [Close

https://www.aol.com/games/pla redirect occurs after two min

  • This topic is locked This topic is locked

#1
isaac49

isaac49

    New Member

  • Member
  • Pip
  • 1 posts

redirect occurs after 1 or 2 minutes

tried blocking the sites, that did not work

it only occurs when I am on this site   

www.aol.com/games/play/masque-publishing/poker/

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01
Ran by m (administrator) on TVROOM (27-09-2017 20:00:40)
Running from C:\Users\m\Downloads
Loaded Profiles: m (Available Profiles: m)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Hewlett-Packard Company) C:\WINDOWS\System32\hpservice.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Tenorshare Co,Ltd) C:\Program Files (x86)\UltData\service\TenorshareWinAdService.exe
() C:\WINDOWS\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\WINDOWS\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-09-18] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-25] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\...\Run: [Google Update] => C:\Users\m\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\...\Run: [BingSvc] => C:\Users\m\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
Startup: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-10-01]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{2FE0B8E1-9E61-4BF1-8257-2A09F5711031}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9021140C-19F8-43E9-BBA2-2C626859BED3}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{E6BDFD1A-39EA-4566-BF6D-5EA6105E79FA}: [DhcpNameServer] 82.163.143.171
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aol.com/
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.com/
hxxp://msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1457942432-3599659512-2598909192-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll [2013-06-29] (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2016-11-17] (Eyeo GmbH)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-19] (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll [2013-06-29] (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2016-11-17] (Eyeo GmbH)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)
Toolbar: HKU\S-1-5-21-1457942432-3599659512-2598909192-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\o3oepmmi.default [2017-09-27]
FF user.js: detected! => C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\o3oepmmi.default\user.js [2013-12-04]
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\o3oepmmi.default -> Yahoo
FF Homepage: Mozilla\Firefox\Profiles\o3oepmmi.default -> about:home
FF SearchPlugin: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\o3oepmmi.default\searchplugins\bing-lavasoft.xml [2015-12-13]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18] [not signed]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\log.txt [2014-09-10]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahootc.xml [2014-06-03]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\m\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-04-15] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [2012-07-18] (Nuance Communications Inc.)
FF Plugin HKU\S-1-5-21-1457942432-3599659512-2598909192-1002: @tools.google.com/Google Update;version=3 -> C:\Users\m\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1457942432-3599659512-2598909192-1002: @tools.google.com/Google Update;version=9 -> C:\Users\m\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR NewTab: Default -> "active": false,
            "entry": "chrome-extension://kciaejpdfljmfkfoelfapnmmkhimpcoe/newtab/newtab.html"
         
