Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Ran MWB, No Internet Connection
Message
<blockquote data-quote="BenNeedsHelp" data-source="post: 453150" data-attributes="member: 45756"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015</p><p>Ran by owner (administrator) on USER (24-11-2015 19:09:36)</p><p>Running from C:\Users\owner\Desktop</p><p>Loaded Profiles: owner (Available Profiles: owner & Administrator)</p><p>Platform: Windows 8 (X64) Language: English (United States)</p><p>Internet Explorer Version 10 (Default browser: FF)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(Microsoft Corporation) C:\Windows\System32\wlanext.exe</p><p>(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe</p><p>(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe</p><p>(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe</p><p>(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe</p><p>(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe</p><p>(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe</p><p>(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe</p><p>(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe</p><p>(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe</p><p>(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe</p><p>(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe</p><p>(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe</p><p>(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe</p><p>(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe</p><p>(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe</p><p>(AAA Internet Publishing, Inc.) C:\Program Files (x86)\WTFast\WTFast.exe</p><p>(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe</p><p>(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe</p><p>(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe</p><p>(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe</p><p>(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe</p><p>() C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe</p><p>(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe</p><p>(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe</p><p>(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe</p><p>(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p>(Microsoft Corporation) C:\Windows\System32\dllhost.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213328 2012-10-18] (Realtek Semiconductor)</p><p>HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp</p><p>HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)</p><p>HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)</p><p>HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)</p><p>Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)</p><p>HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-17] (Spotify Ltd)</p><p>HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [5255256 2015-09-14] (AAA Internet Publishing, Inc.)</p><p>HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)</p><p>HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)</p><p>HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Spotify] => C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-17] (Spotify Ltd)</p><p>HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: G - "G:\setup.exe"</p><p>HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {33486513-085e-11e5-be77-6036dd96df6a} - "E:\VZW_Software_upgrade_assistant.exe"</p><p>HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {33487445-085e-11e5-be77-6036dd96df6a} - "G:\setup.exe"</p><p>HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {47e853b3-e967-11e4-be9b-6036dd96df6a} - "E:\VZW_Software_upgrade_assistant.exe"</p><p>HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {9306f413-1a71-11e5-be7c-6036dd96df6a} - "E:\setup.exe"</p><p>HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {9847de0c-2af1-11e5-be7f-6036dd96df6a} - "G:\setup.exe"</p><p>ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)</p><p>Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)</p><p>Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)</p><p>Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)</p><p>Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex)</p><p>Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)</p><p>Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)</p><p>Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)</p><p>Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)</p><p>Winsock: Catalog9-x64 16 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p>Tcpip\..