- Nov 24, 2015
- 8
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
Ran by owner (administrator) on USER (24-11-2015 19:09:36)
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner & Administrator)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(AAA Internet Publishing, Inc.) C:\Program Files (x86)\WTFast\WTFast.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213328 2012-10-18] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-17] (Spotify Ltd)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [5255256 2015-09-14] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Spotify] => C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-17] (Spotify Ltd)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: G - "G:\setup.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {33486513-085e-11e5-be77-6036dd96df6a} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {33487445-085e-11e5-be77-6036dd96df6a} - "G:\setup.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {47e853b3-e967-11e4-be9b-6036dd96df6a} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {9306f413-1a71-11e5-be7c-6036dd96df6a} - "E:\setup.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {9847de0c-2af1-11e5-be7f-6036dd96df6a} - "G:\setup.exe"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 16 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A86A4DAE-D5FB-4CDC-BE7E-5533FF37E6DB}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-4053647124-3796825272-3454316862-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4053647124-3796825272-3454316862-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-07-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-21] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Extension: League of Legends Match History Fix - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\leaguematchfix@distilledchaos.addons.mozilla.org.xpi [2015-05-28]
FF Extension: Who Deleted Me - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\whodeletedme@deleted.io.xpi [2015-11-21]
FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-10] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-08] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
U0 msahci; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-24 19:09 - 2015-11-24 19:09 - 00017703 _____ C:\Users\owner\Desktop\FRST.txt
2015-11-24 19:08 - 2015-11-24 19:08 - 02348544 _____ (Farbar) C:\Users\owner\Downloads\FRST64(1).exe
2015-11-24 18:44 - 2015-11-24 18:46 - 00027118 _____ C:\Users\owner\Downloads\Addition.txt
2015-11-24 18:43 - 2015-11-24 19:09 - 00000000 ____D C:\FRST
2015-11-24 18:43 - 2015-11-24 18:46 - 00024058 _____ C:\Users\owner\Downloads\FRST.txt
2015-11-24 18:43 - 2015-11-24 18:43 - 02348544 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2015-11-24 18:37 - 2015-11-24 18:39 - 00000000 ____D C:\AdwCleaner
2015-11-24 18:37 - 2015-11-24 18:37 - 01733632 _____ C:\Users\owner\Downloads\AdwCleaner.exe
2015-11-24 18:16 - 2015-11-24 18:18 - 00002186 _____ C:\Users\owner\Desktop\Rkill.txt
2015-11-24 18:15 - 2015-11-24 18:15 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill.exe
2015-11-21 14:13 - 2015-11-21 14:14 - 00286640 _____ C:\WINDOWS\Minidump\112115-26328-01.dmp
2015-11-21 14:10 - 2015-11-21 14:16 - 00000000 ____H C:\Users\owner\AppData\Local\BITE51B.tmp
2015-11-21 14:09 - 2015-11-21 14:10 - 00000107 _____ C:\Users\owner\AppData\Local\{8ACC31CA-60C8-43FB-87DA-3FE626B5E8BC}
2015-11-12 14:50 - 2015-11-12 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-10 12:51 - 2015-11-16 14:09 - 00018725 _____ C:\Users\owner\Desktop\Union cover letter.odt
2015-11-03 15:08 - 2015-11-09 09:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-28 08:11 - 2015-10-28 08:11 - 00290536 _____ C:\WINDOWS\Minidump\102815-52937-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-24 19:02 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-24 18:51 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-24 18:46 - 2015-07-10 10:36 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-24 18:46 - 2012-07-26 02:28 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-24 18:42 - 2015-05-19 22:09 - 00000450 _____ C:\Users\owner\AppData\Roaming\sp_data.sys
2015-11-24 18:42 - 2012-12-28 12:00 - 01394100 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-24 18:40 - 2015-07-10 10:36 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-24 18:40 - 2012-07-26 02:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-24 18:39 - 2012-07-26 00:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-24 18:25 - 2012-08-01 20:20 - 00022366 _____ C:\WINDOWS\PFRO.log
2015-11-24 18:12 - 2015-07-10 10:50 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-24 18:12 - 2015-05-20 00:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-24 07:49 - 2015-05-19 22:27 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype
2015-11-24 01:17 - 2013-09-09 09:58 - 00000000 ____D C:\Users\owner\Desktop\LOL