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\m\AppData\Local\Google\Chrome\User Data\Default [2017-09-26]
CHR Extension: (YouTube) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-22]
CHR Extension: (Google Cast for Education) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnmgbcehmiinmmlmepibeeflglhbhlea [2017-09-07]
CHR Extension: (Google Cast) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-10-28]
CHR Extension: (PictaCast for Chromecast® - Trial) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekgaebaencakkggokbokmgojdbafnefi [2016-12-21]
CHR Extension: (Bing) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-09-09]
CHR Extension: (CastBuddy) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghagedffjalchgcgdgfindabkpnmalel [2017-05-21]
CHR Extension: (MerlinArcade Ads) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\hknbipnekahojmloinmepmnliidkhdcg [2017-09-07]
CHR Extension: (getPrivate Plus) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdglcpkgfpgcaoknipcfncmfkfieigej [2017-01-21]
CHR Extension: (Skype) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-09-07]
CHR Extension: (Total AV Web Shield) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-07]
CHR Extension: (Gmail) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-22]
CHR Extension: (Chrome Media Router) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-07]
CHR Profile: C:\Users\m\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-09-26]
CHR Profile: C:\Users\m\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-26]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-25] (IDT, Inc.) [File not signed]
R2 TenorshareWinAdService; C:\Program Files (x86)\UltData\service\TenorshareWinAdService.exe [27648 2016-11-07] (Tenorshare Co,Ltd) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe [440832 2016-12-15] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [202592 2012-09-11] (AppEx Networks Corporation)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-03-09] ()
R1 MpKsl09c4b250; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{297991F9-0BEC-4F61-AC0E-584372E22AEA}\MpKsl09c4b250.sys [44928 2017-09-27] (Microsoft Corporation)
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-09-18] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
U1 aswbdisk; no ImagePath
S1 ESProtectionDriver; \??\C:\WINDOWS\system32\drivers\mbae64.sys [X]
S3 MBAMFarflt; \SystemRoot\system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]
S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]
S1 MpKsla2219246; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90282FA0-5901-4EC6-8752-C4A9F30C4C25}\MpKsla2219246.sys [X]
S3 wanatw; \SystemRoot\system32\DRIVERS\wanatw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-27 20:00 - 2017-09-27 20:01 - 000020442 _____ C:\Users\m\Downloads\FRST.txt
2017-09-27 20:00 - 2017-09-27 20:00 - 000000000 ____D C:\FRST
2017-09-27 19:57 - 2017-09-27 20:00 - 002399744 _____ (Farbar) C:\Users\m\Downloads\FRST64.exe
2017-09-26 08:25 - 2017-09-26 09:22 - 000000330 _____ C:\WINDOWS\Tasks\HPCeeScheduleForm.job
2017-09-26 08:25 - 2017-09-26 08:25 - 000003136 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForm
2017-09-25 22:33 - 2017-09-25 22:33 - 000000000 ___SD C:\Users\m\Documents\My Data Sources
2017-09-12 18:20 - 2017-08-15 10:06 - 015260160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 18:20 - 2017-08-15 09:58 - 013673984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 18:20 - 2017-08-13 14:58 - 025730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 18:20 - 2017-08-13 12:54 - 020269056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 18:20 - 2017-08-13 12:51 - 005981696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 18:20 - 2017-08-13 12:15 - 007078912 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-09-12 18:20 - 2017-08-12 05:30 - 022361344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 18:20 - 2017-08-12 05:26 - 019789736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 18:20 - 2017-08-10 21:43 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 18:19 - 2017-08-19 13:27 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 18:19 - 2017-08-19 12:48 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 18:19 - 2017-08-17 18:07 - 000537200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 18:19 - 2017-08-17 18:07 - 000140016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 18:19 - 2017-08-17 18:03 - 000450392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 18:19 - 2017-08-17 18:03 - 000136832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 18:19 - 2017-08-15 10:01 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 18:19 - 2017-08-15 10:01 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 18:19 - 2017-08-15 10:01 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 18:19 - 2017-08-13 13:19 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 18:19 - 2017-08-13 13:05 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-09-12 18:19 - 2017-08-13 13:04 - 002899968 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 18:19 - 2017-08-13 12:50 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-09-12 18:19 - 2017-08-13 12:29 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-09-12 18:19 - 2017-08-13 12:28 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 18:19 - 2017-08-13 12:24 - 002291200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 18:19 - 2017-08-13 12:23 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 18:19 - 2017-08-13 12:21 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 18:19 - 2017-08-13 12:20 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 18:19 - 2017-08-13 12:17 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-09-12 18:19 - 2017-08-13 12:14 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-09-12 18:19 - 2017-08-13 12:07 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 18:19 - 2017-08-13 12:05 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 18:19 - 2017-08-13 12:04 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 18:19 - 2017-08-13 12:04 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 18:19 - 2017-08-13 12:01 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 18:19 - 2017-08-13 11:52 - 005274624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-09-12 18:19 - 2017-08-13 11:52 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 18:19 - 2017-08-13 11:51 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-09-12 18:19 - 2017-08-13 11:48 - 004547072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 18:19 - 2017-08-13 11:46 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 18:19 - 2017-08-13 11:44 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 18:19 - 2017-08-13 11:44 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 18:19 - 2017-08-13 11:43 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 18:19 - 2017-08-13 11:40 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 18:19 - 2017-08-13 11:27 - 001544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 18:19 - 2017-08-13 11:25 - 007797248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 18:19 - 2017-08-13 11:18 - 005270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 18:19 - 2017-08-13 11:18 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 18:19 - 2017-08-13 11:17 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 18:19 - 2017-08-13 11:14 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 18:19 - 2017-08-13 11:13 - 001314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 18:19 - 2017-08-11 20:39 - 001364552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-09-12 18:19 - 2017-08-11 19:59 - 