\Interfaces\{A86A4DAE-D5FB-4CDC-BE7E-5533FF37E6DB}: [DhcpNameServer] 192.168.1.1</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION</p><p>HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com</p><p>HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com</p><p>SearchScopes: HKU\S-1-5-21-4053647124-3796825272-3454316862-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>SearchScopes: HKU\S-1-5-21-4053647124-3796825272-3454316862-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =</p><p>BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation)</p><p>BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation)</p><p>Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-07-21] (Microsoft Corporation)</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default</p><p>FF DefaultSearchEngine.US: Google</p><p>FF Homepage: about:home</p><p>FF NetworkProxy: "type", 0</p><p>FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-21] (Microsoft Corporation)</p><p>FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)</p><p>FF Extension: League of Legends Match History Fix - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\leaguematchfix@distilledchaos.addons.mozilla.org.xpi [2015-05-28]</p><p>FF Extension: Who Deleted Me - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\whodeletedme@deleted.io.xpi [2015-11-21]</p><p>FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]</p><p></p><p>==================== Services (Whitelisted) ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)</p><p>R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation)</p><p>S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-10] (Dropbox, Inc.)</p><p>S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-10] (Dropbox, Inc.)</p><p>R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)</p><p>R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed]</p><p>R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)</p><p>S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)</p><p>S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()</p><p>S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation)</p><p>R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)</p><p></p><p>===================== Drivers (Whitelisted) ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)</p><p>R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)</p><p>R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-08] (Disc Soft Ltd)</p><p>S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)</p><p>R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )</p><p>R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)</p><p>S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)</p><p>R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)</p><p>R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()</p><p>R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)</p><p>S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Corporation)</p><p>S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Corporation)</p><p>R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)</p><p>U0 msahci; no ImagePath</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-11-24 19:09 - 2015-11-24 19:09 - 00017703 _____ C:\Users\owner\Desktop\FRST.txt</p><p>2015-11-24 19:08 - 2015-11-24 19:08 - 02348544 _____ (Farbar) C:\Users\owner\Downloads\FRST64(1).exe</p><p>2015-11-24 18:44 - 2015-11-24 18:46 - 00027118 _____ C:\Users\owner\Downloads\Addition.txt</p><p>2015-11-24 18:43 - 2015-11-24 19:09 - 00000000 ____D C:\FRST</p><p>2015-11-24 18:43 - 2015-11-24 18:46 - 00024058 _____ C:\Users\owner\Downloads\FRST.txt</p><p>2015-11-24 18:43 - 2015-11-24 18:43 - 02348544 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe</p><p>2015-11-24 18:37 - 2015-11-24 18:39 - 00000000 ____D C:\AdwCleaner</p><p>2015-11-24 18:37 - 2015-11-24 18:37 - 01733632 _____ C:\Users\owner\Downloads\AdwCleaner.exe</p><p>2015-11-24 18:16 - 2015-11-24 18:18 - 00002186 _____ C:\Users\owner\Desktop\Rkill.txt</p><p>2015-11-24 18:15 - 2015-11-24 18:15 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill.exe</p><p>2015-11-21 14:13 - 2015-11-21 14:14 - 00286640 _____ C:\WINDOWS\Minidump\112115-26328-01.dmp</p><p>2015-11-21 14:10 - 2015-11-21 14:16 - 00000000 ____H C:\Users\owner\AppData\Local\BITE51B.tmp</p><p>2015-11-21 14:09 - 2015-11-21 14:10 - 00000107 _____ C:\Users\owner\AppData\Local\{8ACC31CA-60C8-43FB-87DA-3FE626B5E8BC}</p><p>2015-11-12 14:50 - 2015-11-12 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox</p><p>2015-11-10 12:51 - 2015-11-16 14:09 - 00018725 _____ C:\Users\owner\Desktop\Union cover letter.odt</p><p>2015-11-03 15:08 - 2015-11-09 09:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2015-10-28 08:11 - 2015-10-28 08:11 - 00290536 _____ C:\WINDOWS\Minidump\102815-52937-01.dmp</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2015-11-24 19:02 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\system32\sru</p><p>2015-11-24 18:51 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\system32\NDF</p><p>2015-11-24 