TechSpot

Malware tries to download cab file. Avast! can only block the download but cannot clean the malware

By NTTDHSG
May 5, 2016
  1. Recently I always get the prompt that Avast! has blocked a downloading. The IP is from Vietnam, the file has the format 113.x.x.x/videoplayer/filename.cab?(some gibberish text). I scanned the computer with Avast! but it didn't remove the malware. Please help me to clean my computer.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016
    Ran by HP (administrator) on LAPTOP (05-05-2016 20:42:04)
    Running from C:\Users\HP\Desktop
    Loaded Profiles: HP (Available Profiles: HP)
    Platform: Windows 8.1 Single Language (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    () C:\Program Files\UniKey\UniKeyNT.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII0E.EXE
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Dropbox, Inc.) C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [704344 2015-02-05] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-01-14] (Realtek Semiconductor)
    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-29] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-29] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-29] (Hewlett-Packard)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-09] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7390608 2016-04-16] (AVAST Software)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-22] (Tonec Inc.)
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\Run: [UniKey] => C:\Program Files\UniKey\UniKeyNT.exe [316928 2009-11-02] ()
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\Run: [Dropbox Update] => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII0E.EXE [283232 2015-01-14] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\MountPoints2: F - "F:\SETUP.EXE"
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-13] (AVAST Software)
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
    Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-16]
    ShortcutTarget: Dropbox.lnk -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{A0E9E119-B625-4F23-812E-F47C23083CEC}: [DhcpNameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{A313D867-EF33-4927-84D1-D85252822AED}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{A313D867-EF33-4927-84D1-D85252822AED}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-12-05] (Internet Download Manager, Tonec Inc.)
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-13] (AVAST Software)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-12-05] (Internet Download Manager, Tonec Inc.)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-13] (AVAST Software)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8kg3s5rq.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-08-14] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
    FF Extension: IDM CC - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8kg3s5rq.default\Extensions\mozilla_cc@internetdownloadmanager.com [2015-06-22] [not signed]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-13]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-13]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\HP\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\HP\AppData\Roaming\IDM\idmmzcc5 [2016-04-13] [not signed]
    FF HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\HP\AppData\Roaming\IDM\idmmzcc5

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp
    CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> search.ask.com
    CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
    CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22]
    CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22]
    CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
    CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
    CHR Extension: (Avast SafePrice) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-30]
    CHR Extension: (Google Sheets) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22]
    CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
    CHR Extension: (Avast Online Security) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-13]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
    CHR HKLM\...\Chrome\Extension: [aaaaajhmeplfccacopbgpfaibalfnhcb] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaajhmeplfccacopbgpfaibalfnhcb.crx <not found>
    CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-03-11]
    CHR HKU\S-1-5-21-1598329037-492615392-174970370-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [aaaaajhmeplfccacopbgpfaibalfnhcb] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaajhmeplfccacopbgpfaibalfnhcb.crx <not found>
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-13]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-13]
    CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-03-11]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2015-02-05] (Alps Electric Co., Ltd.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-04-13] (AVAST Software)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-08-14] (WildTangent)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
    R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-09] (Hewlett-Packard Development Company, L.P.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-09] (Intel Corporation)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-29] (Softex Inc.) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    S3 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
    S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-13] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-13] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-13] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-13] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-13] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-13] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-04-13] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-04-13] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-04-13] (AVAST Software)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
    S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
    R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-25] (Ralink Technology, Corp.)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Development Company, L.P.)
    S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-05 20:42 - 2016-05-05 20:43 - 00023189 _____ C:\Users\HP\Desktop\FRST.txt
    2016-05-05 20:41 - 2016-05-05 20:42 - 00000000 ____D C:\FRST
    2016-05-05 20:40 - 2016-05-05 20:40 - 02379776 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
    2016-04-16 05:47 - 2016-04-16 05:47 - 00000000 ____D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-04-15 10:16 - 2016-03-04 02:28 - 07452512 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-04-15 10:16 - 2016-03-04 02:27 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-04-15 10:16 - 2016-03-04 02:27 - 01663192 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-04-15 10:16 - 2016-03-04 02:27 - 01523216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2016-04-15 10:16 - 2016-03-04 02:27 - 01490128 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-04-15 10:16 - 2016-03-04 02:27 - 01358960 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2016-04-15 10:16 - 2016-03-04 01:38 - 01501496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-04-15 10:16 - 2016-03-04 01:29 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
    2016-04-15 10:16 - 2016-03-03 23:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
    2016-04-15 09:21 - 2016-03-03 23:47 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2016-04-15 09:21 - 2016-03-03 23:33 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2016-04-15 09:21 - 2016-03-03 08:39 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2016-04-15 09:21 - 2016-03-03 08:39 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2016-04-15 09:20 - 2016-03-16 06:00 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-04-15 09:20 - 2016-03-15 21:14 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-04-15 09:20 - 2016-03-11 21:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2016-04-15 09:20 - 2016-03-11 01:22 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-04-15 09:20 - 2016-03-11 01:21 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-04-15 09:20 - 2016-03-11 01:20 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-04-15 09:20 - 2016-03-11 00:44 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-04-15 09:20 - 2016-03-11 00:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-04-15 09:20 - 2016-03-11 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2016-04-15 09:20 - 2016-03-10 23:48 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
    2016-04-15 09:19 - 2016-03-31 07:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-04-15 09:19 - 2016-03-31 07:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-04-15 09:19 - 2016-03-31 07:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-04-15 09:19 - 2016-03-31 07:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-04-15 09:19 - 2016-03-31 07:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-04-15 09:19 - 2016-03-31 07:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-04-15 09:19 - 2016-03-31 06:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2016-04-15 09:19 - 2016-03-31 06:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-04-15 09:19 - 2016-03-31 06:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-04-15 09:19 - 2016-03-31 06:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-04-15 09:19 - 2016-03-31 06:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-04-15 09:19 - 2016-03-31 06:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-04-15 09:19 - 2016-03-31 06:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-04-15 09:19 - 2016-03-31 06:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-04-15 09:19 - 2016-03-31 06:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-04-15 09:19 - 2016-03-31 06:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-04-15 09:19 - 2016-03-31 06:43 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-04-15 09:19 - 2016-03-31 06:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-04-15 09:19 - 2016-03-31 06:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-04-15 09:19 - 2016-03-31 06:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-04-15 09:19 - 2016-03-31 06:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-04-15 09:19 - 2016-03-31 06:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-04-15 09:19 - 2016-03-31 06:30 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2016-04-15 09:19 - 2016-03-31 06:27 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-04-15 09:19 - 2016-03-31 06:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-04-15 09:19 - 2016-03-31 06:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-04-15 09:19 - 2016-03-31 06:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-04-15 09:19 - 2016-03-31 06:23 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-04-15 09:19 - 2016-03-31 06:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-04-15 09:19 - 2016-03-31 06:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-04-15 09:19 - 2016-03-31 06:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-04-15 09:19 - 2016-03-31 06:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-04-15 09:19 - 2016-03-31 06:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-04-15 09:19 - 2016-03-31 06:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-04-15 09:19 - 2015-12-04 02:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-04-15 09:15 - 2016-03-29 21:05 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-04-15 08:45 - 2016-04-15 08:45 - 05934784 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2016-04-13 22:42 - 2016-04-13 22:42 - 00007653 _____ C:\Users\HP\AppData\Local\Resmon.ResmonCfg
    2016-04-13 22:35 - 2016-04-13 22:35 - 00003044 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1460274905
    2016-04-13 22:35 - 2016-04-13 22:35 - 00001060 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2016-04-13 22:35 - 2016-04-13 22:35 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-04-13 22:29 - 2016-05-03 15:53 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-04-13 22:29 - 2016-05-03 15:53 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-04-13 22:26 - 2016-04-13 22:27 - 00987728 _____ (Google Inc.) C:\Users\HP\Downloads\ChromeSetup.exe
    2016-04-13 22:20 - 2016-04-13 22:18 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2016-04-13 22:19 - 2016-04-13 22:19 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-04-13 22:19 - 2016-04-13 22:19 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
    2016-04-13 20:40 - 2016-04-13 21:04 - 00000000 ____D C:\Windows\pss
    2016-04-12 10:35 - 2016-04-13 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
    2016-04-12 10:35 - 2016-04-13 21:05 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
    2016-04-12 10:35 - 2016-04-12 10:35 - 00000000 ____D C:\Users\HP\AppData\Roaming\URSoft
    2016-04-06 11:18 - 2016-04-13 21:05 - 00000000 ____D C:\ProgramData\Apple Computer
    2016-04-06 11:18 - 2016-04-13 21:05 - 00000000 ____D C:\Program Files\iTunes
    2016-04-06 11:18 - 2016-04-13 21:05 - 00000000 ____D C:\Program Files\iPod
    2016-04-06 11:18 - 2016-04-13 21:05 - 00000000 ____D C:\Program Files (x86)\iTunes
    2016-04-06 11:18 - 2016-04-06 11:39 - 00000000 ____D C:\Users\HP\AppData\Roaming\Apple Computer
    2016-04-06 11:18 - 2016-04-06 11:18 - 00000000 ____D C:\Users\HP\AppData\Local\Apple Computer
    2016-04-06 11:15 - 2016-04-06 11:15 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2016-04-06 11:15 - 2016-04-06 11:15 - 00000000 ____D C:\Windows\System32\Tasks\Apple
    2016-04-06 11:15 - 2016-04-06 11:15 - 00000000 ____D C:\Users\HP\AppData\Local\Apple
    2016-04-06 11:15 - 2016-04-06 11:15 - 00000000 ____D C:\Program Files\Bonjour
    2016-04-06 11:15 - 2016-04-06 11:15 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2016-04-06 11:15 - 2016-04-06 11:15 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2016-04-06 11:14 - 2016-04-06 11:15 - 00000000 ____D C:\Program Files\Common Files\Apple
    2016-04-06 11:10 - 2016-04-06 11:12 - 169713992 _____ (Apple Inc.) C:\Users\HP\Downloads\iTunes6464Setup.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-05 20:40 - 2014-12-26 09:25 - 00000000 ____D C:\Users\HP\AppData\Roaming\IDM
    2016-05-05 20:35 - 2014-03-18 16:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-05-05 20:35 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\Inf
    2016-05-05 20:05 - 2016-02-22 13:06 - 00000000 ___RD C:\Users\HP\Google Drive
    2016-05-05 20:05 - 2014-12-29 18:09 - 00000000 ___RD C:\Users\HP\Dropbox
    2016-05-05 20:03 - 2014-12-24 19:58 - 00000000 ____D C:\Users\HP\Documents\Youcam
    2016-05-05 20:02 - 2015-06-22 20:37 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-05-05 20:02 - 2014-12-26 10:14 - 00000000 ___RD C:\Users\HP\OneDrive
    2016-05-05 20:02 - 2014-12-24 21:12 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-05-05 16:06 - 2014-12-26 09:25 - 00000000 ____D C:\Users\HP\AppData\Roaming\DMCache
    2016-05-05 15:50 - 2014-12-24 21:12 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-05-05 15:46 - 2015-06-16 15:36 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001UA.job
    2016-05-05 15:45 - 2014-12-24 22:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-05-05 14:57 - 2014-12-24 20:00 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1598329037-492615392-174970370-1001
    2016-05-05 14:42 - 2013-08-22 22:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-05-05 14:42 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-05-04 21:09 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\system32\FxsTmp
    2016-05-02 23:09 - 2016-03-17 22:25 - 00003142 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHP
    2016-05-02 23:09 - 2016-03-12 20:49 - 00000334 _____ C:\Windows\Tasks\HPCeeScheduleForHP.job
    2016-05-02 13:46 - 2015-06-16 15:36 - 00000868 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001Core.job
    2016-04-30 11:34 - 2013-08-22 22:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-04-30 11:33 - 2014-12-27 23:22 - 00000000 ____D C:\Windows\system32\MRT
    2016-04-30 11:27 - 2014-12-27 23:22 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-04-29 19:51 - 2016-02-22 13:03 - 00002065 _____ C:\Users\Public\Desktop\Google Slides.lnk
    2016-04-29 19:51 - 2016-02-22 13:03 - 00002063 _____ C:\Users\Public\Desktop\Google Sheets.lnk
    2016-04-29 19:51 - 2016-02-22 13:03 - 00002053 _____ C:\Users\Public\Desktop\Google Docs.lnk
    2016-04-29 19:51 - 2016-02-22 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2016-04-26 22:22 - 2013-08-22 21:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-04-26 22:19 - 2013-08-22 20:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2016-04-26 19:36 - 2014-12-25 18:54 - 00000000 ____D C:\Users\HP\AppData\Local\Packages
    2016-04-26 19:11 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\system32\NDF
    2016-04-17 16:27 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\rescache
    2016-04-16 21:10 - 2013-08-22 21:44 - 00481528 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-04-16 05:50 - 2014-12-29 17:25 - 00000000 ____D C:\Users\HP\AppData\Roaming\Dropbox
    2016-04-16 05:48 - 2015-06-16 15:36 - 00000000 ____D C:\Users\HP\AppData\Local\Dropbox
    2016-04-15 22:32 - 2014-12-26 11:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2016-04-15 22:27 - 2013-08-22 20:25 - 00000199 _____ C:\Windows\win.ini
    2016-04-15 08:45 - 2014-12-24 22:17 - 00003582 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-04-14 01:00 - 2015-06-29 22:33 - 00001862 _____ C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe
    2016-04-14 01:00 - 2015-06-16 15:36 - 00003146 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001UA
    2016-04-14 01:00 - 2015-06-16 15:36 - 00002766 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001Core
    2016-04-14 01:00 - 2014-11-17 02:34 - 00002100 _____ C:\Windows\System32\Tasks\CLVDLauncher
    2016-04-14 01:00 - 2014-11-17 02:34 - 00002100 _____ C:\Windows\System32\Tasks\CLMLSvc_P2G8
    2016-04-14 01:00 - 2014-11-17 02:32 - 00002096 _____ C:\Windows\System32\Tasks\YCMServiceAgent
    2016-04-13 22:21 - 2015-06-22 20:37 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
    2016-04-13 22:19 - 2015-06-22 20:37 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2016-04-13 22:19 - 2015-06-22 20:37 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2016-04-13 22:19 - 2015-06-22 20:37 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2016-04-13 22:19 - 2015-06-22 20:37 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2016-04-13 22:19 - 2015-06-22 20:37 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2016-04-13 22:19 - 2015-06-22 20:37 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2016-04-13 22:18 - 2015-06-22 20:37 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2016-04-13 22:14 - 2015-06-22 20:37 - 00001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-04-13 22:03 - 2014-12-25 18:54 - 00000000 ____D C:\Users\HP
    2016-04-13 21:05 - 2015-12-05 11:10 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2016-04-13 21:05 - 2015-10-03 20:05 - 00000000 ___SD C:\Windows\system32\XTgt
    2016-04-13 21:05 - 2015-04-19 19:41 - 00000000 ___SD C:\Windows\system32\GWX
    2016-04-13 21:05 - 2015-01-21 22:48 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork
    2016-04-13 21:05 - 2014-12-26 09:25 - 00000000 ____D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2016-04-13 21:05 - 2014-12-26 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2016-04-13 21:05 - 2014-12-26 09:25 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
    2016-04-13 21:05 - 2013-08-22 22:36 - 00000000 ____D C:\Program Files\Windows Defender
    2016-04-13 20:56 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\registration
    2016-04-13 20:53 - 2015-03-01 20:37 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-04-13 20:53 - 2015-01-21 22:48 - 00000000 ____D C:\Users\HP\AppData\Local\AskPartnerNetwork
    2016-04-13 20:51 - 2014-12-26 11:47 - 00000000 ____D C:\Program Files\Microsoft Office
    2016-04-13 20:49 - 2015-06-22 20:34 - 00000000 ____D C:\Program Files\AVAST Software
    2016-04-13 20:49 - 2014-12-26 11:47 - 00000000 __RHD C:\MSOCache
    2016-04-13 17:40 - 2015-09-18 08:14 - 00000000 ____D C:\Users\HP\Desktop\TÂM LÝ HỌC PHÁT TRIỂN
    2016-04-10 22:40 - 2016-03-12 20:58 - 00000000 ____D C:\Users\HP\Desktop\Video Note 3
    2016-04-06 11:15 - 2014-11-17 02:25 - 00000000 ____D C:\ProgramData\Apple
    2016-04-06 04:53 - 2016-03-18 20:35 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-04-06 04:53 - 2016-03-18 20:35 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Files in the root of some directories =======