007440728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 18:19 - 2017-08-11 19:58 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 18:19 - 2017-08-11 19:58 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 18:19 - 2017-08-11 16:46 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-09-12 18:19 - 2017-08-11 16:29 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-09-12 18:19 - 2017-08-11 16:13 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 18:19 - 2017-08-10 23:30 - 004170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 18:19 - 2017-08-10 23:27 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 18:19 - 2017-08-10 23:27 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 18:19 - 2017-08-10 22:38 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-09-12 18:19 - 2017-08-10 22:08 - 001753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 18:19 - 2017-08-10 22:08 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-09-12 18:19 - 2017-08-10 22:02 - 001084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-09-12 18:19 - 2017-08-10 21:52 - 001491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 18:19 - 2017-08-10 21:49 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 18:19 - 2017-08-10 21:44 - 001095680 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 18:19 - 2017-08-10 21:41 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 18:19 - 2017-08-06 17:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-09-12 18:19 - 2017-08-06 03:13 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-09-12 18:19 - 2017-07-22 14:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-09-12 18:19 - 2017-07-22 13:32 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-09-12 18:19 - 2017-07-17 15:53 - 004298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 18:19 - 2017-07-16 19:55 - 003551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 18:19 - 2017-07-13 19:03 - 002013528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-09-12 18:19 - 2017-07-12 16:29 - 000420440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 18:19 - 2017-07-12 16:29 - 000075440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 18:19 - 2017-07-12 16:25 - 000308872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 18:19 - 2017-07-12 16:25 - 000066112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 18:19 - 2017-07-08 15:03 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-09-12 18:19 - 2017-07-08 14:43 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2017-09-12 18:19 - 2017-07-08 14:30 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-09-12 18:19 - 2017-07-08 14:20 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-09-12 18:19 - 2017-07-08 13:25 - 001436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 18:19 - 2017-07-08 13:00 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-09-12 18:19 - 2017-07-07 23:14 - 000100184 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2017-09-09 16:25 - 2017-09-17 12:19 - 000000000 ____D C:\Program Files\Remo Optimizer2.0
2017-09-09 16:25 - 2017-09-09 16:36 - 000000000 ____D C:\Users\m\AppData\Roaming\Remo
2017-09-09 16:25 - 2009-02-12 15:11 - 000026024 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rsdrvx64.sys
2017-09-07 15:38 - 2017-09-07 15:38 - 000000000 ____D C:\ProgramData\SecuritySuite
2017-09-07 15:33 - 2017-09-07 15:33 - 000000000 ____D C:\Users\m\Documents\TotalAV
2017-09-07 15:32 - 2017-09-07 15:32 - 000000000 ____D C:\Users\m\AppData\Roaming\TotalAV
2017-09-07 12:30 - 2017-09-07 12:30 - 000001183 _____ C:\Users\m\Desktop\Continue Adobe Flash Player Installation.lnk
2017-09-06 23:14 - 2017-09-06 23:14 - 000002190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2017-09-06 23:14 - 2017-09-06 23:14 - 000002152 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-09-06 13:43 - 2017-09-27 16:06 - 000003902 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{114AEBAD-0C98-4D64-895E-21173A6DA79E}
2017-09-06 13:30 - 2017-09-06 13:30 - 000000002 _____ C:\WINDOWS\msoffice.ini
2017-09-06 13:30 - 2017-09-06 13:30 - 000000000 ____D C:\Users\m\Desktop\AOL Saved PFC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-27 19:12 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-27 18:49 - 2016-03-26 13:11 - 000000433 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-09-27 18:48 - 2014-10-24 14:20 - 000000000 ____D C:\Users\m
2017-09-27 18:48 - 2013-08-27 08:52 - 000000000 ____D C:\Users\m\AppData\LocalLow\AuthenTec
2017-09-27 18:48 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-27 09:08 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2017-09-26 22:51 - 2013-08-27 09:04 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1457942432-3599659512-2598909192-1002
2017-09-26 20:21 - 2016-06-22 12:09 - 000002175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-26 20:21 - 2016-06-22 12:09 - 000002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-26 20:09 - 2016-03-13 11:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-26 08:15 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-25 02:10 - 2012-12-03 19:44 - 000000000 ____D C:\ProgramData\Temp
2017-09-22 19:51 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-22 19:40 - 2013-08-22 09:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2017-09-22 11:47 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\rescache
2017-09-18 20:39 - 2014-01-17 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-09-14 09:33 - 2014-09-24 03:15 - 000958016 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-14 09:25 - 2013-08-22 10:44 - 000526696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-14 09:17 - 2013-08-22 11:36 - 000000000 ___RD C:\WINDOWS\ToastData
2017-09-13 23:49 - 2013-08-28 10:03 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 23:44 - 2013-08-28 10:03 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-13 21:49 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 21:23 - 2012-07-26 01:26 - 000000202 _____ C:\WINDOWS\win.ini
2017-09-09 21:28 - 2016-10-03 14:05 - 000000000 ____D C:\Users\m\AppData\Roaming\vlc
2017-09-09 21:20 - 2015-04-09 08:40 - 000000000 __RDO C:\Users\m\OneDrive.old
2017-09-09 21:16 - 2013-11-21 18:37 - 000000000 ___RD C:\Users\m\SkyDrive
2017-09-07 16:20 - 2016-12-21 22:49 - 000000000 ____D C:\Program Files (x86)\SmartMusic.stage
2017-09-06 23:14 - 2013-09-23 15:26 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-06 13:31 - 2016-12-31 14:07 - 000000000 ____D C:\Users\m\AppData\Local\AOL
2017-09-06 13:30 - 2016-12-31 14:11 - 000000000 ____D C:\Users\m\AppData\Roaming\AOL
2017-09-06 13:30 - 2016-12-31 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2017-09-06 13:30 - 2016-12-31 14:10 - 000000000 ____D C:\Users\Public\Documents\AOL Downloads
2017-09-06 13:30 - 2016-12-31 14:07 - 000000000 ____D C:\ProgramData\AOL
2017-09-06 12:24 - 2017-04-24 09:13 - 000000000 ____D C:\Users\m\AppData\LocalLow\Adblock Plus for IE
2017-09-06 12:14 - 2013-08-22 11:36 - 000000000 __RSD C:\WINDOWS\Media
2017-09-06 12:14 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-09-06 12:14 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-09-06 12:14 - 2013-08-22 11:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-06 12:14 - 2012-12-03 19:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-09-06 11:56 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\registration
2017-09-06 11:35 - 2016-09-29 00:54 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak1
2017-09-01 19:54 - 2017-06-17 12:34 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-01 19:54 - 2017-06-17 12:34 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-29 14:35 - 2015-02-03 02:09 - 000000000 ____D C:\Users\m\AppData\Roaming\Apple Computer