18:46 - 2015-07-10 10:36 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job</p><p>2015-11-24 18:46 - 2012-07-26 02:28 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2015-11-24 18:42 - 2015-05-19 22:09 - 00000450 _____ C:\Users\owner\AppData\Roaming\sp_data.sys</p><p>2015-11-24 18:42 - 2012-12-28 12:00 - 01394100 _____ C:\WINDOWS\WindowsUpdate.log</p><p>2015-11-24 18:40 - 2015-07-10 10:36 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job</p><p>2015-11-24 18:40 - 2012-07-26 02:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT</p><p>2015-11-24 18:39 - 2012-07-26 00:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI</p><p>2015-11-24 18:25 - 2012-08-01 20:20 - 00022366 _____ C:\WINDOWS\PFRO.log</p><p>2015-11-24 18:12 - 2015-07-10 10:50 - 00000000 ____D C:\Program Files\Microsoft Office 15</p><p>2015-11-24 18:12 - 2015-05-20 00:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job</p><p>2015-11-24 07:49 - 2015-05-19 22:27 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype</p><p>2015-11-24 01:17 - 2013-09-09 09:58 - 00000000 ____D C:\Users\owner\Desktop\LOL</p><p>2015-11-24 01:13 - 2015-06-08 13:38 - 00000258 __RSH C:\Users\owner\ntuser.pol</p><p>2015-11-24 01:13 - 2015-06-08 13:38 - 00000258 __RSH C:\ProgramData\ntuser.pol</p><p>2015-11-24 01:13 - 2015-05-19 22:02 - 00000000 ____D C:\Users\owner</p><p>2015-11-24 01:13 - 2012-07-26 03:12 - 00000000 ___RD C:\WINDOWS\Offline Web Pages</p><p>2015-11-24 00:53 - 2015-05-19 22:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys</p><p>2015-11-24 00:53 - 2015-05-19 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware</p><p>2015-11-24 00:53 - 2015-05-19 22:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware</p><p>2015-11-23 23:13 - 2015-05-19 22:39 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify</p><p>2015-11-23 22:16 - 2015-05-19 22:40 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify</p><p>2015-11-22 21:59 - 2015-07-10 10:39 - 00000000 ___RD C:\Users\owner\Dropbox</p><p>2015-11-22 21:58 - 2015-07-10 10:36 - 00000000 ____D C:\Users\owner\AppData\Local\Dropbox</p><p>2015-11-21 14:19 - 2012-07-26 02:21 - 00044393 _____ C:\WINDOWS\setupact.log</p><p>2015-11-21 14:13 - 2015-05-19 21:56 - 00000000 ____D C:\WINDOWS\Minidump</p><p>2015-11-21 14:13 - 2015-05-19 21:55 - 612238929 _____ C:\WINDOWS\MEMORY.DMP</p><p>2015-11-19 19:40 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent</p><p>2015-11-16 20:24 - 2015-05-19 22:16 - 00000000 ____D C:\ProgramData\Skype</p><p>2015-11-12 14:50 - 2015-07-10 10:36 - 00000000 ____D C:\Program Files (x86)\Dropbox</p><p>2015-11-11 12:12 - 2015-05-20 00:11 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater</p><p>2015-11-09 09:12 - 2015-05-19 22:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2015-05-19 22:09 - 2015-11-24 18:42 - 0000450 _____ () C:\Users\owner\AppData\Roaming\sp_data.sys</p><p>2015-11-21 14:10 - 2015-11-21 14:16 - 0000000 ____H () C:\Users\owner\AppData\Local\BITE51B.tmp</p><p>2015-11-21 14:09 - 2015-11-21 14:10 - 0000107 _____ () C:\Users\owner\AppData\Local\{8ACC31CA-60C8-43FB-87DA-3FE626B5E8BC}</p><p>2012-08-22 00:06 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd</p><p>2012-08-22 00:06 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe</p><p></p><p>Some files in TEMP:</p><p>====================</p><p>C:\Users\owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptqkb7n.dll</p><p>C:\Users\owner\AppData\Local\Temp\setup.exe</p><p>C:\Users\owner\AppData\Local\Temp\sqlite3.dll</p><p>C:\Users\owner\AppData\Local\Temp\tmp8FB4.exe</p><p>C:\Users\owner\AppData\Local\Temp\tmpA749.exe</p><p></p><p></p><p>==================== Bamital & volsnap =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\WINDOWS\system32\winlogon.exe => File is digitally signed</p><p>C:\WINDOWS\system32\wininit.exe => File is digitally signed</p><p>C:\WINDOWS\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\system32\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\system32\services.exe => File is digitally signed</p><p>C:\WINDOWS\system32\User32.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed</p><p>C:\WINDOWS\system32\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\system32\rpcss.dll => File is digitally signed</p><p>C:\WINDOWS\system32\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-11-15 06:19</p><p></p><p>==================== End of FRST.txt ============================</p></blockquote><p></p>