    2015-10-19 21:34 - 2015-10-19 21:34 - 0002081 _____ () C:\Users\HP\AppData\Local\recently-used.xbel
    2016-04-13 22:42 - 2016-04-13 22:42 - 0007653 _____ () C:\Users\HP\AppData\Local\Resmon.ResmonCfg

    Some files in TEMP:
    ====================
    C:\Users\HP\AppData\Local\Temp\COMAP.EXE
    C:\Users\HP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwsalwn.dll
    C:\Users\HP\AppData\Local\Temp\handbrake-setup.exe
    C:\Users\HP\AppData\Local\Temp\HPSFUpdater.exe
    C:\Users\HP\AppData\Local\Temp\ose00000.exe
    C:\Users\HP\AppData\Local\Temp\qing_update.exe
    C:\Users\HP\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\HP\AppData\Local\Temp\swt-gdip-win32-3452.dll
    C:\Users\HP\AppData\Local\Temp\swt-win32-3452.dll
    C:\Users\HP\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\HP\AppData\Local\Temp\uttA480.tmp.exe
    C:\Users\HP\AppData\Local\Temp\uttD96D.tmp.exe
    C:\Users\HP\AppData\Local\Temp\{79F2C1EF-0AD5-4A5E-9AD0-B0876D584AC8}-49.0.2623.110_49.0.2623.87_chrome_updater.exe
    C:\Users\HP\AppData\Local\Temp\{D6FADA52-AF04-4558-8282-67B5E12C320E}-DropboxClient_3.8.5.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-05-01 23:52

    ==================== End of FRST.txt ============================
     
  2. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-05-2016
    Ran by HP (2016-05-05 20:43:56)
    Running from C:\Users\HP\Desktop
    Windows 8.1 Single Language (X64) (2014-12-25 11:53:49)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1598329037-492615392-174970370-500 - Administrator - Disabled)
    Guest (S-1-5-21-1598329037-492615392-174970370-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1598329037-492615392-174970370-1003 - Limited - Enabled)
    HP (S-1-5-21-1598329037-492615392-174970370-1001 - Administrator - Enabled) => C:\Users\HP

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
    Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1202.1711.102 - Alps Electric)
    Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2261 - AVAST Software)
    Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Dropbox (HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
    Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
    Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
    EPSON L350 Series Printer Uninstall (HKLM\...\EPSON L350 Series) (Version: - SEIKO EPSON Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    Epson User's Guide L350 Series (HKLM-x32\...\L350 Series Useg) (Version: - )
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
    GiaPhaVN (HKLM-x32\...\{4A4E3056-B2FB-4E99-9430-CDEF18270070}) (Version: 1.0.0 - HienNH)
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
    Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
    HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
    HP Documentation (HKLM-x32\...\{3BAA7681-EF42-4FEC-84FC-87BA815492A4}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.2.8.17 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
    Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.24.1790 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Mediatek Bluetooth (HKLM\...\{16BCAEDC-C115-1729-07C4-7A0091C699A6}) (Version: 11.0.749.0 - Mediatek)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.)
    Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    SafeZone Stable 1.48.2066.98 (x32 Version: 1.48.2066.98 - Avast Software) Hidden
    Search App by Ask (HKLM-x32\...\{4254522D-5350-006A-76A7-A75C790C1D00}) (Version: 12.29.0.1481 - APN, LLC) <==== ATTENTION
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
    Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
    UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version: - )
    UniKey 4.0 RC2 (build 1101) (HKLM-x32\...\{AC006985-A51F-42AC-A7E9-5E66D8AC8063}_is1) (Version: - Pham Kim Long)
    Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0254AED4-5CEA-4B4F-8D96-18F7F68B8C5E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {0B447B80-75AD-4570-B6F4-DB95DBC10335} - System32\Tasks\SafeZone scheduled Autoupdate 1460274905 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-03-30] (Avast Software)
    Task: {0B815135-93F1-420B-9991-FB11227DCD4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
    Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
    Task: {1D41BD63-FEE2-47E8-8566-D6109EE4D0B7} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
    Task: {286F649F-340C-4724-AD68-7E4EE8AF7C46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {2AF69CF1-0053-4981-A1DA-7F75287F456C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-04-30] (Microsoft Corporation)
    Task: {2C740E4B-1B37-497A-8179-2B9CE8A58000} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
    Task: {5B710EEE-6DDB-46D2-8184-8802B9BB3D45} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
    Task: {5FF1ED16-785C-4C26-8C31-FC810B40D61E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {69E51123-7E96-4374-8152-33453747F925} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
    Task: {6ECFE8B4-6ABA-4778-AB95-415706BC0FF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
    Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
    Task: {76EA7CC6-6C3C-43D6-9BC5-961264B5D806} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
    Task: {780BD1E5-F944-4582-A7F6-2BFBE344134F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-15] (Adobe Systems Incorporated)
    Task: {7B6B4D6B-DB27-4B08-A191-FD00DD104303} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {8F76F688-AF66-46D2-8FC0-7ECEDF623F0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
    Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
    Task: {CC079CB2-79A6-4E2F-846C-0CE19631267F} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
    Task: {CD751C57-4926-4499-ADC1-7AA8ABC989A5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001Core => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
    Task: {D0FEFFCF-2844-41C0-9EB9-092E2A4A9E17} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-12] (AVAST Software)
    Task: {DA3B719A-D2B6-4419-890B-A896957D01A9} - System32\Tasks\Microsoft\Windows\Setup\xtgt\refreshxtgtconfig => C:\Windows\system32\XTgt\XTgtMgr.exe [2015-10-03] (Microsoft Corporation)
    Task: {E38E12AE-967C-449F-AA42-887C80EE4E0C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001UA => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {E3C4D030-0271-4D25-AB6F-49345BB4D6D1} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
    Task: {E71FFD0C-D938-45A4-883C-52DA6EDAD09D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {E9ADE27E-9938-48DE-8143-DE3DB6305AC7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
    Task: {F551F88B-7D48-45F3-B24A-452511B948D3} - System32\Tasks\HPCeeScheduleForHP => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {F7F276E7-068D-49DB-AE93-BEC485D1A8D1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-04-13] (AVAST Software)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001Core.job => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001UA.job => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForHP.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
     