==================== Files in the root of some directories =======

2013-08-28 21:34 - 2015-05-15 13:59 - 000002395 _____ () C:\Users\m\AppData\Roaming\SAS7_000.DAT
2015-01-02 13:20 - 2015-01-02 13:20 - 000000064 _____ () C:\Users\m\AppData\Local\f7e0198fd4e41d3047874a740fe8f5e7
2017-07-28 10:44 - 2017-07-28 10:44 - 000007600 _____ () C:\Users\m\AppData\Local\Resmon.ResmonCfg
2017-01-04 21:58 - 2017-01-04 21:58 - 000000457 _____ () C:\Users\m\AppData\Local\Tempcheckcoverage_cookie.txt
2014-10-23 20:01 - 2016-09-29 10:50 - 000015573 _____ () C:\ProgramData\hpzinstall.log
2015-01-02 15:50 - 2015-01-02 15:53 - 000001465 _____ () C:\ProgramData\tempimage.bmp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-27 19:01

==================== End of FRST.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01
Ran by m (administrator) on TVROOM (27-09-2017 20:00:40)
Running from C:\Users\m\Downloads
Loaded Profiles: m (Available Profiles: m)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Hewlett-Packard Company) C:\WINDOWS\System32\hpservice.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Tenorshare Co,Ltd) C:\Program Files (x86)\UltData\service\TenorshareWinAdService.exe
() C:\WINDOWS\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\WINDOWS\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\WINDOWS\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-09-18] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-25] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\...\Run: [Google Update] => C:\Users\m\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\...\Run: [BingSvc] => C:\Users\m\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-07-14] (Apple Inc.)
Startup: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-10-01]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{2FE0B8E1-9E61-4BF1-8257-2A09F5711031}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9021140C-19F8-43E9-BBA2-2C626859BED3}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{E6BDFD1A-39EA-4566-BF6D-5EA6105E79FA}: [DhcpNameServer] 82.163.143.171
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://aol.com/
HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.com/
hxxp://msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1457942432-3599659512-2598909192-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll [2013-06-29] (IvoSoft)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2016-11-17] (Eyeo GmbH)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-03-19] (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll [2013-06-29] (IvoSoft)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2016-11-17] (Eyeo GmbH)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-06-29] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-06-29] (IvoSoft)
Toolbar: HKU\S-1-5-21-1457942432-3599659512-2598909192-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-01-01] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\o3oepmmi.default [2017-09-27]
FF user.js: detected! => C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\o3oepmmi.default\user.js [2013-12-04]
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\o3oepmmi.default -> Yahoo
FF Homepage: Mozilla\Firefox\Profiles\o3oepmmi.default -> about:home
FF SearchPlugin: C:\Users\m\AppData\Roaming\Mozilla\Firefox\Profiles\o3oepmmi.default\searchplugins\bing-lavasoft.xml [2015-12-13]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18] [not signed]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\log.txt [2014-09-10]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahootc.xml [2014-06-03]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-03-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-19] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\m\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-04-15] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [2012-07-18] (Nuance Communications Inc.)
FF Plugin HKU\S-1-5-21-1457942432-3599659512-2598909192-1002: @tools.google.com/Google Update;version=3 -> C:\Users\m\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1457942432-3599659512-2598909192-1002: @tools.google.com/Google Update;version=9 -> C:\Users\m\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com
CHR NewTab: Default -> "active": false,
            "entry": "chrome-extension://kciaejpdfljmfkfoelfapnmmkhimpcoe/newtab/newtab.html"
         