2015-11-24 01:13 - 2015-06-08 13:38 - 00000258 __RSH C:\Users\owner\ntuser.pol
2015-11-24 01:13 - 2015-06-08 13:38 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-11-24 01:13 - 2015-05-19 22:02 - 00000000 ____D C:\Users\owner
2015-11-24 01:13 - 2012-07-26 03:12 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-11-24 00:53 - 2015-05-19 22:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-24 00:53 - 2015-05-19 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-24 00:53 - 2015-05-19 22:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-23 23:13 - 2015-05-19 22:39 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify
2015-11-23 22:16 - 2015-05-19 22:40 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify
2015-11-22 21:59 - 2015-07-10 10:39 - 00000000 ___RD C:\Users\owner\Dropbox
2015-11-22 21:58 - 2015-07-10 10:36 - 00000000 ____D C:\Users\owner\AppData\Local\Dropbox
2015-11-21 14:19 - 2012-07-26 02:21 - 00044393 _____ C:\WINDOWS\setupact.log
2015-11-21 14:13 - 2015-05-19 21:56 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-21 14:13 - 2015-05-19 21:55 - 612238929 _____ C:\WINDOWS\MEMORY.DMP
2015-11-19 19:40 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-11-16 20:24 - 2015-05-19 22:16 - 00000000 ____D C:\ProgramData\Skype
2015-11-12 14:50 - 2015-07-10 10:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-11 12:12 - 2015-05-20 00:11 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-09 09:12 - 2015-05-19 22:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
==================== Files in the root of some directories =======
2015-05-19 22:09 - 2015-11-24 18:42 - 0000450 _____ () C:\Users\owner\AppData\Roaming\sp_data.sys
2015-11-21 14:10 - 2015-11-21 14:16 - 0000000 ____H () C:\Users\owner\AppData\Local\BITE51B.tmp
2015-11-21 14:09 - 2015-11-21 14:10 - 0000107 _____ () C:\Users\owner\AppData\Local\{8ACC31CA-60C8-43FB-87DA-3FE626B5E8BC}
2012-08-22 00:06 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-22 00:06 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Some files in TEMP:
====================
C:\Users\owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptqkb7n.dll
C:\Users\owner\AppData\Local\Temp\setup.exe
C:\Users\owner\AppData\Local\Temp\sqlite3.dll
C:\Users\owner\AppData\Local\Temp\tmp8FB4.exe
C:\Users\owner\AppData\Local\Temp\tmpA749.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-15 06:19
==================== End of FRST.txt ============================
Ran by owner (administrator) on USER (24-11-2015 19:09:36)
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner & Administrator)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(AAA Internet Publishing, Inc.) C:\Program Files (x86)\WTFast\WTFast.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213328 2012-10-18] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-17] (Spotify Ltd)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [5255256 2015-09-14] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Spotify] => C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-17] (Spotify Ltd)
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: G - "G:\setup.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {33486513-085e-11e5-be77-6036dd96df6a} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {33487445-085e-11e5-be77-6036dd96df6a} - "G:\setup.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {47e853b3-e967-11e4-be9b-6036dd96df6a} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {9306f413-1a71-11e5-be7c-6036dd96df6a} - "E:\setup.exe"
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {9847de0c-2af1-11e5-be7f-6036dd96df6a} - "G:\setup.exe"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)
Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Winsock: Catalog9-x64 16 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A86A4DAE-D5FB-4CDC-BE7E-5533FF37E6DB}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com
HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-4053647124-3796825272-3454316862-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4053647124-3796825272-3454316862-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-07-21] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-21] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Extension: League of Legends Match History Fix - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\leaguematchfix@distilledchaos.addons.mozilla.org.xpi [2015-05-28]
FF Extension: Who Deleted Me - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\whodeletedme@deleted.io.xpi [2015-11-21]
FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-10] (Dropbox, Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-08] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
U0 msahci; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-24 19:09 - 2015-11-24 19:09 - 00017703 _____ C:\Users\owner\Desktop\FRST.txt
2015-11-24 19:08 - 2015-11-24 19:08 - 02348544 _____ (Farbar) C:\Users\owner\Downloads\FRST64(1).exe