[QUOTE="BenNeedsHelp, post: 453150, member: 45756"] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015 Ran by owner (administrator) on USER (24-11-2015 19:09:36) Running from C:\Users\owner\Desktop Loaded Profiles: owner (Available Profiles: owner & Administrator) Platform: Windows 8 (X64) Language: English (United States) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (AAA Internet Publishing, Inc.) C:\Program Files (x86)\WTFast\WTFast.exe (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe () C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213328 2012-10-18] (Realtek Semiconductor) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.) HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Spotify Web Helper] => C:\Users\owner\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2344768 2015-11-17] (Spotify Ltd) HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [WTFast Tray] => C:\Program Files (x86)\WTFast\WTFast.exe [5255256 2015-09-14] (AAA Internet Publishing, Inc.) HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd) HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.) HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\Run: [Spotify] => C:\Users\owner\AppData\Roaming\Spotify\Spotify.exe [8281920 2015-11-17] (Spotify Ltd) HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: G - "G:\setup.exe" HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {33486513-085e-11e5-be77-6036dd96df6a} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {33487445-085e-11e5-be77-6036dd96df6a} - "G:\setup.exe" HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {47e853b3-e967-11e4-be9b-6036dd96df6a} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {9306f413-1a71-11e5-be7c-6036dd96df6a} - "E:\setup.exe" HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\...\MountPoints2: {9847de0c-2af1-11e5-be7f-6036dd96df6a} - "G:\setup.exe" ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex) Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex) Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex) Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex) Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\WTFastDrv.dll [72296 2015-04-08] (Initex) Winsock: Catalog9-x64 01 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex) Winsock: Catalog9-x64 02 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex) Winsock: Catalog9-x64 03 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex) Winsock: Catalog9-x64 04 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex) Winsock: Catalog9-x64 16 C:\Windows\system32\WTFastDrv.dll [79464 2015-04-08] (Initex) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{A86A4DAE-D5FB-4CDC-BE7E-5533FF37E6DB}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com HKU\S-1-5-21-4053647124-3796825272-3454316862-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com SearchScopes: HKU\S-1-5-21-4053647124-3796825272-3454316862-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-4053647124-3796825272-3454316862-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-10-13] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-13] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-07-21] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default FF DefaultSearchEngine.US: Google FF Homepage: about:home FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-21] (Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Extension: League of Legends Match History Fix - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\leaguematchfix@distilledchaos.addons.mozilla.org.xpi [2015-05-28] FF Extension: Who Deleted Me - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\whodeletedme@deleted.io.xpi [2015-11-21] FF Extension: Adblock Plus - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\aozab3kg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2797752 2015-10-13] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-10] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-10] (Dropbox, Inc.) R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd) R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-03-12] (Hi-Rez Studios) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [15440 2012-07-25] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-08] (Disc Soft Ltd) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( ) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation) R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] () R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34216 2012-07-25] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [258288 2012-07-25] (Microsoft Corporation) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) U0 msahci; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-24 19:09 - 2015-11-24 19:09 - 00017703 _____ C:\Users\owner\Desktop\FRST.txt 2015-11-24 19:08 - 2015-11-24 19:08 - 02348544 _____ (Farbar) C:\Users\owner\Downloads\FRST64(1).exe 2015-11-24 18:44 - 2015-11-24 18:46 - 00027118 _____ C:\Users\owner\Downloads\Addition.txt 2015-11-24 18:43 - 2015-11-24 19:09 - 00000000 ____D C:\FRST 2015-11-24 18:43 - 2015-11-24 18:46 - 00024058 _____ C:\Users\owner\Downloads\FRST.txt 