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\m\AppData\Local\Google\Chrome\User Data\Default [2017-09-26]
CHR Extension: (YouTube) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-22]
CHR Extension: (Google Cast for Education) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnmgbcehmiinmmlmepibeeflglhbhlea [2017-09-07]
CHR Extension: (Google Cast) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-10-28]
CHR Extension: (PictaCast for Chromecast® - Trial) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekgaebaencakkggokbokmgojdbafnefi [2016-12-21]
CHR Extension: (Bing) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-09-09]
CHR Extension: (CastBuddy) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghagedffjalchgcgdgfindabkpnmalel [2017-05-21]
CHR Extension: (MerlinArcade Ads) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\hknbipnekahojmloinmepmnliidkhdcg [2017-09-07]
CHR Extension: (getPrivate Plus) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdglcpkgfpgcaoknipcfncmfkfieigej [2017-01-21]
CHR Extension: (Skype) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-09-07]
CHR Extension: (Total AV Web Shield) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-07]
CHR Extension: (Gmail) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-22]
CHR Extension: (Chrome Media Router) - C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-07]
CHR Profile: C:\Users\m\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-09-26]
CHR Profile: C:\Users\m\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-26]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1457942432-3599659512-2598909192-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-10-25] (IDT, Inc.) [File not signed]
R2 TenorshareWinAdService; C:\Program Files (x86)\UltData\service\TenorshareWinAdService.exe [27648 2016-11-07] (Tenorshare Co,Ltd) [File not signed]
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.220\WsAppService.exe [440832 2016-12-15] (Wondershare) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [202592 2012-09-11] (AppEx Networks Corporation)
R3 athr; C:\WINDOWS\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-03-09] ()
R1 MpKsl09c4b250; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{297991F9-0BEC-4F61-AC0E-584372E22AEA}\MpKsl09c4b250.sys [44928 2017-09-27] (Microsoft Corporation)
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-09-18] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
U1 aswbdisk; no ImagePath
S1 ESProtectionDriver; \??\C:\WINDOWS\system32\drivers\mbae64.sys [X]
S3 MBAMFarflt; \SystemRoot\system32\DRIVERS\farflt.sys [X]
S3 MBAMProtection; \??\C:\WINDOWS\system32\drivers\mbam.sys [X]
S3 MBAMWebProtection; \??\C:\WINDOWS\system32\drivers\mwac.sys [X]
S1 MpKsla2219246; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{90282FA0-5901-4EC6-8752-C4A9F30C4C25}\MpKsla2219246.sys [X]
S3 wanatw; \SystemRoot\system32\DRIVERS\wanatw64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-27 20:00 - 2017-09-27 20:01 - 000020442 _____ C:\Users\m\Downloads\FRST.txt
2017-09-27 20:00 - 2017-09-27 20:00 - 000000000 ____D C:\FRST
2017-09-27 19:57 - 2017-09-27 20:00 - 002399744 _____ (Farbar) C:\Users\m\Downloads\FRST64.exe
2017-09-26 08:25 - 2017-09-26 09:22 - 000000330 _____ C:\WINDOWS\Tasks\HPCeeScheduleForm.job
2017-09-26 08:25 - 2017-09-26 08:25 - 000003136 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForm
2017-09-25 22:33 - 2017-09-25 22:33 - 000000000 ___SD C:\Users\m\Documents\My Data Sources
2017-09-12 18:20 - 2017-08-15 10:06 - 015260160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-12 18:20 - 2017-08-15 09:58 - 013673984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-12 18:20 - 2017-08-13 14:58 - 025730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-12 18:20 - 2017-08-13 12:54 - 020269056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-12 18:20 - 2017-08-13 12:51 - 005981696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-12 18:20 - 2017-08-13 12:15 - 007078912 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-09-12 18:20 - 2017-08-12 05:30 - 022361344 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-12 18:20 - 2017-08-12 05:26 - 019789736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-12 18:20 - 2017-08-10 21:43 - 000865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 18:19 - 2017-08-19 13:27 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 18:19 - 2017-08-19 12:48 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 18:19 - 2017-08-17 18:07 - 000537200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-12 18:19 - 2017-08-17 18:07 - 000140016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-12 18:19 - 2017-08-17 18:03 - 000450392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-12 18:19 - 2017-08-17 18:03 - 000136832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-12 18:19 - 2017-08-15 10:01 - 000279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 18:19 - 2017-08-15 10:01 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 18:19 - 2017-08-15 10:01 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 18:19 - 2017-08-13 13:19 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 18:19 - 2017-08-13 13:05 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-09-12 18:19 - 2017-08-13 13:04 - 002899968 