  3. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2014-03-29 03:31 - 2014-03-29 03:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2014-03-29 03:27 - 2014-03-29 03:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2014-03-29 03:27 - 2014-03-29 03:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2014-03-29 03:27 - 2014-03-29 03:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2014-03-29 03:48 - 2014-03-29 03:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2014-03-29 03:48 - 2014-03-29 03:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-12-24 21:24 - 2009-11-02 00:43 - 00296960 _____ () C:\Program Files\UniKey\UKHook40.dll
    2014-03-29 03:36 - 2014-03-29 03:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    2014-12-24 21:24 - 2009-11-02 00:43 - 00316928 _____ () C:\Program Files\UniKey\UniKeyNT.exe
    2016-04-13 22:18 - 2016-04-13 22:18 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-04-13 22:18 - 2016-04-13 22:18 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-04-26 18:35 - 2016-04-26 18:35 - 02890752 _____ () C:\Program Files\AVAST Software\Avast\defs\16042601\algo.dll
    2016-04-13 22:18 - 2016-04-13 22:18 - 00478144 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-05-05 14:43 - 2016-05-05 14:43 - 02892288 _____ () C:\Program Files\AVAST Software\Avast\defs\16050404\algo.dll
    2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-11-17 02:34 - 2013-08-05 14:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-08-06 06:48 - 2013-08-06 06:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2016-03-19 20:55 - 2016-03-22 04:50 - 00034768 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
    2016-04-16 05:47 - 2016-03-22 04:51 - 00019408 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\faulthandler.pyd
    2016-04-16 05:47 - 2016-03-22 04:50 - 00116688 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\pywintypes27.dll
    2016-03-19 20:55 - 2016-03-22 04:50 - 00093640 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_ctypes.pyd
    2016-03-19 20:55 - 2016-03-22 04:50 - 00018376 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\select.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00019760 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00105928 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32api.pyd
    2016-04-16 05:47 - 2016-03-22 04:50 - 00392144 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\pythoncom27.dll
    2016-03-19 20:55 - 2016-04-09 01:20 - 00381752 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
    2016-03-19 20:55 - 2016-03-22 04:50 - 00692688 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\unicodedata.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00020816 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
    2016-03-19 20:55 - 2016-03-22 04:51 - 00112592 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 01682760 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00020808 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00021840 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00038696 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\fastpath.pyd
    2016-04-16 05:47 - 2016-03-22 04:52 - 00020936 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\mmapfile.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00024528 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32event.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00114640 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32security.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00124880 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32file.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00021832 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00024016 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00175560 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32gui.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00030160 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32pipe.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00043472 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32process.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00028616 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32ts.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00048592 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32service.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00026456 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00057808 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00024016 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32profile.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00117056 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00023376 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
    2016-03-19 20:55 - 2016-03-22 04:50 - 00134608 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_elementtree.pyd
    2016-04-16 05:47 - 2016-03-22 04:50 - 00134088 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\pyexpat.pyd
    2016-04-16 05:47 - 2016-03-22 04:51 - 00240584 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\jpegtran.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00024392 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
    2016-04-16 05:47 - 2016-03-22 04:52 - 00036296 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\librsync.dll
    2016-04-16 05:47 - 2016-04-09 01:19 - 00052024 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00020800 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00021824 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00019776 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00020800 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00020280 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00350152 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winxpgui.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00022352 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00084280 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
    2016-04-16 05:47 - 2016-04-09 01:20 - 01826096 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
    2016-03-19 20:55 - 2016-03-22 04:51 - 00083912 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\sip.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 03928880 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 01971504 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00531248 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00132912 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00223544 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00207672 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00158008 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00042808 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
    2016-04-16 05:47 - 2016-03-22 04:54 - 00017864 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\libEGL.dll
    2016-04-16 05:47 - 2016-03-22 04:54 - 01631184 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2016-03-19 20:55 - 2016-04-09 01:20 - 00024904 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00546096 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00357680 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
    2016-03-19 20:55 - 2016-03-22 04:56 - 00697304 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
    2016-05-05 20:02 - 2016-05-05 20:02 - 00098816 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\win32api.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00110080 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\pywintypes27.dll
    2016-05-05 20:02 - 2016-05-05 20:02 - 00364544 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\pythoncom27.dll
    2016-05-05 20:02 - 2016-05-05 20:02 - 00320512 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\win32com.shell.shell.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00776704 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\_hashlib.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 01176576 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\wx._core_.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00806400 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\wx._gdi_.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00816128 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\wx._windows_.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 01067008 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\wx._controls_.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00733184 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\wx._misc_.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00682496 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\pysqlite2._sqlite.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00088064 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\_ctypes.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00119808 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\win32file.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00108544 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\win32security.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00007168 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\hashobjs_ext.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00017920 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\thumbnails_ext.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00088064 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\usb_ext.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00167936 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\win32gui.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00018432 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\win32event.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00046080 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\_socket.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 01208320 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\_ssl.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00128512 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\_elementtree.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00127488 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\pyexpat.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00012288 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\common.time34.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00038912 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\win32inet.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00036864 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\_psutil_windows.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00525208 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\windows._lib_cacheinvalidation.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00011264 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\win32crypt.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00077312 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\wx._html2.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00027136 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\_multiprocessing.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00020480 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\_yappi.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00035840 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\win32process.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00686080 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\unicodedata.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00078848 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\wx._animate.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00123392 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\wx._wizard.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00024064 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\win32pipe.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00010240 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\select.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00025600 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\win32pdh.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00017408 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\win32profile.pyd
    2016-05-05 20:02 - 2016-05-05 20:02 - 00022528 ____R () C:\Users\HP\AppData\Local\Temp\_MEI10561402\win32ts.pyd
    2016-04-13 22:19 - 2016-04-13 22:19 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [152]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 20:25 - 2013-08-22 20:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1598329037-492615392-174970370-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{7C4F4A9C-C66A-4914-B352-651DFE7EC187}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{2233C16B-198E-47E7-96E1-476D6ED93532}] => (Allow) LPort=2869
    FirewallRules: [{FB2A6B0F-86C2-40D7-891E-B28E06DE8C00}] => (Allow) LPort=1900
    FirewallRules: [{92659DBB-1A12-49E3-BC5C-D211AF0A5A07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4D262E64-213C-4262-9673-CF23865AB6C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{10A11DD3-58D3-4B12-9C3E-7D00895F4AD3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{25FEDF4A-B0F7-41DC-8A7E-C41923651C10}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{0BDDF702-B4B9-43A0-86CE-44228400C214}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{5818C876-52EF-43C2-8A11-EF9D3AFEB746}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{FA62801F-E3CA-4F03-8BB7-63C55B5190EC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{7ACEC53C-6C78-421F-87AE-A694050DB157}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{A680D8AC-6847-4315-BBAC-2A4D3C127CA6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{0FD35EEE-BEF5-47F2-8A80-CC9C43AC2EBE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{9BF460AD-DF61-4CEA-B45C-61D4BFD1AD42}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{A86C39F5-4770-464F-B9EE-DE1CB9C6DBCA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{D18513CD-A8D5-4366-9196-E273B1BA16E2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{62117556-BBA8-47A6-98B6-49FB52566D33}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{5D5F0B38-2F25-4D79-B365-0AD17E78C706}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{0908F683-DB00-46E1-9543-19D0FBF7695E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{3869FFE7-A59D-4336-A0D5-9475ACE6B65B}C:\users\hp\downloads\compressed\sinhvienit.net---office2013.32.64.bit.full.crack\activator\qemu\qemu.exe] => (Allow) C:\users\hp\downloads\compressed\sinhvienit.net---office2013.32.64.bit.full.crack\activator\qemu\qemu.exe
    FirewallRules: [UDP Query User{D10B8422-64A7-4EE6-B415-B97ED0B7B1E0}C:\users\hp\downloads\compressed\sinhvienit.net---office2013.32.64.bit.full.crack\activator\qemu\qemu.exe] => (Allow) C:\users\hp\downloads\compressed\sinhvienit.net---office2013.32.64.bit.full.crack\activator\qemu\qemu.exe
    FirewallRules: [{E52BB43B-D992-4F6F-AC13-6A5890EF6564}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{4235DCBF-409D-40FB-975D-22C3CAB9706A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{7CCF648E-CDC3-4449-94D5-CEBF0E404709}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{AE409DA7-4FBB-4DE7-9078-4109082A3DC5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{A62FF04C-A2AD-42AB-91FB-3E002AA91E66}] => (Allow) C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{3631E1C6-BB00-40C5-B191-4C46E2FA0FA2}] => (Allow) C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{09F9D824-945E-49AB-9970-DDE82E2CAE33}C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{9879DEB2-0012-4ABD-BB72-6256B92D1E9A}C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{4A12EB45-2D54-4065-885A-F33B8412EEDA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{884F34C4-56C0-4A31-A124-08FDCD39733B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C7128481-4BEB-4A37-B02D-78C083B08D13}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{DAEEF494-31AC-4CB4-B5FC-B6B7AFDF3EF3}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{C00E793F-02BF-40DB-A7A6-22C8F210CB8A}C:\games\starcraft ii\starfriend\starfriend_client.exe] => (Allow) C:\games\starcraft ii\starfriend\starfriend_client.exe
    FirewallRules: [UDP Query User{F6D1BF9F-B036-4C73-A360-57377A36C9F5}C:\games\starcraft ii\starfriend\starfriend_client.exe] => (Allow) C:\games\starcraft ii\starfriend\starfriend_client.exe
    FirewallRules: [{C1B4A140-7B2F-41D9-8816-D5066230FAF5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
    FirewallRules: [{055448C3-8DE1-42B7-84DD-FFC3BB159632}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
    FirewallRules: [TCP Query User{A278D33F-2A7B-4ED4-BB93-18E195681EAD}C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe] => (Allow) C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe
    FirewallRules: [UDP Query User{91124577-ECC7-428A-97F6-3742AA99548B}C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe] => (Allow) C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe
    FirewallRules: [TCP Query User{2032F081-3A50-426D-A5BC-08236E5E2E01}C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe] => (Allow) C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe
    FirewallRules: [UDP Query User{9D7212B8-5661-43AC-9CFB-4A00A0953EB0}C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe] => (Allow) C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe
    FirewallRules: [{A6D45907-C1D9-405C-9B81-2460F8A5139D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{69E8D09B-5054-4EB7-94E7-3A797B8DCB22}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{20E468FD-64FF-4AAC-834C-AC415054046D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
    FirewallRules: [{57DA68D0-5999-461F-A82F-E6150526F212}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
    FirewallRules: [{E14DD622-4C32-4857-A14D-29E47052768C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
    FirewallRules: [{DBB4DC71-4C57-4EA7-B981-72F00347C258}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
    FirewallRules: [TCP Query User{4CCB9872-29E9-4A82-A4DD-39B62FDEA208}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [UDP Query User{CE9E5BB7-E9A6-4C10-B82C-BBBB5DFB0404}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [{D6B6314C-4D4C-41CC-9690-24015509B0AB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{CF583D2C-9DEE-4E99-8154-E27A765717FC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [TCP Query User{037803A3-7B7D-449D-9682-4E64994F7F14}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [UDP Query User{58FF9A9B-F373-4E09-A05E-9B38F54A72FD}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [{DBE4ABD8-4E6D-4DD3-84EA-B555F35E2200}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{34AAD514-DEF5-48BC-B8B9-C21FDD268DEF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{CA8F8A77-E8C7-42EA-A1F2-B96B172691AD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{C40E3189-E257-4FC2-8E2F-42A2F1A0B936}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{F93ED06C-D4A3-4178-A8BA-68843332C154}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{CFE86E95-97A9-44D8-B4A7-F653BE39AD31}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{79F0B39B-5DAD-4A84-9D38-CFF92CD8B001}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{DAB08B7A-C7B9-4D89-9E69-4E59B3E59367}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{DCEC1C68-AA51-4DD2-97B2-DE599780FEF8}C:\users\hp\appdata\roaming\utorrent\updates\3.4.2_38257.exe] => (Block) C:\users\hp\appdata\roaming\utorrent\updates\3.4.2_38257.exe
    FirewallRules: [UDP Query User{BAE27B42-5CEC-4827-B57C-B91953D94D05}C:\users\hp\appdata\roaming\utorrent\updates\3.4.2_38257.exe] => (Block) C:\users\hp\appdata\roaming\utorrent\updates\3.4.2_38257.exe
    FirewallRules: [TCP Query User{513B0C2A-38F5-4A81-90A5-F02A8243F5AD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{C90CEA8F-630F-4DF7-9511-3D60E818303A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [TCP Query User{FB74ABC1-8D2E-4752-8E26-913C28B4F6F8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{B82E63D8-A892-421C-9C47-132B51F04C41}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{6B06D859-F4F6-4E33-813F-83E330272C75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8A06A769-E33B-4A08-B1C4-32ADCAB10B0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{63522AE0-DE47-4EBA-980D-D52CC01D8D99}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{F12D60EE-4459-4537-B026-054EC41FDE7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{83AC080A-35D7-4AC7-9A7F-E98AA88DDE0A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    13-04-2016 22:10:33 avast! antivirus system restore point
    30-04-2016 11:20:46 Windows Modules Installer
    30-04-2016 11:21:18 Windows Modules Installer

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/05/2016 08:24:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005

    Error: (05/05/2016 08:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 13970343

    Error: (05/05/2016 08:00:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 13970343

    Error: (05/05/2016 08:00:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/05/2016 02:52:09 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073418225

    Error: (05/04/2016 11:57:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1172

    Error: (05/04/2016 11:57:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1172

    Error: (05/04/2016 11:57:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/04/2016 10:19:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
    Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (05/04/2016 09:50:11 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
    Description: 80070005


    System errors:
    =============
    Error: (04/26/2016 08:13:06 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
    Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

    Error: (04/26/2016 07:03:12 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (04/26/2016 07:03:11 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
    Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

    Error: (04/16/2016 09:05:12 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 8:38:18 PM on ‎4/‎16/‎2016 was unexpected.