2015-11-24 18:43 - 2015-11-24 18:43 - 02348544 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe 2015-11-24 18:37 - 2015-11-24 18:39 - 00000000 ____D C:\AdwCleaner 2015-11-24 18:37 - 2015-11-24 18:37 - 01733632 _____ C:\Users\owner\Downloads\AdwCleaner.exe 2015-11-24 18:16 - 2015-11-24 18:18 - 00002186 _____ C:\Users\owner\Desktop\Rkill.txt 2015-11-24 18:15 - 2015-11-24 18:15 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\owner\Downloads\rkill.exe 2015-11-21 14:13 - 2015-11-21 14:14 - 00286640 _____ C:\WINDOWS\Minidump\112115-26328-01.dmp 2015-11-21 14:10 - 2015-11-21 14:16 - 00000000 ____H C:\Users\owner\AppData\Local\BITE51B.tmp 2015-11-21 14:09 - 2015-11-21 14:10 - 00000107 _____ C:\Users\owner\AppData\Local\{8ACC31CA-60C8-43FB-87DA-3FE626B5E8BC} 2015-11-12 14:50 - 2015-11-12 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-11-10 12:51 - 2015-11-16 14:09 - 00018725 _____ C:\Users\owner\Desktop\Union cover letter.odt 2015-11-03 15:08 - 2015-11-09 09:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-10-28 08:11 - 2015-10-28 08:11 - 00290536 _____ C:\WINDOWS\Minidump\102815-52937-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-24 19:02 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\system32\sru 2015-11-24 18:51 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\system32\NDF 2015-11-24 18:46 - 2015-07-10 10:36 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2015-11-24 18:46 - 2012-07-26 02:28 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-24 18:42 - 2015-05-19 22:09 - 00000450 _____ C:\Users\owner\AppData\Roaming\sp_data.sys 2015-11-24 18:42 - 2012-12-28 12:00 - 01394100 _____ C:\WINDOWS\WindowsUpdate.log 2015-11-24 18:40 - 2015-07-10 10:36 - 00000912 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2015-11-24 18:40 - 2012-07-26 02:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-24 18:39 - 2012-07-26 00:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2015-11-24 18:25 - 2012-08-01 20:20 - 00022366 _____ C:\WINDOWS\PFRO.log 2015-11-24 18:12 - 2015-07-10 10:50 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-11-24 18:12 - 2015-05-20 00:11 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-11-24 07:49 - 2015-05-19 22:27 - 00000000 ____D C:\Users\owner\AppData\Roaming\Skype 2015-11-24 01:17 - 2013-09-09 09:58 - 00000000 ____D C:\Users\owner\Desktop\LOL 2015-11-24 01:13 - 2015-06-08 13:38 - 00000258 __RSH C:\Users\owner\ntuser.pol 2015-11-24 01:13 - 2015-06-08 13:38 - 00000258 __RSH C:\ProgramData\ntuser.pol 2015-11-24 01:13 - 2015-05-19 22:02 - 00000000 ____D C:\Users\owner 2015-11-24 01:13 - 2012-07-26 03:12 - 00000000 ___RD C:\WINDOWS\Offline Web Pages 2015-11-24 00:53 - 2015-05-19 22:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-11-24 00:53 - 2015-05-19 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-11-24 00:53 - 2015-05-19 22:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-11-23 23:13 - 2015-05-19 22:39 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify 2015-11-23 22:16 - 2015-05-19 22:40 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify 2015-11-22 21:59 - 2015-07-10 10:39 - 00000000 ___RD C:\Users\owner\Dropbox 2015-11-22 21:58 - 2015-07-10 10:36 - 00000000 ____D C:\Users\owner\AppData\Local\Dropbox 2015-11-21 14:19 - 2012-07-26 02:21 - 00044393 _____ C:\WINDOWS\setupact.log 2015-11-21 14:13 - 2015-05-19 21:56 - 00000000 ____D C:\WINDOWS\Minidump 2015-11-21 14:13 - 2015-05-19 21:55 - 612238929 _____ C:\WINDOWS\MEMORY.DMP 2015-11-19 19:40 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2015-11-16 20:24 - 2015-05-19 22:16 - 00000000 ____D C:\ProgramData\Skype 2015-11-12 14:50 - 2015-07-10 10:36 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-11-11 12:12 - 2015-05-20 00:11 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2015-11-09 09:12 - 2015-05-19 22:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2015-05-19 22:09 - 2015-11-24 18:42 - 0000450 _____ () C:\Users\owner\AppData\Roaming\sp_data.sys 2015-11-21 14:10 - 2015-11-21 14:16 - 0000000 ____H () C:\Users\owner\AppData\Local\BITE51B.tmp 2015-11-21 14:09 - 2015-11-21 14:10 - 0000107 _____ () C:\Users\owner\AppData\Local\{8ACC31CA-60C8-43FB-87DA-3FE626B5E8BC} 2012-08-22 00:06 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd 2012-08-22 00:06 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe Some files in TEMP: ==================== C:\Users\owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptqkb7n.dll C:\Users\owner\AppData\Local\Temp\setup.exe C:\Users\owner\AppData\Local\Temp\sqlite3.dll C:\Users\owner\AppData\Local\Temp\tmp8FB4.exe C:\Users\owner\AppData\Local\Temp\tmpA749.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-15 06:19 ==================== End of FRST.txt ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top