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 18:19 - 2017-08-13 12:50 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-09-12 18:19 - 2017-08-13 12:29 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-09-12 18:19 - 2017-08-13 12:28 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 18:19 - 2017-08-13 12:24 - 002291200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 18:19 - 2017-08-13 12:23 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 18:19 - 2017-08-13 12:21 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 18:19 - 2017-08-13 12:20 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 18:19 - 2017-08-13 12:17 - 000663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-09-12 18:19 - 2017-08-13 12:14 - 001033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-09-12 18:19 - 2017-08-13 12:07 - 000262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 18:19 - 2017-08-13 12:05 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-12 18:19 - 2017-08-13 12:04 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-12 18:19 - 2017-08-13 12:04 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-12 18:19 - 2017-08-13 12:01 - 002134528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-12 18:19 - 2017-08-13 11:52 - 005274624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-09-12 18:19 - 2017-08-13 11:52 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 18:19 - 2017-08-13 11:51 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-09-12 18:19 - 2017-08-13 11:48 - 004547072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-12 18:19 - 2017-08-13 11:46 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 18:19 - 2017-08-13 11:44 - 000694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-12 18:19 - 2017-08-13 11:44 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-12 18:19 - 2017-08-13 11:43 - 002058752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-12 18:19 - 2017-08-13 11:40 - 003241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-12 18:19 - 2017-08-13 11:27 - 001544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-12 18:19 - 2017-08-13 11:25 - 007797248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-12 18:19 - 2017-08-13 11:18 - 005270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-12 18:19 - 2017-08-13 11:18 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 18:19 - 2017-08-13 11:17 - 002767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-12 18:19 - 2017-08-13 11:14 - 000710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 18:19 - 2017-08-13 11:13 - 001314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-12 18:19 - 2017-08-11 20:39 - 001364552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-09-12 18:19 - 2017-08-11 19:59 - 007440728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-12 18:19 - 2017-08-11 19:58 - 001737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 18:19 - 2017-08-11 19:58 - 001502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 18:19 - 2017-08-11 16:46 - 000367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPTpm12.dll
2017-09-12 18:19 - 2017-08-11 16:29 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPTpm12.dll
2017-09-12 18:19 - 2017-08-11 16:13 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-12 18:19 - 2017-08-10 23:30 - 004170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 18:19 - 2017-08-10 23:27 - 000281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 18:19 - 2017-08-10 23:27 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 18:19 - 2017-08-10 22:38 - 000477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-09-12 18:19 - 2017-08-10 22:08 - 001753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 18:19 - 2017-08-10 22:08 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-09-12 18:19 - 2017-08-10 22:02 - 001084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-09-12 18:19 - 2017-08-10 21:52 - 001491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 18:19 - 2017-08-10 21:49 - 000346624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 18:19 - 2017-08-10 21:44 - 001095680 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 18:19 - 2017-08-10 21:41 - 000307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 18:19 - 2017-08-06 17:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-09-12 18:19 - 2017-08-06 03:13 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-09-12 18:19 - 2017-07-22 14:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsium.dll
2017-09-12 18:19 - 2017-07-22 13:32 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsium.dll
2017-09-12 18:19 - 2017-07-17 15:53 - 004298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-12 18:19 - 2017-07-16 19:55 - 003551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-12 18:19 - 2017-07-13 19:03 - 002013528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-09-12 18:19 - 2017-07-12 16:29 - 000420440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 18:19 - 2017-07-12 16:29 - 000075440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 18:19 - 2017-07-12 16:25 - 000308872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 18:19 - 2017-07-12 16:25 - 000066112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 18:19 - 2017-07-08 15:03 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-09-12 18:19 - 2017-07-08 14:43 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2017-09-12 18:19 - 2017-07-08 14:30 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-09-12 18:19 - 2017-07-08 14:20 - 000445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-09-12 18:19 - 2017-07-08 13:25 - 001436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-12 18:19 - 2017-07-08 13:00 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-09-12 18:19 - 2017-07-07 23:14 - 000100184 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2017-09-09 16:25 - 2017-09-17 12:19 - 000000000 ____D C:\Program Files\Remo Optimizer2.0