2015-11-24 18:44 - 2015-11-24 18:46 - 00027118 _____ C:\Users\owner\Downloads\Addition.txt
2015-11-24 18:43 - 2015-11-24 19:09 - 00000000 ____D C:\FRST
2015-11-24 18:43 - 2015-11-24 18:46 - 00024058 _____ C:\Users\owner\Downloads\FRST.txt
2015-11-24 18:43 - 2015-11-24 18:43 - 02348544 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2015-11-24 18:37 - 2015-11-24 18:39 - 00000000 ____D C:\AdwCleaner
2015-11-24 18:37 - 2015-11-24 18:37 - 01733632 _____ C:\Users\owner\Downloads\AdwCleaner.exe
2015-11-24 18:16 - 2015-11-24 18:18 - 00002186 _____ C:\Users\owner\Desktop\Rkill.txt
2015-11-24 18:15 - 2015-11-24 18:15 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill.exe
2015-11-21 14:13 - 2015-11-21 14:14 - 00286640 _____ C:\WINDOWS\Minidump\112115-26328-01.dmp
2015-11-21 14:10 - 2015-11-21 14:16 - 00000000 ____H C:\Users\owner\AppData\Local\BITE51B.tmp
2015-11-21 14:09 - 2015-11-21 14:10 - 00000107 _____ C:\Users\owner\AppData\Local\{8ACC31CA-60C8-43FB-87DA-3FE626B5E8BC}
2015-11-12 14:50 - 2015-11-12 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-10 12:51 - 2015-11-16 14:09 - 00018725 _____ C:\Users\owner\Desktop\Union cover letter.odt
2015-11-03 15:08 - 2015-11-09 09:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-28 08:11 - 2015-10-28 08:11 - 00290536 _____ C:\WINDOWS\Minidump\102815-52937-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-24 19:02 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-24 18:51 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-24 18:46 - 2015-07-10 10:36 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-11-24 18:46 - 2012-07-26 02:28 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-24 18:42 - 2015-05-19 22:09 - 00000450 _____ C:\Users\owner\AppData\Roaming\sp_data.sys
2015-11-24 18:42 - 2012-12-28 12:00 - 01394100 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-24 18:40 - 2015-07-10 10:36 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-11-24 18:40 - 2012-07-26 02:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-24 18:39 - 2012-07-26 00:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-24 18:25 - 2012-08-01 20:20 - 00022366 _____ C:\WINDOWS\PFRO.log
2015-11-24 18:12 - 2015-07-10 10:50 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-24 18:12 - 2015-05-20 00:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-24 07:49 - 2015-05-19 22:27 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype
2015-11-24 01:17 - 2013-09-09 09:58 - 00000000 ____D C:\Users\owner\Desktop\LOL
2015-11-24 01:13 - 2015-06-08 13:38 - 00000258 __RSH C:\Users\owner\ntuser.pol
2015-11-24 01:13 - 2015-06-08 13:38 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-11-24 01:13 - 2015-05-19 22:02 - 00000000 ____D C:\Users\owner
2015-11-24 01:13 - 2012-07-26 03:12 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-11-24 00:53 - 2015-05-19 22:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-24 00:53 - 2015-05-19 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-24 00:53 - 2015-05-19 22:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-23 23:13 - 2015-05-19 22:39 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify
2015-11-23 22:16 - 2015-05-19 22:40 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify
2015-11-22 21:59 - 2015-07-10 10:39 - 00000000 ___RD C:\Users\owner\Dropbox
2015-11-22 21:58 - 2015-07-10 10:36 - 00000000 ____D C:\Users\owner\AppData\Local\Dropbox
2015-11-21 14:19 - 2012-07-26 02:21 - 00044393 _____ C:\WINDOWS\setupact.log
2015-11-21 14:13 - 2015-05-19 21:56 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-21 14:13 - 2015-05-19 21:55 - 612238929 _____ C:\WINDOWS\MEMORY.DMP
2015-11-19 19:40 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-11-16 20:24 - 2015-05-19 22:16 - 00000000 ____D C:\ProgramData\Skype
2015-11-12 14:50 - 2015-07-10 10:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-11 12:12 - 2015-05-20 00:11 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-09 09:12 - 2015-05-19 22:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
==================== Files in the root of some directories =======
2015-05-19 22:09 - 2015-11-24 18:42 - 0000450 _____ () C:\Users\owner\AppData\Roaming\sp_data.sys
2015-11-21 14:10 - 2015-11-21 14:16 - 0000000 ____H () C:\Users\owner\AppData\Local\BITE51B.tmp
2015-11-21 14:09 - 2015-11-21 14:10 - 0000107 _____ () C:\Users\owner\AppData\Local\{8ACC31CA-60C8-43FB-87DA-3FE626B5E8BC}
2012-08-22 00:06 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-22 00:06 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
Some files in TEMP:
====================
C:\Users\owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptqkb7n.dll
C:\Users\owner\AppData\Local\Temp\setup.exe
C:\Users\owner\AppData\Local\Temp\sqlite3.dll
C:\Users\owner\AppData\Local\Temp\tmp8FB4.exe
C:\Users\owner\AppData\Local\Temp\tmpA749.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-15 06:19
==================== End of FRST.txt ============================