    Error: (04/13/2016 10:44:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Superfetch service terminated with the following error:
    %%1062

    Error: (04/13/2016 10:43:44 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

    Error: (04/13/2016 10:43:05 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
    Description: {5C068441-8DC5-4C20-A101-AB9C5B0F7721}

    Error: (04/13/2016 10:43:04 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
    Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

    Error: (04/13/2016 10:43:04 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
    Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}

    Error: (04/13/2016 10:43:04 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP)
    Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}


    CodeIntegrity:
    ===================================
    Date: 2015-06-16 15:42:31.947
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-16 15:42:31.400
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-16 15:42:31.103
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-16 15:42:30.650
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-16 15:42:30.228
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-02 21:24:38.035
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-02 19:57:56.031
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-02 19:57:55.784
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-02 19:57:55.437
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-20 13:23:51.624
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz
    Percentage of memory in use: 54%
    Total physical RAM: 4027.84 MB
    Available physical RAM: 1844.45 MB
    Total Virtual: 4731.84 MB
    Available Virtual: 2324.15 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:442.33 GB) (Free:301.37 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:22.41 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive f: (15.0.4420.1017) (CDROM) (Total:0.79 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 2E50010F)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    [​IMG] Uninstall following unwanted program: Search App by Ask.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  5. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:


    RogueKiller V12.1.5.0 (x64) [May 2 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9600) 64 bits version
    Started in : Normal mode
    User : HP [Administrator]
    Started from : C:\Users\HP\Desktop\RogueKillerX64.exe
    Mode : Delete -- Date : 05/06/2016 11:16:35

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 4 ¤¤¤
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com?pc=HPNTDFJS -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com?pc=HPNTDFJS -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1598329037-492615392-174970370-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com?pc=HPNTDFJS -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1598329037-492615392-174970370-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www.bing.com?pc=HPNTDFJS -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST500LT012-1DG142 +++++
    --- User ---
    [MBR] b64bb4d4929bb2e8b1d2f7904e256e4d
    [BSP] 29d313a50528e71cb2964197046b01d6 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2127872 | Size: 452946 MB
    4 - [SYSTEM] Basic data partition | Offset (sectors): 929761280 | Size: 22950 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  6. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 06/05/2016
    Scan Time: 11:29
    Logfile: mbam log.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.05.06.01
    Rootkit Database: v2016.04.17.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: HP

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 350268
    Time Elapsed: 19 min, 7 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 1
    PUP.Optional.OpenCandy, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, 5940, Delete-on-Reboot, [e1c818ba069368ceedce1a255ea70ff1]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 22
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK.1, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, [8326834fecadde5805ba341fe023ef11],
    PUP.Optional.InstallCore, HKU\S-1-5-21-1598329037-492615392-174970370-1001\SOFTWARE\InstallCore, Quarantined, [1396fcd69bfeba7c2da679c811f38b75],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.APNToolBar.Gen, C:\ProgramData\APN\APN-Stub, Quarantined, [6b3e22b0abeee2548878869419ea20e0],

    Files: 5
    PUP.Optional.APNToolBar, C:\Users\HP\AppData\Local\Temp\uttA480.tmp.exe, Quarantined, [f5b4389a7821b383d9547bd5e31e9868],
    PUP.Optional.APNToolBar, C:\Users\HP\AppData\Local\Temp\uttD96D.tmp.exe, Quarantined, [882170627a1feb4b05284808d52c49b7],
    PUP.Optional.OpenCandy, C:\Users\HP\AppData\Local\Temp\HYD44D1.tmp.1455508980\HTA\install.1455508980.zip, Quarantined, [2881bc16049574c243788fb05fa6c739],
    PUP.Optional.OpenCandy, C:\Users\HP\AppData\Local\Temp\HYD44D1.tmp.1455508980\HTA\3rdparty\OCComSDK.dll, Quarantined, [e1c818ba069368ceedce1a255ea70ff1],
    PUP.Optional.OpenCandy, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, Delete-on-Reboot, [e1c818ba069368ceedce1a255ea70ff1],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  7. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.


    # AdwCleaner v5.115 - Logfile created 06/05/2016 at 13:39:07
    # Updated 01/05/2016 by Xplode
    # Database : 2016-05-04.2 [Server]
    # Operating system : Windows 8.1 Single Language (X64)
    # Username : HP - LAPTOP
    # Running from : C:\Users\HP\Desktop\adwcleaner_5.115.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    Folder Found : C:\ProgramData\apn
    Folder Found : C:\ProgramData\Application Data\apn
    Folder Found : C:\Users\HP\AppData\Local\Temp\apn

    ***** [ Files ] *****


    ***** [ DLL ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    [C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : aaaaajhmeplfccacopbgpfaibalfnhcb

    *************************

    C:\AdwCleaner\AdwCleaner[S1].txt - [898 bytes] - [06/05/2016 13:39:07]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [970 bytes] ##########
     
  8. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    [​IMG] Please download Junkware Removal Tool to your desktop.



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows 8.1 Single Language x64
    Ran by HP (Administrator) on 06/05/2016 at 13:47:49.60
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 0




    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 06/05/2016 at 13:51:36.75
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  10. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-05-2016 03
    Ran by HP (administrator) on LAPTOP (07-05-2016 14:28:19)
    Running from C:\Users\HP\Desktop
    Loaded Profiles: HP (Available Profiles: HP)
    Platform: Windows 8.1 Single Language (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    () C:\Program Files\UniKey\UniKeyNT.exe
    (Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Dropbox, Inc.) C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (CHEN PROGRAM STUDY) C:\Users\HP\Desktop\trucxanh.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
    (AVAST Software) C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [704344 2015-02-05] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-01-14] (Realtek Semiconductor)
    HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-29] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-29] (Hewlett-Packard)
    HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-29] (Hewlett-Packard)
    HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-10-09] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7391632 2016-05-05] (AVAST Software)
    HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3886672 2014-12-22] (Tonec Inc.)
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\Run: [UniKey] => C:\Program Files\UniKey\UniKeyNT.exe [316928 2009-11-02] ()
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\Run: [Dropbox Update] => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google)
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\MountPoints2: F - "F:\SETUP.EXE"
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-09] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-05-05] (AVAST Software)
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
    Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-16]
    ShortcutTarget: Dropbox.lnk -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{A0E9E119-B625-4F23-812E-F47C23083CEC}: [DhcpNameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{A313D867-EF33-4927-84D1-D85252822AED}: [NameServer] 8.8.8.8,8.8.4.4
    Tcpip\..\Interfaces\{A313D867-EF33-4927-84D1-D85252822AED}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-12-05] (Internet Download Manager, Tonec Inc.)
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-13] (AVAST Software)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-12-05] (Internet Download Manager, Tonec Inc.)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-02-09] (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-13] (AVAST Software)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8kg3s5rq.default
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-15] ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-15] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-08-14] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
    FF Extension: IDM CC - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\8kg3s5rq.default\Extensions\mozilla_cc@internetdownloadmanager.com [2015-06-22] [not signed]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-05-05]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-05-05]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\HP\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\HP\AppData\Roaming\IDM\idmmzcc5 [2016-04-13] [not signed]
    FF HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\HP\AppData\Roaming\IDM\idmmzcc5

    Chrome:
    =======
    CHR Profile: C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-22]
    CHR Extension: (Google Docs) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-22]
    CHR Extension: (Google Drive) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
    CHR Extension: (YouTube) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
    CHR Extension: (Avast SafePrice) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-30]
    CHR Extension: (Google Sheets) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-22]
    CHR Extension: (Google Docs Offline) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
    CHR Extension: (Avast Online Security) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-04-13]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-24]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR Extension: (Gmail) - C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
    CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-03-11]
    CHR HKU\S-1-5-21-1598329037-492615392-174970370-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-04-13]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-13]
    CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-03-11]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [87384 2015-02-05] (Alps Electric Co., Ltd.)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-05-05] (AVAST Software)
    R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
    R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-10-09] (Hewlett-Packard Development Company, L.P.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-09] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
    R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-29] (Softex Inc.) [File not signed]
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-09] (Realtek Semiconductor)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    S3 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
    S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
     