2017-09-09 16:25 - 2017-09-09 16:36 - 000000000 ____D C:\Users\m\AppData\Roaming\Remo
2017-09-09 16:25 - 2009-02-12 15:11 - 000026024 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\rsdrvx64.sys
2017-09-07 15:38 - 2017-09-07 15:38 - 000000000 ____D C:\ProgramData\SecuritySuite
2017-09-07 15:33 - 2017-09-07 15:33 - 000000000 ____D C:\Users\m\Documents\TotalAV
2017-09-07 15:32 - 2017-09-07 15:32 - 000000000 ____D C:\Users\m\AppData\Roaming\TotalAV
2017-09-07 12:30 - 2017-09-07 12:30 - 000001183 _____ C:\Users\m\Desktop\Continue Adobe Flash Player Installation.lnk
2017-09-06 23:14 - 2017-09-06 23:14 - 000002190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2017-09-06 23:14 - 2017-09-06 23:14 - 000002152 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2017-09-06 13:43 - 2017-09-27 16:06 - 000003902 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{114AEBAD-0C98-4D64-895E-21173A6DA79E}
2017-09-06 13:30 - 2017-09-06 13:30 - 000000002 _____ C:\WINDOWS\msoffice.ini
2017-09-06 13:30 - 2017-09-06 13:30 - 000000000 ____D C:\Users\m\Desktop\AOL Saved PFC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-27 19:12 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-27 18:49 - 2016-03-26 13:11 - 000000433 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-09-27 18:48 - 2014-10-24 14:20 - 000000000 ____D C:\Users\m
2017-09-27 18:48 - 2013-08-27 08:52 - 000000000 ____D C:\Users\m\AppData\LocalLow\AuthenTec
2017-09-27 18:48 - 2013-08-22 10:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-27 09:08 - 2013-08-22 09:36 - 000000000 ____D C:\WINDOWS\Inf
2017-09-26 22:51 - 2013-08-27 09:04 - 000003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1457942432-3599659512-2598909192-1002
2017-09-26 20:21 - 2016-06-22 12:09 - 000002175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-26 20:21 - 2016-06-22 12:09 - 000002163 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-26 20:09 - 2016-03-13 11:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-26 08:15 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-25 02:10 - 2012-12-03 19:44 - 000000000 ____D C:\ProgramData\Temp
2017-09-22 19:51 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-22 19:40 - 2013-08-22 09:25 - 000524288 ___SH C:\WINDOWS\system32\config\BBI
2017-09-22 11:47 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\rescache
2017-09-18 20:39 - 2014-01-17 20:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-09-14 09:33 - 2014-09-24 03:15 - 000958016 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-14 09:25 - 2013-08-22 10:44 - 000526696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-14 09:17 - 2013-08-22 11:36 - 000000000 ___RD C:\WINDOWS\ToastData
2017-09-13 23:49 - 2013-08-28 10:03 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 23:44 - 2013-08-28 10:03 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-13 21:49 - 2012-07-26 03:59 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 21:23 - 2012-07-26 01:26 - 000000202 _____ C:\WINDOWS\win.ini
2017-09-09 21:28 - 2016-10-03 14:05 - 000000000 ____D C:\Users\m\AppData\Roaming\vlc
2017-09-09 21:20 - 2015-04-09 08:40 - 000000000 __RDO C:\Users\m\OneDrive.old
2017-09-09 21:16 - 2013-11-21 18:37 - 000000000 ___RD C:\Users\m\SkyDrive
2017-09-07 16:20 - 2016-12-21 22:49 - 000000000 ____D C:\Program Files (x86)\SmartMusic.stage
2017-09-06 23:14 - 2013-09-23 15:26 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-06 13:31 - 2016-12-31 14:07 - 000000000 ____D C:\Users\m\AppData\Local\AOL
2017-09-06 13:30 - 2016-12-31 14:11 - 000000000 ____D C:\Users\m\AppData\Roaming\AOL
2017-09-06 13:30 - 2016-12-31 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
2017-09-06 13:30 - 2016-12-31 14:10 - 000000000 ____D C:\Users\Public\Documents\AOL Downloads
2017-09-06 13:30 - 2016-12-31 14:07 - 000000000 ____D C:\ProgramData\AOL
2017-09-06 12:24 - 2017-04-24 09:13 - 000000000 ____D C:\Users\m\AppData\LocalLow\Adblock Plus for IE
2017-09-06 12:14 - 2013-08-22 11:36 - 000000000 __RSD C:\WINDOWS\Media
2017-09-06 12:14 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-09-06 12:14 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-09-06 12:14 - 2013-08-22 11:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-06 12:14 - 2012-12-03 19:58 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-09-06 11:56 - 2013-08-22 11:36 - 000000000 ____D C:\WINDOWS\registration
2017-09-06 11:35 - 2016-09-29 00:54 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak1
2017-09-01 19:54 - 2017-06-17 12:34 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-01 19:54 - 2017-06-17 12:34 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-29 14:35 - 2015-02-03 02:09 - 000000000 ____D C:\Users\m\AppData\Roaming\Apple Computer

