Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-12-2015 Ran by Flora (administrator) on FLORA-HP (28-12-2015 16:55:54) Running from C:\Users\Flora\Downloads Loaded Profiles: Flora (Available Profiles: Flora) Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe (Oceanis) C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe () C:\ProgramData\DatacardService\HWDeviceService.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-08-02] (IDT, Inc.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-01-28] (Hewlett-Packard) HKU\S-1-5-21-2725921112-1649959490-732596018-1000\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-2725921112-1649959490-732596018-1000\...\MountPoints2: {ec3d98e7-4425-11e1-bf63-984be1e98bac} - E:\AutoRun.exe HKU\S-1-5-21-2725921112-1649959490-732596018-1000\...\MountPoints2: {ec3d9904-4425-11e1-bf63-984be1e98bac} - E:\AutoRun.exe HKU\S-1-5-21-2725921112-1649959490-732596018-1000\...\MountPoints2: {ec3d991e-4425-11e1-bf63-984be1e98bac} - E:\AutoRun.exe HKU\S-1-5-21-2725921112-1649959490-732596018-1000\...\Winlogon: [Shell] C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe [115888 2009-12-10] (Oceanis) <==== ATTENTION HKU\S-1-5-21-2725921112-1649959490-732596018-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{8E85B261-B91A-485F-B54E-38BF6338FF2B}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2725921112-1649959490-732596018-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.br/ HKU\S-1-5-21-2725921112-1649959490-732596018-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1 SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-2725921112-1649959490-732596018-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-2725921112-1649959490-732596018-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = SearchScopes: HKU\S-1-5-21-2725921112-1649959490-732596018-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = SearchScopes: HKU\S-1-5-21-2725921112-1649959490-732596018-1000 -> {FB6EFAFF-2FE4-410B-83A1-F94CEFFF1B61} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.) BHO: Windows 7 Starter Helper -> {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} -> C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll [2009-12-09] (Oceanis) DPF: {66278F12-948C-4B66-83A9-B44D199DF03D} hxxp://192.168.25.30/codebase/WebClientActiveX.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-25] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-25] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com.br/" CHR NewTab: Default -> "chrome-extension://chfdnecihphmhljaaejmgoiahnihplgn/pages/newtab.html" CHR Profile: C:\Users\Flora\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Wallet) - C:\Users\Flora\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-28] CHR Profile: C:\Users\Flora\AppData\Local\Google\Chrome\User Data\Profile 1 CHR Extension: (Google Docs) - C:\Users\Flora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16] CHR Extension: (Google Drive) - C:\Users\Flora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-18] CHR Extension: (YouTube) - C:\Users\Flora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-12] CHR Extension: (Pesquisa do Google) - C:\Users\Flora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-18] CHR Extension: (Google Wallet) - C:\Users\Flora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19] CHR Extension: (Gmail) - C:\Users\Flora\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-18] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [103992 2010-07-21] (Hewlett-Packard Company) R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-08] (Hewlett-Packard Co.) [File not signed] R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] () [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed] R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-08-02] (IDT, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S2 HP Support Assistant Service; "C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AmUStor; C:\Windows\System32\drivers\AmUStor.SYS [27136 2010-06-17] (Alcor Micro, Corp.) R1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [18136 2009-11-11] (DeviceVM, Inc.) S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90112 2011-01-30] (Huawei Technologies Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) S1 avgtp; \??\C:\Windows\system32\drivers\avgtpx86.sys [X] S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Three Months Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-28 16:55 - 2015-12-28 16:56 - 00011738 _____ C:\Users\Flora\Downloads\FRST.txt 2015-12-28 16:55 - 2015-12-28 16:55 - 00000000 ____D C:\FRST 2015-12-28 16:49 - 2015-12-28 16:48 - 01721856 _____ (Farbar) C:\Users\Flora\Desktop\FRST.exe 2015-12-28 16:48 - 2015-12-28 16:48 - 01721856 _____ (Farbar) C:\Users\Flora\Downloads\FRST.exe 2015-12-28 10:58 - 2015-12-28 10:58 - 00035444 _____ C:\Users\Flora\Desktop\ZHPFixReport.txt 2015-12-28 10:16 - 2015-12-28 10:21 - 00000000 ____D C:\Program Files\ZHPFix 2015-12-28 10:16 - 2015-12-28 10:16 - 00001755 _____ C:\Users\Public\Desktop\ZHPFix.lnk 2015-12-28 10:14 - 2015-12-28 10:15 - 03521617 _____ (Nicolas Coolman ) C:\Users\Flora\Downloads\ZHPFix.exe 2015-12-27 11:36 - 2015-12-27 11:36 - 00000000 ____D C:\Program Files\IDT 2015-12-27 11:36 - 2010-08-02 22:32 - 12669020 _____ (IDT, Inc.) C:\Windows\system32\idtcpl.cpl 2015-12-27 11:36 - 2010-08-02 22:32 - 01953792 _____ (IDT, Inc.) C:\Windows\system32\stlang.dll 2015-12-27 11:36 - 2010-08-02 22:32 - 00536576 _____ (IDT, Inc.) C:\Windows\system32\idtmini1.exe 2015-12-27 11:36 - 2010-08-02 22:32 - 00528384 ____N (IDT, Inc.) C:\Windows\system32\stapi32.dll 2015-12-27 11:36 - 2010-08-02 22:32 - 00495708 _____ (IDT, Inc.) C:\Windows\sttray.exe 2015-12-27 11:36 - 2010-08-02 22:32 - 00380928 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestecap.dll 2015-12-27 11:36 - 2010-08-02 22:32 - 00139776 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestacap.dll 2015-12-27 11:36 - 2010-08-02 22:32 - 00086016 _____ (Andrea Electronics Corporation) C:\Windows\system32\AESTCom.dll 2015-12-27 11:36 - 2010-08-02 22:32 - 00061440 _____ (Andrea Electronics Corporation) C:\Windows\system32\aestaren.dll 2015-12-27 09:32 - 2015-12-27 09:32 - 00000000 _____ C:\Windows\system32\shoB328.tmp 2015-12-27 09:22 - 2015-12-27 09:22 - 00001230 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2015-12-27 09:22 - 2015-12-27 09:22 - 00000000 ____D C:\Users\Flora\AppData\Local\VS Revo Group 2015-12-27 09:22 - 2015-12-27 09:22 - 00000000 ____D C:\ProgramData\VS Revo Group 2015-12-27 09:22 - 2015-12-27 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro 2015-12-27 09:22 - 2015-12-27 09:22 - 00000000 ____D C:\Program Files\VS Revo Group 2015-12-27 09:22 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys 2015-12-27 09:20 - 2015-12-27 09:21 - 11199448 _____ (VS Revo Group ) C:\Users\Flora\Downloads\RevoUninProSetup.exe 2015-12-26 10:32 - 2015-12-26 10:35 - 01743360 _____ C:\Users\Flora\Downloads\AdwCleaner.exe 2015-12-25 17:20 - 2015-12-25 17:20 - 00086052 _____ C:\Windows\ntbtlog.txt 2015-12-25 16:41 - 2015-12-25 16:41 - 00000000 __SHD C:\found.001 2015-12-25 16:32 - 2015-12-25 16:32 - 00000378 _____ C:\Users\Flora\Desktop\Wireless Network Connection - Shortcut.lnk ==================== Three Months Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-28 16:55 - 2009-07-14 00:37 - 00000000 ____D C:\Windows 2015-12-28 16:37 - 2009-07-14 02:34 - 00016480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-28 16:37 - 2009-07-14 02:34 - 00016480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-28 16:36 - 2009-09-06 21:02 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-28 16:36 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\inf 2015-12-28 16:29 - 2012-07-18 23:19 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-28 16:29 - 2009-07-14 02:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-28 16:21 - 2014-11-12 13:52 - 00002159 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-12-28 16:07 - 2012-07-18 23:19 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-28 16:02 - 2014-11-12 13:14 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-28 15:49 - 2011-06-20 15:10 - 00000000 ____D C:\Users\Flora\AppData\Local\CrashDumps 2015-12-28 11:19 - 2014-11-13 12:13 - 00000820 _____ C:\Users\Flora\Desktop\ZHPDiag.lnk 2015-12-28 11:19 - 2014-11-13 12:13 - 00000000 ____D C:\Users\Flora\AppData\Roaming\ZHP 2015-12-28 10:16 - 2014-11-13 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP 2015-12-28 03:31 - 2014-11-13 12:39 - 00238227 _____ C:\Users\Flora\Desktop\ZHPDiag.txt 2015-12-28 02:28 - 2011-05-12 23:50 - 00064152 _____ C:\Users\Flora\AppData\Local\GDIPFONTCACHEV1.DAT 2015-12-28 02:12 - 2010-11-08 16:56 - 00000000 ____D C:\ProgramData\Adobe 2015-12-28 02:05 - 2012-04-08 16:33 - 00000000 ___RD C:\Program Files\Skype 2015-12-27 12:19 - 2010-11-08 16:58 - 00000000 ____D C:\ProgramData\CyberLink 2015-12-27 12:19 - 2010-11-08 16:58 - 00000000 ____D C:\Program Files\CyberLink 2015-12-27 12:19 - 2010-11-08 16:50 - 00000000 ____D C:\Program Files\InstallShield Installation Information 2015-12-27 12:18 - 2010-11-08 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite 2015-12-27 11:52 - 2010-11-08 16:49 - 00000000 ____D C:\Program Files\Microsoft Office 2015-12-27 11:52 - 2009-07-14 00:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2015-12-27 11:49 - 2014-07-24 23:40 - 00000000 ____D C:\Users\Flora\AppData\Roaming\SoftGrid Client 2015-12-27 11:33 - 2009-07-14 02:33 - 00295216 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-27 11:28 - 2010-11-08 16:50 - 00000000 ____D C:\ProgramData\Hewlett-Packard 2015-12-27 11:01 - 2010-11-08 16:41 - 00000000 ____D C:\Program Files\Hewlett-Packard 2015-12-27 10:51 - 2011-03-25 11:58 - 00000000 ____D C:\Program Files\Downloaded Installations 2015-12-27 10:45 - 2010-11-08 16:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-12-27 10:28 - 2011-05-12 23:35 - 00000000 ____D C:\Users\Flora\AppData\Local\Hewlett-Packard 2015-12-27 10:14 - 2009-07-14 02:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-12-27 10:10 - 2011-03-25 12:01 - 00000000 ____D C:\ProgramData\WildTangent 2015-12-27 09:33 - 2014-11-12 14:02 - 00000012 ____H C:\dvmexp.idx 2015-12-27 08:42 - 2011-07-05 20:05 - 00000000 ____D C:\ProgramData\MFAData 2015-12-27 02:13 - 2011-10-26 23:27 - 00000000 ___HD C:\$AVG 2015-12-26 11:36 - 2012-07-18 23:19 - 00000000 ____D C:\Users\Flora\AppData\Local\Google 2015-12-26 11:01 - 2014-11-12 13:46 - 00000000 ____D C:\AdwCleaner 2015-12-26 10:19 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\security 2015-12-25 18:59 - 2014-11-12 13:13 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-12-25 18:59 - 2014-11-12 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-12-25 18:59 - 2014-11-12 13:13 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-12-25 18:12 - 2009-07-14 00:37 - 00000000 ____D C:\Windows\system32\NDF 2015-12-25 17:24 - 2013-11-28 00:31 - 00000000 ____D C:\Users\Flora\AppData\Local\ElevatedDiagnostics ==================== Files in the root of some directories ======= 2015-09-22 20:49 - 2015-09-22 20:49 - 6420480 _____ () C:\Program Files\GUT75FA.tmp 2014-11-13 11:24 - 2014-11-13 11:24 - 6000640 _____ () C:\Program Files\GUT8B94.tmp 2011-10-23 16:58 - 2011-10-23 17:00 - 0000248 _____ () C:\Users\Flora\AppData\Roaming\config.txt 2012-08-12 00:17 - 2012-08-12 00:17 - 0027520 _____ () C:\Users\Flora\AppData\Local\dt.dat 2011-05-12 23:55 - 2011-05-12 23:55 - 0000117 _____ () C:\Users\Flora\AppData\Local\mv_music.xml 2011-05-12 23:55 - 2014-05-16 19:37 - 0000161 _____ () C:\Users\Flora\AppData\Local\mv_Photo.xml 2011-06-05 16:59 - 2011-06-05 17:06 - 0000388 _____ () C:\ProgramData\hpzinstall.log 2011-03-25 11:51 - 2011-03-25 11:51 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2010-11-08 17:01 - 2010-11-08 17:02 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-03-25 11:51 - 2011-03-25 11:51 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2010-11-08 16:58 - 2010-11-08 17:01 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2013-11-13 00:55 ==================== End of FRST.txt ============================