  11. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-05-05] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-05-05] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-05-05] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-05-05] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-05-05] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-05-05] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-05-05] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-05-05] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287528 2016-05-05] (AVAST Software)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-06] (CyberLink)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-07] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
    S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291544 2014-01-04] (Realtek Semiconductor Corp.)
    R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-25] (Ralink Technology, Corp.)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-23] (Hewlett-Packard Development Company, L.P.)
    S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-07 14:25 - 2016-05-07 14:25 - 00000000 ____D C:\Users\HP\Desktop\FRST-OlderVersion
    2016-05-06 13:51 - 2016-05-06 13:51 - 00000556 _____ C:\Users\HP\Desktop\JRT.txt
    2016-05-06 13:46 - 2016-05-06 13:46 - 01610816 _____ (Malwarebytes) C:\Users\HP\Desktop\JRT.exe
    2016-05-06 13:38 - 2016-05-06 13:41 - 00000000 ____D C:\AdwCleaner
    2016-05-06 12:38 - 2016-05-06 12:38 - 03615296 _____ C:\Users\HP\Desktop\adwcleaner_5.115.exe
    2016-05-06 12:33 - 2016-05-06 12:33 - 00005061 _____ C:\Users\HP\Desktop\mbam log.txt
    2016-05-06 11:25 - 2016-05-06 11:25 - 00004470 _____ C:\Users\HP\Desktop\rk_8FB8.tmp.txt
    2016-05-06 11:23 - 2016-05-07 14:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-05-06 11:22 - 2016-05-06 11:22 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-05-06 11:22 - 2016-05-06 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-05-06 11:22 - 2016-05-06 11:22 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-05-06 11:22 - 2016-05-06 11:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-05-06 11:22 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2016-05-06 11:22 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2016-05-06 11:22 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2016-05-06 10:06 - 2016-05-06 10:06 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-05-06 10:04 - 2016-05-06 11:20 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-05-06 10:02 - 2016-05-06 10:04 - 24017992 _____ C:\Users\HP\Desktop\RogueKillerX64.exe
    2016-05-06 09:58 - 2016-05-06 09:58 - 19779656 _____ C:\Users\HP\Desktop\RogueKiller.exe
    2016-05-06 09:57 - 2016-05-06 09:59 - 00003433 _____ C:\Users\HP\Desktop\steps.txt
    2016-05-05 21:25 - 2016-05-05 21:25 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2016-05-05 21:25 - 2016-05-05 21:25 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
    2016-05-05 20:42 - 2016-05-07 14:28 - 00023113 _____ C:\Users\HP\Desktop\FRST.txt
    2016-05-05 20:41 - 2016-05-07 14:28 - 00000000 ____D C:\FRST
    2016-05-05 20:40 - 2016-05-07 14:25 - 02379264 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
    2016-04-16 05:47 - 2016-04-16 05:47 - 00000000 ____D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-04-15 10:16 - 2016-03-03 23:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
    2016-04-15 09:21 - 2016-03-03 23:47 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2016-04-15 09:21 - 2016-03-03 23:33 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2016-04-15 09:21 - 2016-03-03 08:39 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2016-04-15 09:21 - 2016-03-03 08:39 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2016-04-15 09:21 - 2016-02-03 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
    2016-04-15 09:21 - 2016-01-22 02:35 - 00952928 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
    2016-04-15 09:21 - 2016-01-22 01:42 - 00786152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
    2016-04-15 09:20 - 2016-04-04 13:35 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2016-04-15 09:20 - 2016-04-02 20:26 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2016-04-15 09:20 - 2016-04-02 20:26 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2016-04-15 09:20 - 2016-03-28 20:21 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2016-04-15 09:20 - 2016-03-28 20:21 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2016-04-15 09:20 - 2016-03-28 20:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2016-04-15 09:20 - 2016-03-28 20:21 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2016-04-15 09:20 - 2016-03-28 20:21 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2016-04-15 09:20 - 2016-03-16 06:00 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-04-15 09:20 - 2016-03-15 21:14 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-04-15 09:20 - 2016-03-11 21:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
    2016-04-15 09:20 - 2016-03-11 01:22 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-04-15 09:20 - 2016-03-11 01:21 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-04-15 09:20 - 2016-03-11 01:20 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-04-15 09:20 - 2016-03-11 00:44 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-04-15 09:20 - 2016-03-11 00:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-04-15 09:20 - 2016-03-11 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
    2016-04-15 09:20 - 2016-03-10 23:48 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
    2016-04-15 09:20 - 2016-02-05 21:46 - 01455104 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
    2016-04-15 09:20 - 2016-02-03 22:14 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
    2016-04-15 09:20 - 2016-02-03 00:51 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2016-04-15 09:20 - 2016-02-03 00:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2016-04-15 09:20 - 2016-02-03 00:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
    2016-04-15 09:20 - 2016-02-02 23:51 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2016-04-15 09:20 - 2016-02-02 23:48 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2016-04-15 09:20 - 2016-02-02 23:46 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
    2016-04-15 09:20 - 2016-02-02 23:41 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2016-04-15 09:20 - 2016-02-02 23:39 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2016-04-15 09:20 - 2016-01-27 22:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
    2016-04-15 09:19 - 2016-03-31 07:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2016-04-15 09:19 - 2016-03-31 07:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2016-04-15 09:19 - 2016-03-31 07:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2016-04-15 09:19 - 2016-03-31 07:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2016-04-15 09:19 - 2016-03-31 07:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2016-04-15 09:19 - 2016-03-31 07:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2016-04-15 09:19 - 2016-03-31 06:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2016-04-15 09:19 - 2016-03-31 06:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2016-04-15 09:19 - 2016-03-31 06:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2016-04-15 09:19 - 2016-03-31 06:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2016-04-15 09:19 - 2016-03-31 06:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2016-04-15 09:19 - 2016-03-31 06:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
    2016-04-15 09:19 - 2016-03-31 06:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2016-04-15 09:19 - 2016-03-31 06:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2016-04-15 09:19 - 2016-03-31 06:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2016-04-15 09:19 - 2016-03-31 06:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2016-04-15 09:19 - 2016-03-31 06:43 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2016-04-15 09:19 - 2016-03-31 06:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2016-04-15 09:19 - 2016-03-31 06:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2016-04-15 09:19 - 2016-03-31 06:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2016-04-15 09:19 - 2016-03-31 06:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2016-04-15 09:19 - 2016-03-31 06:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2016-04-15 09:19 - 2016-03-31 06:30 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2016-04-15 09:19 - 2016-03-31 06:27 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
    2016-04-15 09:19 - 2016-03-31 06:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2016-04-15 09:19 - 2016-03-31 06:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2016-04-15 09:19 - 2016-03-31 06:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2016-04-15 09:19 - 2016-03-31 06:23 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2016-04-15 09:19 - 2016-03-31 06:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2016-04-15 09:19 - 2016-03-31 06:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2016-04-15 09:19 - 2016-03-31 06:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2016-04-15 09:19 - 2016-03-31 06:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2016-04-15 09:19 - 2016-03-31 06:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2016-04-15 09:19 - 2016-03-31 06:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2016-04-15 09:19 - 2015-12-04 02:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-04-15 09:16 - 2016-02-09 08:31 - 22365472 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2016-04-15 09:16 - 2016-02-09 08:31 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2016-04-15 09:16 - 2016-02-09 08:31 - 02757616 _____ (Microsoft Corporation) C:\Windows\explorer.exe
    2016-04-15 09:16 - 2016-02-09 08:31 - 02412576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
    2016-04-15 09:16 - 2016-02-09 08:31 - 00273264 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
    2016-04-15 09:16 - 2016-02-09 03:55 - 02712576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2016-04-15 09:16 - 2016-02-09 03:15 - 02551808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
    2016-04-15 09:16 - 2016-02-09 03:02 - 01197056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
    2016-04-15 09:16 - 2016-02-09 02:48 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
    2016-04-15 09:16 - 2016-02-09 02:43 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
    2016-04-15 09:16 - 2016-02-09 02:40 - 00539648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hgcpl.dll
    2016-04-15 09:16 - 2016-02-09 02:39 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
    2016-04-15 09:16 - 2016-02-09 02:37 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingMonitor.dll
    2016-04-15 09:16 - 2016-02-09 02:35 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
    2016-04-15 09:16 - 2016-02-09 02:34 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
    2016-04-15 09:16 - 2016-02-09 02:33 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
    2016-04-15 09:16 - 2016-02-09 01:50 - 03120640 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2016-04-15 09:16 - 2016-02-09 00:55 - 02592256 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
    2016-04-15 09:16 - 2016-02-09 00:33 - 01278464 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
    2016-04-15 09:16 - 2016-02-09 00:12 - 14466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
    2016-04-15 09:16 - 2016-02-09 00:02 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
    2016-04-15 09:16 - 2016-02-09 00:00 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\hgcpl.dll
    2016-04-15 09:16 - 2016-02-08 23:58 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
    2016-04-15 09:16 - 2016-02-08 23:55 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\SettingMonitor.dll
    2016-04-15 09:16 - 2016-02-08 23:53 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
    2016-04-15 09:16 - 2016-02-08 23:53 - 01348096 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
    2016-04-15 09:16 - 2016-02-08 23:50 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
    2016-04-15 09:16 - 2016-02-08 23:50 - 00841728 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
    2016-04-15 09:16 - 2016-02-08 23:48 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
    2016-04-15 09:16 - 2016-02-08 23:47 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
    2016-04-15 09:16 - 2016-02-08 23:44 - 00955392 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
    2016-04-15 09:15 - 2016-03-29 21:05 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-04-15 09:15 - 2016-03-11 02:19 - 07452512 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-04-15 09:15 - 2016-03-11 02:17 - 01663192 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-04-15 09:15 - 2016-03-11 02:17 - 01523216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2016-04-15 09:15 - 2016-03-11 02:17 - 01490128 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-04-15 09:15 - 2016-03-11 02:17 - 01358960 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2016-04-15 09:15 - 2016-03-11 02:17 - 01133752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-04-15 09:15 - 2016-03-11 00:48 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-04-15 09:15 - 2016-03-11 00:43 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
    2016-04-15 09:15 - 2016-03-10 23:55 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
    2016-04-15 09:15 - 2016-03-10 23:42 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
    2016-04-15 09:15 - 2016-02-07 06:05 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
    2016-04-15 09:15 - 2016-02-07 05:41 - 00316760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
    2016-04-15 09:15 - 2016-02-06 02:07 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2016-04-15 09:15 - 2016-02-05 22:11 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
    2016-04-15 09:15 - 2016-02-05 22:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2016-04-15 09:15 - 2016-02-05 22:07 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
    2016-04-15 09:15 - 2016-02-05 22:02 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2016-04-15 09:15 - 2016-02-05 01:07 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll
    2016-04-15 09:15 - 2016-02-05 00:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpsapi.dll
    2016-04-15 09:15 - 2016-02-04 23:23 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2016-04-15 09:15 - 2016-02-04 23:22 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
    2016-04-15 09:15 - 2016-02-03 22:11 - 01673728 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
    2016-04-15 09:15 - 2016-02-03 00:18 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
    2016-04-15 09:15 - 2016-02-03 00:15 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
    2016-04-15 09:15 - 2016-02-01 00:17 - 00779264 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeui.exe
    2016-04-15 09:15 - 2016-01-27 02:15 - 00072024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
    2016-04-15 09:15 - 2016-01-22 12:22 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
    2016-04-15 09:15 - 2016-01-22 12:11 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
    2016-04-15 09:15 - 2016-01-21 05:40 - 00099672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
    2016-04-15 09:15 - 2016-01-14 04:26 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-04-15 08:45 - 2016-04-15 08:45 - 05934784 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2016-04-13 22:42 - 2016-04-13 22:42 - 00007653 _____ C:\Users\HP\AppData\Local\Resmon.ResmonCfg
    2016-04-13 22:35 - 2016-05-05 21:37 - 00003886 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1460274905
    2016-04-13 22:35 - 2016-05-05 21:37 - 00001060 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-04-13 22:35 - 2016-04-13 22:35 - 00001060 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
    2016-04-13 22:29 - 2016-05-03 15:53 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-04-13 22:29 - 2016-05-03 15:53 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-04-13 22:26 - 2016-04-13 22:27 - 00987728 _____ (Google Inc.) C:\Users\HP\Downloads\ChromeSetup.exe
    2016-04-13 22:20 - 2016-05-05 21:25 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2016-04-13 20:40 - 2016-04-13 21:04 - 00000000 ____D C:\Windows\pss
    2016-04-12 10:35 - 2016-04-13 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
    2016-04-12 10:35 - 2016-04-13 21:05 - 00000000 ____D C:\Program Files (x86)\Your Uninstaller! 7
    2016-04-12 10:35 - 2016-04-12 10:35 - 00000000 ____D C:\Users\HP\AppData\Roaming\URSoft

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-05-07 09:50 - 2014-12-24 21:12 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-05-07 09:46 - 2015-06-16 15:36 - 00000920 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001UA.job
    2016-05-07 09:45 - 2014-12-24 22:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-05-06 23:09 - 2016-03-17 22:25 - 00003142 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHP
    2016-05-06 23:09 - 2016-03-12 20:49 - 00000334 _____ C:\Windows\Tasks\HPCeeScheduleForHP.job
    2016-05-06 20:50 - 2014-12-24 21:12 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-05-06 18:16 - 2013-08-22 22:20 - 00000000 ____D C:\Windows\CbsTemp
    2016-05-06 18:14 - 2015-04-19 19:41 - 00000000 ___SD C:\Windows\SysWOW64\GWX
    2016-05-06 18:14 - 2015-04-19 19:41 - 00000000 ___SD C:\Windows\system32\GWX
    2016-05-06 18:14 - 2014-12-27 23:28 - 00000000 ____D C:\Windows\system32\appraiser
    2016-05-06 15:39 - 2014-12-24 19:58 - 00000000 ____D C:\Users\HP\Documents\Youcam
    2016-05-06 15:38 - 2016-02-22 13:06 - 00000000 ___RD C:\Users\HP\Google Drive
    2016-05-06 15:38 - 2014-12-29 18:09 - 00000000 ___RD C:\Users\HP\Dropbox
    2016-05-06 15:38 - 2014-12-26 10:14 - 00000000 ___RD C:\Users\HP\OneDrive
    2016-05-06 13:46 - 2015-06-16 15:36 - 00000868 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001Core.job
    2016-05-06 13:43 - 2013-08-22 21:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-05-06 13:42 - 2013-08-22 20:25 - 00262144 ___SH C:\Windows\system32\config\BBI
    2016-05-06 12:25 - 2013-08-22 21:45 - 00000000 ____D C:\Windows\Setup
    2016-05-06 12:23 - 2014-12-26 09:25 - 00000000 ____D C:\Users\HP\AppData\Roaming\DMCache
    2016-05-06 11:51 - 2014-12-24 20:00 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1598329037-492615392-174970370-1001
    2016-05-06 09:47 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\system32\NDF
    2016-05-05 21:26 - 2015-06-22 20:37 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
    2016-05-05 21:25 - 2015-06-22 20:37 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2016-05-05 21:25 - 2015-06-22 20:37 - 00465792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2016-05-05 21:25 - 2015-06-22 20:37 - 00287528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2016-05-05 21:25 - 2015-06-22 20:37 - 00166432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2016-05-05 21:25 - 2015-06-22 20:37 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2016-05-05 21:25 - 2015-06-22 20:37 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2016-05-05 21:25 - 2015-06-22 20:37 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2016-05-05 21:25 - 2015-06-22 20:37 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2016-05-05 21:16 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\system32\FxsTmp
    2016-05-05 21:12 - 2013-08-22 20:36 - 00000000 ____D C:\Windows\Inf
    2016-05-05 21:09 - 2013-08-22 22:36 - 00000000 ___RD C:\Windows\ToastData
    2016-05-05 20:40 - 2014-12-26 09:25 - 00000000 ____D C:\Users\HP\AppData\Roaming\IDM
    2016-05-05 20:35 - 2014-03-18 16:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-05-05 14:42 - 2013-08-22 22:36 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-05-05 14:42 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\AppReadiness
    2016-04-30 11:33 - 2014-12-27 23:22 - 00000000 ____D C:\Windows\system32\MRT
    2016-04-30 11:27 - 2014-12-27 23:22 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2016-04-29 19:51 - 2016-02-22 13:03 - 00002065 _____ C:\Users\Public\Desktop\Google Slides.lnk
    2016-04-29 19:51 - 2016-02-22 13:03 - 00002063 _____ C:\Users\Public\Desktop\Google Sheets.lnk
    2016-04-29 19:51 - 2016-02-22 13:03 - 00002053 _____ C:\Users\Public\Desktop\Google Docs.lnk
    2016-04-29 19:51 - 2016-02-22 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2016-04-26 19:36 - 2014-12-25 18:54 - 00000000 ____D C:\Users\HP\AppData\Local\Packages
    2016-04-17 16:27 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\rescache
    2016-04-16 21:10 - 2013-08-22 21:44 - 00481528 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-04-16 05:50 - 2014-12-29 17:25 - 00000000 ____D C:\Users\HP\AppData\Roaming\Dropbox
    2016-04-16 05:48 - 2015-06-16 15:36 - 00000000 ____D C:\Users\HP\AppData\Local\Dropbox
    2016-04-15 22:32 - 2014-12-26 11:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2016-04-15 22:27 - 2013-08-22 20:25 - 00000199 _____ C:\Windows\win.ini
    2016-04-15 09:08 - 2016-03-12 21:42 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
    2016-04-15 09:07 - 2016-03-12 21:42 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-04-15 08:45 - 2014-12-24 22:17 - 00003582 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-04-14 01:00 - 2015-06-29 22:33 - 00001862 _____ C:\Windows\System32\Tasks\avastBCLRestart_chrome.exe
    2016-04-14 01:00 - 2015-06-16 15:36 - 00003146 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001UA
    2016-04-14 01:00 - 2015-06-16 15:36 - 00002766 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001Core
    2016-04-14 01:00 - 2014-11-17 02:34 - 00002100 _____ C:\Windows\System32\Tasks\CLVDLauncher
    2016-04-14 01:00 - 2014-11-17 02:34 - 00002100 _____ C:\Windows\System32\Tasks\CLMLSvc_P2G8
    2016-04-14 01:00 - 2014-11-17 02:32 - 00002096 _____ C:\Windows\System32\Tasks\YCMServiceAgent
    2016-04-13 22:14 - 2015-06-22 20:37 - 00001945 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-04-13 22:03 - 2014-12-25 18:54 - 00000000 ____D C:\Users\HP
    2016-04-13 21:05 - 2016-04-06 11:18 - 00000000 ____D C:\ProgramData\Apple Computer
    2016-04-13 21:05 - 2016-04-06 11:18 - 00000000 ____D C:\Program Files\iTunes
    2016-04-13 21:05 - 2016-04-06 11:18 - 00000000 ____D C:\Program Files\iPod
    2016-04-13 21:05 - 2016-04-06 11:18 - 00000000 ____D C:\Program Files (x86)\iTunes
    2016-04-13 21:05 - 2015-12-05 11:10 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
    2016-04-13 21:05 - 2015-10-03 20:05 - 00000000 ___SD C:\Windows\system32\XTgt
    2016-04-13 21:05 - 2014-12-26 09:25 - 00000000 ____D C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2016-04-13 21:05 - 2014-12-26 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
    2016-04-13 21:05 - 2014-12-26 09:25 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
    2016-04-13 21:05 - 2013-08-22 22:36 - 00000000 ____D C:\Program Files\Windows Defender
    2016-04-13 20:56 - 2013-08-22 22:36 - 00000000 ____D C:\Windows\registration
    2016-04-13 20:53 - 2015-03-01 20:37 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-04-13 20:51 - 2014-12-26 11:47 - 00000000 ____D C:\Program Files\Microsoft Office
    2016-04-13 20:49 - 2015-06-22 20:34 - 00000000 ____D C:\Program Files\AVAST Software
    2016-04-13 20:49 - 2014-12-26 11:47 - 00000000 __RHD C:\MSOCache
    2016-04-13 17:40 - 2015-09-18 08:14 - 00000000 ____D C:\Users\HP\Desktop\TÂM LÝ HỌC PHÁT TRIỂN
    2016-04-10 22:40 - 2016-03-12 20:58 - 00000000 ____D C:\Users\HP\Desktop\Video Note 3

    ==================== Files in the root of some directories =======

    2015-10-19 21:34 - 2015-10-19 21:34 - 0002081 _____ () C:\Users\HP\AppData\Local\recently-used.xbel
    2016-04-13 22:42 - 2016-04-13 22:42 - 0007653 _____ () C:\Users\HP\AppData\Local\Resmon.ResmonCfg

    Some files in TEMP:
    ====================
    C:\Users\HP\AppData\Local\Temp\COMAP.EXE
    C:\Users\HP\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\HP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwsalwn.dll
    C:\Users\HP\AppData\Local\Temp\handbrake-setup.exe
    C:\Users\HP\AppData\Local\Temp\HPSFUpdater.exe
    C:\Users\HP\AppData\Local\Temp\libeay32.dll
    C:\Users\HP\AppData\Local\Temp\msvcr120.dll
    C:\Users\HP\AppData\Local\Temp\ose00000.exe
    C:\Users\HP\AppData\Local\Temp\qing_update.exe
    C:\Users\HP\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\HP\AppData\Local\Temp\sqlite3.dll
    C:\Users\HP\AppData\Local\Temp\swt-gdip-win32-3452.dll
    C:\Users\HP\AppData\Local\Temp\swt-win32-3452.dll
    C:\Users\HP\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\HP\AppData\Local\Temp\{79F2C1EF-0AD5-4A5E-9AD0-B0876D584AC8}-49.0.2623.110_49.0.2623.87_chrome_updater.exe
    C:\Users\HP\AppData\Local\Temp\{D6FADA52-AF04-4558-8282-67B5E12C320E}-DropboxClient_3.8.5.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-05-01 23:52

    ==================== End of FRST.txt ============================
     
  12. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 03
    Ran by HP (2016-05-07 14:28:58)
    Running from C:\Users\HP\Desktop
    Windows 8.1 Single Language (X64) (2014-12-25 11:53:49)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1598329037-492615392-174970370-500 - Administrator - Disabled)
    Guest (S-1-5-21-1598329037-492615392-174970370-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1598329037-492615392-174970370-1003 - Limited - Enabled)
    HP (S-1-5-21-1598329037-492615392-174970370-1001 - Administrator - Enabled) => C:\Users\HP

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
    Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1202.1711.102 - Alps Electric)
    Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.2.2262 - AVAST Software)
    Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3303 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
    CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Dropbox (HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
    Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
    Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
    EPSON L350 Series Printer Uninstall (HKLM\...\EPSON L350 Series) (Version: - SEIKO EPSON Corporation)
    EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
    Epson User's Guide L350 Series (HKLM-x32\...\L350 Series Useg) (Version: - )
    Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
    GiaPhaVN (HKLM-x32\...\{4A4E3056-B2FB-4E99-9430-CDEF18270070}) (Version: 1.0.0 - HienNH)
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
    Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
    HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
    HP Documentation (HKLM-x32\...\{3BAA7681-EF42-4FEC-84FC-87BA815492A4}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.2.8.17 - Hewlett-Packard Company)
    HP System Event Utility (HKLM-x32\...\{C78E8F51-3EAD-4F0C-83F0-EF371075E0B4}) (Version: 1.0.10 - Hewlett-Packard Company)
    HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
    Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.24.1790 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Mediatek Bluetooth (HKLM\...\{16BCAEDC-C115-1729-07C4-7A0091C699A6}) (Version: 11.0.749.0 - Mediatek)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.37.0 - Mediatek)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.)
    Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
    Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
    UltraISO Premium V9.53 (HKLM-x32\...\UltraISO_is1) (Version: - )
    UniKey 4.0 RC2 (build 1101) (HKLM-x32\...\{AC006985-A51F-42AC-A7E9-5E66D8AC8063}_is1) (Version: - Pham Kim Long)
    Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1598329037-492615392-174970370-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\HP\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0254AED4-5CEA-4B4F-8D96-18F7F68B8C5E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {0B815135-93F1-420B-9991-FB11227DCD4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
    Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
    Task: {1D41BD63-FEE2-47E8-8566-D6109EE4D0B7} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
    Task: {286F649F-340C-4724-AD68-7E4EE8AF7C46} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {2AF69CF1-0053-4981-A1DA-7F75287F456C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-04-30] (Microsoft Corporation)
    Task: {2C740E4B-1B37-497A-8179-2B9CE8A58000} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe
    Task: {55F48CAB-B51F-44B7-B630-9E276B726D76} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-05-05] (AVAST Software)
    Task: {5B710EEE-6DDB-46D2-8184-8802B9BB3D45} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
    Task: {5FF1ED16-785C-4C26-8C31-FC810B40D61E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {69E51123-7E96-4374-8152-33453747F925} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
    Task: {6ECFE8B4-6ABA-4778-AB95-415706BC0FF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
    Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
    Task: {76EA7CC6-6C3C-43D6-9BC5-961264B5D806} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
    Task: {780BD1E5-F944-4582-A7F6-2BFBE344134F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-15] (Adobe Systems Incorporated)
    Task: {7B6B4D6B-DB27-4B08-A191-FD00DD104303} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {8F76F688-AF66-46D2-8FC0-7ECEDF623F0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
    Task: {9C1990B1-42D0-49D8-9904-CF487FCAB494} - System32\Tasks\SafeZone scheduled Autoupdate 1460274905 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-04-15] (Avast Software)
    Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
    Task: {CC079CB2-79A6-4E2F-846C-0CE19631267F} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
    Task: {CD751C57-4926-4499-ADC1-7AA8ABC989A5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001Core => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
    Task: {D0FEFFCF-2844-41C0-9EB9-092E2A4A9E17} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-12] (AVAST Software)
    Task: {D67A5948-4087-4CCE-A430-A50DAB672465} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-04-27] (Microsoft Corporation)
    Task: {DA3B719A-D2B6-4419-890B-A896957D01A9} - System32\Tasks\Microsoft\Windows\Setup\xtgt\refreshxtgtconfig => C:\Windows\system32\XTgt\XTgtMgr.exe [2015-10-03] (Microsoft Corporation)
    Task: {E38E12AE-967C-449F-AA42-887C80EE4E0C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001UA => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
    Task: {E71FFD0C-D938-45A4-883C-52DA6EDAD09D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {E9ADE27E-9938-48DE-8143-DE3DB6305AC7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-04-06] (Hewlett-Packard)
    Task: {F551F88B-7D48-45F3-B24A-452511B948D3} - System32\Tasks\HPCeeScheduleForHP => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {F7E1AC7C-DA24-4E28-9985-E9DB1ED34A11} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001Core.job => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1598329037-492615392-174970370-1001UA.job => C:\Users\HP\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HPCeeScheduleForHP.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)
     
  13. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    ==================== Loaded Modules (Whitelisted) ==============

    2014-03-29 03:31 - 2014-03-29 03:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
    2014-03-29 03:27 - 2014-03-29 03:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
    2014-03-29 03:27 - 2014-03-29 03:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
    2014-03-29 03:27 - 2014-03-29 03:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
    2014-03-29 03:48 - 2014-03-29 03:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
    2014-03-29 03:48 - 2014-03-29 03:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
    2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-08-10 13:11 - 2013-08-10 13:11 - 00607744 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
    2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-12-24 21:24 - 2009-11-02 00:43 - 00296960 _____ () C:\Program Files\UniKey\UKHook40.dll
    2014-03-29 03:36 - 2014-03-29 03:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
    2014-12-24 21:24 - 2009-11-02 00:43 - 00316928 _____ () C:\Program Files\UniKey\UniKeyNT.exe
    2016-05-05 21:25 - 2016-05-05 21:25 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-05-05 21:25 - 2016-05-05 21:25 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-05-06 12:26 - 2016-05-06 12:26 - 02892288 _____ () C:\Program Files\AVAST Software\Avast\defs\16050501\algo.dll
    2016-05-05 21:25 - 2016-05-05 21:25 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-05-07 09:09 - 2016-05-07 09:09 - 02892288 _____ () C:\Program Files\AVAST Software\Avast\defs\16050601\algo.dll
    2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2016-03-19 20:55 - 2016-03-22 04:50 - 00034768 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
    2016-04-16 05:47 - 2016-03-22 04:51 - 00019408 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\faulthandler.pyd
    2016-04-16 05:47 - 2016-03-22 04:50 - 00116688 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\pywintypes27.dll
    2016-03-19 20:55 - 2016-03-22 04:50 - 00093640 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_ctypes.pyd
    2016-03-19 20:55 - 2016-03-22 04:50 - 00018376 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\select.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00019760 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00105928 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32api.pyd
    2016-04-16 05:47 - 2016-03-22 04:50 - 00392144 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\pythoncom27.dll
    2016-03-19 20:55 - 2016-04-09 01:20 - 00381752 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
    2016-03-19 20:55 - 2016-03-22 04:50 - 00692688 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\unicodedata.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00020816 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
    2016-03-19 20:55 - 2016-03-22 04:51 - 00112592 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 01682760 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00020808 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00021840 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00038696 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\fastpath.pyd
    2016-04-16 05:47 - 2016-03-22 04:52 - 00020936 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\mmapfile.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00024528 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32event.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00114640 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32security.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00124880 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32file.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00021832 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00024016 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00175560 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32gui.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00030160 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32pipe.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00043472 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32process.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00028616 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32ts.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00048592 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32service.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00026456 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00057808 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00024016 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\win32profile.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00117056 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00023376 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
    2016-03-19 20:55 - 2016-03-22 04:50 - 00134608 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_elementtree.pyd
    2016-04-16 05:47 - 2016-03-22 04:50 - 00134088 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\pyexpat.pyd
    2016-04-16 05:47 - 2016-03-22 04:51 - 00240584 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\jpegtran.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00024392 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
    2016-04-16 05:47 - 2016-03-22 04:52 - 00036296 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\librsync.dll
    2016-04-16 05:47 - 2016-04-09 01:19 - 00052024 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00020800 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00021824 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00019776 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00020800 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00020280 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
    2016-03-19 20:55 - 2016-03-22 04:52 - 00350152 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winxpgui.pyd
    2016-03-19 20:55 - 2016-04-09 01:20 - 00022352 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
    2016-04-16 05:47 - 2016-04-09 01:19 - 00084280 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
    2016-04-16 05:47 - 2016-04-09 01:20 - 01826096 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
    2016-03-19 20:55 - 2016-03-22 04:51 - 00083912 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\sip.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 03928880 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 01971504 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00531248 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00132912 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00223544 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00207672 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00158008 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00042808 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
    2016-04-16 05:47 - 2016-03-22 04:54 - 00017864 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\libEGL.dll
    2016-04-16 05:47 - 2016-03-22 04:54 - 01631184 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2016-03-19 20:55 - 2016-04-09 01:20 - 00024904 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00546096 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
    2016-04-16 05:47 - 2016-04-09 01:20 - 00357680 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
    2016-03-19 20:55 - 2016-03-22 04:56 - 00697304 _____ () C:\Users\HP\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
    2016-05-06 15:38 - 2016-05-06 15:38 - 00098816 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\win32api.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00110080 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\pywintypes27.dll
    2016-05-06 15:38 - 2016-05-06 15:38 - 00364544 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\pythoncom27.dll
    2016-05-06 15:38 - 2016-05-06 15:38 - 00320512 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\win32com.shell.shell.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00776704 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\_hashlib.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 01176576 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\wx._core_.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00806400 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\wx._gdi_.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00816128 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\wx._windows_.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 01067008 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\wx._controls_.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00733184 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\wx._misc_.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00682496 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\pysqlite2._sqlite.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00088064 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\_ctypes.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00119808 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\win32file.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00108544 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\win32security.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00007168 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\hashobjs_ext.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00017920 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\thumbnails_ext.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00088064 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\usb_ext.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00167936 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\win32gui.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00018432 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\win32event.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00046080 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\_socket.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 01208320 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\_ssl.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00128512 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\_elementtree.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00127488 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\pyexpat.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00012288 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\common.time34.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00038912 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\win32inet.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00036864 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\_psutil_windows.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00525208 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\windows._lib_cacheinvalidation.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00011264 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\win32crypt.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00077312 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\wx._html2.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00027136 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\_multiprocessing.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00020480 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\_yappi.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00035840 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\win32process.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00686080 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\unicodedata.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00078848 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\wx._animate.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00123392 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\wx._wizard.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00024064 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\win32pipe.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00010240 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\select.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00025600 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\win32pdh.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00017408 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\win32profile.pyd
    2016-05-06 15:38 - 2016-05-06 15:38 - 00022528 ____R () C:\Users\HP\AppData\Local\Temp\_MEI68522\win32ts.pyd
    2016-04-13 22:19 - 2016-04-13 22:19 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-11-17 02:34 - 2013-08-05 14:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2013-08-06 06:48 - 2013-08-06 06:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [152]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 20:25 - 2013-08-22 20:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1598329037-492615392-174970370-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 8.8.8.8 - 8.8.4.4
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{7C4F4A9C-C66A-4914-B352-651DFE7EC187}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{2233C16B-198E-47E7-96E1-476D6ED93532}] => (Allow) LPort=2869
    FirewallRules: [{FB2A6B0F-86C2-40D7-891E-B28E06DE8C00}] => (Allow) LPort=1900
    FirewallRules: [{92659DBB-1A12-49E3-BC5C-D211AF0A5A07}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{4D262E64-213C-4262-9673-CF23865AB6C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{10A11DD3-58D3-4B12-9C3E-7D00895F4AD3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{25FEDF4A-B0F7-41DC-8A7E-C41923651C10}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{0BDDF702-B4B9-43A0-86CE-44228400C214}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{5818C876-52EF-43C2-8A11-EF9D3AFEB746}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
    FirewallRules: [{FA62801F-E3CA-4F03-8BB7-63C55B5190EC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
    FirewallRules: [{7ACEC53C-6C78-421F-87AE-A694050DB157}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
    FirewallRules: [{A680D8AC-6847-4315-BBAC-2A4D3C127CA6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
    FirewallRules: [{0FD35EEE-BEF5-47F2-8A80-CC9C43AC2EBE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
    FirewallRules: [{9BF460AD-DF61-4CEA-B45C-61D4BFD1AD42}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
    FirewallRules: [{A86C39F5-4770-464F-B9EE-DE1CB9C6DBCA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
    FirewallRules: [{D18513CD-A8D5-4366-9196-E273B1BA16E2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{62117556-BBA8-47A6-98B6-49FB52566D33}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{5D5F0B38-2F25-4D79-B365-0AD17E78C706}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{0908F683-DB00-46E1-9543-19D0FBF7695E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{3869FFE7-A59D-4336-A0D5-9475ACE6B65B}C:\users\hp\downloads\compressed\sinhvienit.net---office2013.32.64.bit.full.crack\activator\qemu\qemu.exe] => (Allow) C:\users\hp\downloads\compressed\sinhvienit.net---office2013.32.64.bit.full.crack\activator\qemu\qemu.exe
    FirewallRules: [UDP Query User{D10B8422-64A7-4EE6-B415-B97ED0B7B1E0}C:\users\hp\downloads\compressed\sinhvienit.net---office2013.32.64.bit.full.crack\activator\qemu\qemu.exe] => (Allow) C:\users\hp\downloads\compressed\sinhvienit.net---office2013.32.64.bit.full.crack\activator\qemu\qemu.exe
    FirewallRules: [{E52BB43B-D992-4F6F-AC13-6A5890EF6564}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{4235DCBF-409D-40FB-975D-22C3CAB9706A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{7CCF648E-CDC3-4449-94D5-CEBF0E404709}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{AE409DA7-4FBB-4DE7-9078-4109082A3DC5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{A62FF04C-A2AD-42AB-91FB-3E002AA91E66}] => (Allow) C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{3631E1C6-BB00-40C5-B191-4C46E2FA0FA2}] => (Allow) C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{09F9D824-945E-49AB-9970-DDE82E2CAE33}C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{9879DEB2-0012-4ABD-BB72-6256B92D1E9A}C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\hp\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{4A12EB45-2D54-4065-885A-F33B8412EEDA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{884F34C4-56C0-4A31-A124-08FDCD39733B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C7128481-4BEB-4A37-B02D-78C083B08D13}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{DAEEF494-31AC-4CB4-B5FC-B6B7AFDF3EF3}] => (Allow) C:\Users\HP\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{C00E793F-02BF-40DB-A7A6-22C8F210CB8A}C:\games\starcraft ii\starfriend\starfriend_client.exe] => (Allow) C:\games\starcraft ii\starfriend\starfriend_client.exe
    FirewallRules: [UDP Query User{F6D1BF9F-B036-4C73-A360-57377A36C9F5}C:\games\starcraft ii\starfriend\starfriend_client.exe] => (Allow) C:\games\starcraft ii\starfriend\starfriend_client.exe
    FirewallRules: [{C1B4A140-7B2F-41D9-8816-D5066230FAF5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
    FirewallRules: [{055448C3-8DE1-42B7-84DD-FFC3BB159632}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1267\Agent.exe
    FirewallRules: [TCP Query User{A278D33F-2A7B-4ED4-BB93-18E195681EAD}C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe] => (Allow) C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe
    FirewallRules: [UDP Query User{91124577-ECC7-428A-97F6-3742AA99548B}C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe] => (Allow) C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe
    FirewallRules: [TCP Query User{2032F081-3A50-426D-A5BC-08236E5E2E01}C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe] => (Allow) C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe
    FirewallRules: [UDP Query User{9D7212B8-5661-43AC-9CFB-4A00A0953EB0}C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe] => (Allow) C:\games\starcraft ii\starcraft 2\versions\base24944\sc2.exe
    FirewallRules: [{A6D45907-C1D9-405C-9B81-2460F8A5139D}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{69E8D09B-5054-4EB7-94E7-3A797B8DCB22}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{20E468FD-64FF-4AAC-834C-AC415054046D}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
    FirewallRules: [{57DA68D0-5999-461F-A82F-E6150526F212}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
    FirewallRules: [{E14DD622-4C32-4857-A14D-29E47052768C}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
    FirewallRules: [{DBB4DC71-4C57-4EA7-B981-72F00347C258}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
    FirewallRules: [TCP Query User{4CCB9872-29E9-4A82-A4DD-39B62FDEA208}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [UDP Query User{CE9E5BB7-E9A6-4C10-B82C-BBBB5DFB0404}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [{D6B6314C-4D4C-41CC-9690-24015509B0AB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{CF583D2C-9DEE-4E99-8154-E27A765717FC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [TCP Query User{037803A3-7B7D-449D-9682-4E64994F7F14}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [UDP Query User{58FF9A9B-F373-4E09-A05E-9B38F54A72FD}C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
    FirewallRules: [{DBE4ABD8-4E6D-4DD3-84EA-B555F35E2200}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{34AAD514-DEF5-48BC-B8B9-C21FDD268DEF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
    FirewallRules: [{CA8F8A77-E8C7-42EA-A1F2-B96B172691AD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{C40E3189-E257-4FC2-8E2F-42A2F1A0B936}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{F93ED06C-D4A3-4178-A8BA-68843332C154}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{CFE86E95-97A9-44D8-B4A7-F653BE39AD31}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [TCP Query User{79F0B39B-5DAD-4A84-9D38-CFF92CD8B001}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{DAB08B7A-C7B9-4D89-9E69-4E59B3E59367}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{DCEC1C68-AA51-4DD2-97B2-DE599780FEF8}C:\users\hp\appdata\roaming\utorrent\updates\3.4.2_38257.exe] => (Block) C:\users\hp\appdata\roaming\utorrent\updates\3.4.2_38257.exe
    FirewallRules: [UDP Query User{BAE27B42-5CEC-4827-B57C-B91953D94D05}C:\users\hp\appdata\roaming\utorrent\updates\3.4.2_38257.exe] => (Block) C:\users\hp\appdata\roaming\utorrent\updates\3.4.2_38257.exe
    FirewallRules: [TCP Query User{513B0C2A-38F5-4A81-90A5-F02A8243F5AD}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{C90CEA8F-630F-4DF7-9511-3D60E818303A}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [TCP Query User{FB74ABC1-8D2E-4752-8E26-913C28B4F6F8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [UDP Query User{B82E63D8-A892-421C-9C47-132B51F04C41}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
    FirewallRules: [{6B06D859-F4F6-4E33-813F-83E330272C75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8A06A769-E33B-4A08-B1C4-32ADCAB10B0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{63522AE0-DE47-4EBA-980D-D52CC01D8D99}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{F12D60EE-4459-4537-B026-054EC41FDE7B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{83AC080A-35D7-4AC7-9A7F-E98AA88DDE0A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    13-04-2016 22:10:33 avast! antivirus system restore point
    30-04-2016 11:20:46 Windows Modules Installer
    30-04-2016 11:21:18 Windows Modules Installer
    06-05-2016 13:47:53 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/07/2016 09:19:03 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073418225

    Error: (05/06/2016 09:17:11 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP)
    Description: Activation of app Microsoft.MicrosoftMahjong_8wekyb3d8bbwe!MicrosoftMahjong failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (05/06/2016 12:23:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_PcaSvc, version: 6.3.9600.17415, time stamp: 0x54504177
    Faulting module name: ntdll.dll, version: 6.3.9600.18194, time stamp: 0x56951674
    Exception code: 0xc0000008
    Fault offset: 0x00000000000925fa
    Faulting process id: 0x3b0
    Faulting application start time: 0xsvchost.exe_PcaSvc0
    Faulting application path: svchost.exe_PcaSvc1
    Faulting module path: svchost.exe_PcaSvc2
    Report Id: svchost.exe_PcaSvc3
    Faulting package full name: svchost.exe_PcaSvc4
    Faulting package-relative application ID: svchost.exe_PcaSvc5

    Error: (05/06/2016 10:36:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 9e8

    Start Time: 01d1a747cf8ed09d

    Termination Time: 4294967295

    Application Path: C:\Windows\syswow64\wwahost.exe

    Report Id: b874080b-133b-11e6-82a6-7429af243abc

    Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

    Faulting package-relative application ID: App

    Error: (05/06/2016 09:56:59 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
    Description: Subscription licensing service failed: -1073418225

    Error: (05/06/2016 09:52:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 34125

    Error: (05/06/2016 09:52:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 34125

    Error: (05/06/2016 09:52:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (05/05/2016 09:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 14985

    Error: (05/05/2016 09:32:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 14985


    System errors:
    =============
    Error: (05/06/2016 01:41:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/06/2016 01:41:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (05/06/2016 01:41:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (05/06/2016 01:41:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/06/2016 01:41:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/06/2016 01:41:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Epson Scanner Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/06/2016 01:41:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/06/2016 01:41:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/06/2016 01:41:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).

    Error: (05/06/2016 01:41:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).


    CodeIntegrity:
    ===================================
    Date: 2015-06-16 15:42:31.947
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-16 15:42:31.400
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-16 15:42:31.103
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-16 15:42:30.650
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-16 15:42:30.228
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-02 21:24:38.035
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-02 19:57:56.031
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-02 19:57:55.784
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-06-02 19:57:55.437
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2015-05-20 13:23:51.624
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz
    Percentage of memory in use: 53%
    Total physical RAM: 4027.84 MB
    Available physical RAM: 1891.63 MB
    Total Virtual: 4731.84 MB
    Available Virtual: 2465.2 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:442.33 GB) (Free:300.38 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:22.41 GB) (Free:2.17 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive f: (15.0.4420.1017) (CDROM) (Total:0.79 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 2E50010F)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  15. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    Fix result of Farbar Recovery Scan Tool (x64) Version:06-05-2016 03
    Ran by HP (2016-05-08 13:55:00) Run:1
    Running from C:\Users\HP\Desktop
    Loaded Profiles: HP & (Available Profiles: HP)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKU\S-1-5-21-1598329037-492615392-174970370-1001\...\MountPoints2: F - "F:\SETUP.EXE"
    S3 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
    S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
    S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
    2015-10-19 21:34 - 2015-10-19 21:34 - 0002081 _____ () C:\Users\HP\AppData\Local\recently-used.xbel
    2016-04-13 22:42 - 2016-04-13 22:42 - 0007653 _____ () C:\Users\HP\AppData\Local\Resmon.ResmonCfg
    C:\Users\HP\AppData\Local\Temp\COMAP.EXE
    C:\Users\HP\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\HP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwsalwn.dll
    C:\Users\HP\AppData\Local\Temp\handbrake-setup.exe
    C:\Users\HP\AppData\Local\Temp\HPSFUpdater.exe
    C:\Users\HP\AppData\Local\Temp\libeay32.dll
    C:\Users\HP\AppData\Local\Temp\msvcr120.dll
    C:\Users\HP\AppData\Local\Temp\ose00000.exe
    C:\Users\HP\AppData\Local\Temp\qing_update.exe
    C:\Users\HP\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\HP\AppData\Local\Temp\sqlite3.dll
    C:\Users\HP\AppData\Local\Temp\swt-gdip-win32-3452.dll
    C:\Users\HP\AppData\Local\Temp\swt-win32-3452.dll
    C:\Users\HP\AppData\Local\Temp\UninstallHPSA.exe
    C:\Users\HP\AppData\Local\Temp\{79F2C1EF-0AD5-4A5E-9AD0-B0876D584AC8}-49.0.2623.110_49.0.2623.87_chrome_updater.exe
    C:\Users\HP\AppData\Local\Temp\{D6FADA52-AF04-4558-8282-67B5E12C320E}-DropboxClient_3.8.5.exe
    Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
    Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
    Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
    Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
    Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [152]

    *****************

    "HKU\S-1-5-21-1598329037-492615392-174970370-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key removed successfully
    McAPExe => service removed successfully
    McMPFSvc => service removed successfully
    BAPIDRV => service removed successfully
    C:\Users\HP\AppData\Local\recently-used.xbel => moved successfully
    C:\Users\HP\AppData\Local\Resmon.ResmonCfg => moved successfully
    C:\Users\HP\AppData\Local\Temp\COMAP.EXE => moved successfully
    C:\Users\HP\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\HP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwsalwn.dll => moved successfully
    C:\Users\HP\AppData\Local\Temp\handbrake-setup.exe => moved successfully
    C:\Users\HP\AppData\Local\Temp\HPSFUpdater.exe => moved successfully
    C:\Users\HP\AppData\Local\Temp\libeay32.dll => moved successfully
    C:\Users\HP\AppData\Local\Temp\msvcr120.dll => moved successfully
    C:\Users\HP\AppData\Local\Temp\ose00000.exe => moved successfully
    C:\Users\HP\AppData\Local\Temp\qing_update.exe => moved successfully
    C:\Users\HP\AppData\Local\Temp\SkypeSetup.exe => moved successfully
    C:\Users\HP\AppData\Local\Temp\sqlite3.dll => moved successfully
    C:\Users\HP\AppData\Local\Temp\swt-gdip-win32-3452.dll => moved successfully
    C:\Users\HP\AppData\Local\Temp\swt-win32-3452.dll => moved successfully
    C:\Users\HP\AppData\Local\Temp\UninstallHPSA.exe => moved successfully
    C:\Users\HP\AppData\Local\Temp\{79F2C1EF-0AD5-4A5E-9AD0-B0876D584AC8}-49.0.2623.110_49.0.2623.87_chrome_updater.exe => moved successfully
    C:\Users\HP\AppData\Local\Temp\{D6FADA52-AF04-4558-8282-67B5E12C320E}-DropboxClient_3.8.5.exe => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D8A891D-890C-4808-84D8-2F436AB14653}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1274336E-AB06-46B6-A48C-0671C5557CC6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Maintenance Configurator" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1687544D-7247-4F5A-965A-A6E920E55278}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Manual Maintenance" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F02587F-8A2B-4552-97F6-DEEF229E335B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Idle Maintenance" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7992938-01F1-4F40-A0EC-0D23D2F0F152}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TaskScheduler\Regular Maintenance" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFD7C21A-808B-487B-A6EC-8A10E44E8360}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SettingSync\BackupTask" => key removed successfully
    C:\ProgramData\Temp => ":1CE11B51" ADS removed successfully.

    ==== End of Fixlog 13:55:06 ====
     
  16. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  17. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Flash Player 21.0.0.213
    Mozilla Firefox (43.0.1)
    Google Chrome (49.0.2623.112)
    Google Chrome (50.0.2661.94)
    Google Chrome (SetupMetrics.pma..)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  18. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    Farbar Service Scanner Version: 27-01-2016
    Ran by HP (administrator) on 09-05-2016 at 14:35:25
    Running from "C:\Users\HP\Desktop"
    Microsoft Windows 8.1 Single Language (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Sophos?
     
  20. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    No there was nothing found.
     
  21. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    Wow this is terrible. I've just found 2 other laptops that have the same problem (they are from people I know but they don't have any kind of connection like skype, they are even on different network).

    I tried to uninstall Avast! and installed F-secure instead. The program found 1 thread and remove. But the URL was still activated after that whenever I open Chrome browser. I uninstalled Chrome and the problem is no more.

    The other laptop is left untouched since it was too old (running on Atom chip).

    But this particular virus is really special: it only tries to download the file a few times then it doesn't show up anymore. Actually I haven't encounter the warning on my first laptop (HP one) right after I post here. It was even before I actually scan or remove anything. So I feel insecure if the virus is actually gone or stay hidden.

    Some pics from the untouched laptop:

    [​IMG]

    [​IMG]
     
  22. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18



    The issue is not exclusive to Google Chrome. I opened the Microsoft Essential download tool and the URL was triggered too.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please create separate topics for other machines.

    Here...

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    The issue seems to be resolved.
     
  25. NTTDHSG

    NTTDHSG TS Rookie Topic Starter Posts: 18

    Hi sorry I was busy with other works so I couldn't reply.
    Yes my computer is completely clean. For those that encounter the same issue as I do: the warning is completely false positive. The URL is from one of MS host. Whois tool returns legit server. The cab file was an activeX object. And some MS download apps must connect to the server in order to work. I already reported to Avast!

    Lastly thank you Broni for your help (y)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...