==================== Files in the root of some directories =======

2013-08-28 21:34 - 2015-05-15 13:59 - 000002395 _____ () C:\Users\m\AppData\Roaming\SAS7_000.DAT
2015-01-02 13:20 - 2015-01-02 13:20 - 000000064 _____ () C:\Users\m\AppData\Local\f7e0198fd4e41d3047874a740fe8f5e7
2017-07-28 10:44 - 2017-07-28 10:44 - 000007600 _____ () C:\Users\m\AppData\Local\Resmon.ResmonCfg
2017-01-04 21:58 - 2017-01-04 21:58 - 000000457 _____ () C:\Users\m\AppData\Local\Tempcheckcoverage_cookie.txt
2014-10-23 20:01 - 2016-09-29 10:50 - 000015573 _____ () C:\ProgramData\hpzinstall.log
2015-01-02 15:50 - 2015-01-02 15:53 - 000001465 _____ () C:\ProgramData\tempimage.bmp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-27 19:01

==================== End of FRST.txt ============================




  • 0

Advertisements


#2
Joeicam

Joeicam

    GeekU Senior

  • GeekU Senior
  • 1,035 posts

Hello isaac49, and welcome to logo.png
 
My name is Joeicam :), you can call me Joe, and I will be assisting you every step of the way.
 
Please Note: I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you have two people looking at your problem. 
 
If you have any questions or comments, or aren't quite sure about what to do, STOP AND ASK.
 
Before we begin, please familiarize yourself with the following:
  • Back up your files and folders, as sometimes malware infections can be severe. It's a good habit to plan for the worst.
  • Please follow my instructions exactly, and do not repeat any steps more than once, unless instructed.
  • Copy/Paste entire contents of your logs, and submit inside your post, instead of submitting as an attachment, unless told otherwise.
  • If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
 
Finally
  • As malware removal can be a complicated, multistep process, you should stick with me until I declare your system to be clean of all threats. It may seem like your system is running properly, but that does not mean that the infection is completely gone.
  • You must reply to this post within four days, if you do not, then the topic will be closed.
  • However, if you need more time to run the tools and fixes, or would like your topic to be reopened, please PM me or any Moderator to reactivate your topic.
 
If I have not responded to your post within 24 hours, then send me a private message (PM).
Otherwise, all communication is done in the forums.
 
Let's get to work! :)
 
____________________________________________________________________________________________________
 
The fixes presented are specific to your problem and should only be used for the issue on this machine!
____________________________________________________________________________________________________
 
As it has been a few days, do you still require assistance?
 
I am currently in the process of reviewing your logs, but please continue with the steps below so that I can review a fresh set :).
 
Some question(s):
- Which website(s) are you re-directed to? 
 
Step 1 of 1:Re-Scan with FRST
 
Please move FRST from your Downloads folder to your Desktop.
  • Right-click the application and select run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the logs back here.
 
 

 


  • 0

#3
LiquidTension

LiquidTension

    Instructor

  • GeekU Moderator
  • 967 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP