lman2

September 29, 2015

Here is the adwcleaner log

AdwCleanerC2.txt

September 26, 2015

Thanks for the speedy reply. Attached are the Farbar logs.

Addition.txt

FRST.txt

September 24, 2015

Good evening,

Thank you for taking the time to help. I was browsing the internet the other day and got a popup that kept flashing with audio saying my laptop was suddenly infected with malware and to have it fixed before putting in any personal information to prevent fraud. My laptop has been running slow ever since and was hoping someone could help. Here is the log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Louis (administrator) on LOUIS-HP (23-09-2015 20:54:29)
Running from C:\Users\Louis\Downloads
Loaded Profiles: Louis & (Available Profiles: Louis & Mcx1-LOUIS-HP & Guest & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPResignFileLoader.exe
(Farbar) C:\Users\Louis\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-03-03] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-06-08] (LogMeIn, Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKU\S-1-5-21-3787845837-1606334649-2329562173-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3787845837-1606334649-2329562173-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.)
HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.)
HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe <==== ATTENTION
HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Guest\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 pc-gizmos-ssl.com www.pc-gizmos-ssl.com # added by PC-Gizmos.com
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{026e2e1f-48f6-405b-8be5-2e5c648b768b}: [DhcpNameServer] 172.26.38.1 172.26.38.2
Tcpip\..\Interfaces\{7ae4314c-6078-45f5-8aff-72c7dd5f8bdf}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-3787845837-1606334649-2329562173-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {292D83CF-023C-4955-9AAC-ADDC18D857C1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2CDD6A60-ED41-4E0D-92BA-3FECF9011986} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {CE313EBE-595F-4CF8-95D0-F3935695F6F7} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {292D83CF-023C-4955-9AAC-ADDC18D857C1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2CDD6A60-ED41-4E0D-92BA-3FECF9011986} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> DefaultScope {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> {292D83CF-023C-4955-9AAC-ADDC18D857C1} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> {2CDD6A60-ED41-4E0D-92BA-3FECF9011986} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> {CE313EBE-595F-4CF8-95D0-F3935695F6F7} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {292D83CF-023C-4955-9AAC-ADDC18D857C1} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2CDD6A60-ED41-4E0D-92BA-3FECF9011986} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CE313EBE-595F-4CF8-95D0-F3935695F6F7} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {BB52DC5F-6AC7-4263-83CB-89F82A317019} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CE313EBE-595F-4CF8-95D0-F3935695F6F7} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-20] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

FireFox:
========
FF ProfilePath: C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?fr=mkg030&p=
FF Homepage: boxingnews24.com
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-11-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll No File
FF Plugin HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll No File
FF user.js: detected! => C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\user.js [2014-08-05]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-11] (Apple Inc.)
FF Extension: Youtube MP3 Podcaster - C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2015-09-21]
FF Extension: Adblock Plus - C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-07]
FF HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-09-20]
CHR Extension: (PC Gizmos) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkolhbfkfffmhanhkpnhnphpfpgbgcp [2013-07-17]
CHR Extension: (Adblock Plus) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-13]
CHR Extension: (Adblock for Youtube™) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-09-20]
CHR Extension: (Google Search) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-06]
CHR Extension: (AdBlock) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-13]
CHR Extension: (YouTube To MP3!) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgdohmjplligggendhbmghhmpphabopi [2015-09-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-02]
CHR Extension: (Gmail) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417640 2015-09-23] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507752 2015-09-23] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-06-08] (LogMeIn, Inc.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-10] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-10] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-27] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-10] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-23 20:53 - 2015-09-23 20:54 - 02192384 _____ (Farbar) C:\Users\Louis\Downloads\FRST64(1).exe
2015-09-23 20:30 - 2015-09-23 20:30 - 00016148 _____ C:\WINDOWS\system32\LOUIS-HP_Louis_HistoryPrediction.bin
2015-09-23 19:46 - 2015-09-23 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-09-23 19:46 - 2015-09-23 19:46 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-09-23 19:46 - 2015-09-23 19:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-09-23 19:28 - 2015-09-23 19:45 - 02865192 _____ (Malwarebytes ) C:\Users\Louis\Downloads\mbae-setup-1.07.1.1015.exe
2015-09-23 18:10 - 2015-09-23 18:10 - 00469776 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin98ip.dll
2015-09-21 14:09 - 2015-09-21 14:09 - 00000000 ____D C:\Users\Louis\AppData\Local\Plex Media Server
2015-09-21 14:05 - 2015-09-21 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-09-21 14:04 - 2015-09-21 14:04 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-21 14:04 - 2015-09-21 14:04 - 00000000 ____D C:\Program Files (x86)\Plex
2015-09-21 13:38 - 2015-09-21 14:03 - 86981096 _____ (Plex, Inc.) C:\Users\Louis\Downloads\Plex-Media-Server-0.9.1211.1406-8403350-en-US.exe
2015-09-20 18:27 - 2015-09-20 18:27 - 00000000 ____D C:\Users\Louis\AppData\Roaming\Sun
2015-09-20 18:27 - 2015-09-20 18:27 - 00000000 ____D C:\Users\Louis\.oracle_jre_usage
2015-09-20 17:29 - 2015-09-20 17:29 - 04383777 _____ C:\Users\Louis\Downloads\tdsskiller.zip
2015-09-20 17:29 - 2015-09-20 17:29 - 00000000 ____D C:\Users\Louis\AppData\Local\MicrosoftEdge
2015-09-20 10:47 - 2015-09-20 10:47 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-20 10:47 - 2015-09-20 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-20 10:46 - 2015-09-20 10:47 - 00000000 ____D C:\Program Files\iTunes
2015-09-20 10:46 - 2015-09-20 10:46 - 00000000 ____D C:\Program Files\iPod
2015-09-20 10:46 - 2015-09-20 10:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-20 10:43 - 2015-09-20 10:43 - 00000000 ____D C:\Program Files\Bonjour
2015-09-20 10:43 - 2015-09-20 10:43 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-20 10:42 - 2015-09-20 10:42 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-09-20 10:42 - 2015-09-20 10:42 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-10 19:20 - 2015-09-23 19:15 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForLouis.job
2015-09-10 19:20 - 2015-09-23 17:58 - 00003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForLouis
2015-09-10 19:20 - 2015-09-01 21:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-10 19:20 - 2015-09-01 20:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-10 19:20 - 2015-09-01 20:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-10 19:20 - 2015-08-27 02:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-10 19:20 - 2015-08-27 02:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-10 19:20 - 2015-08-27 02:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-10 19:20 - 2015-08-27 01:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-10 19:20 - 2015-08-27 01:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-10 19:20 - 2015-08-27 01:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-10 19:20 - 2015-08-27 01:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-10 19:20 - 2015-08-27 01:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-10 19:20 - 2015-08-27 01:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-10 19:20 - 2015-08-27 01:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-10 19:20 - 2015-08-27 01:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-10 19:20 - 2015-08-27 01:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-10 19:20 - 2015-08-27 01:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-10 19:20 - 2015-08-27 01:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-10 19:20 - 2015-08-27 01:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-10 19:20 - 2015-08-27 01:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-10 19:20 - 2015-08-27 01:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-10 19:20 - 2015-08-27 01:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-10 19:20 - 2015-08-27 01:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-10 19:20 - 2015-08-27 01:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-10 19:20 - 2015-08-27 01:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-10 19:20 - 2015-08-27 01:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-10 19:20 - 2015-08-27 01:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 19:20 - 2015-08-27 01:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-10 19:20 - 2015-08-27 01:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-10 19:20 - 2015-08-27 01:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-10 19:20 - 2015-08-27 01:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-10 19:20 - 2015-08-27 01:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-10 19:20 - 2015-08-27 01:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-07 14:18 - 2015-08-20 02:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-07 14:18 - 2015-08-20 01:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-07 14:17 - 2015-08-20 02:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-07 14:17 - 2015-08-20 02:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-07 14:17 - 2015-08-20 01:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-07 14:17 - 2015-08-20 01:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-07 14:17 - 2015-08-20 01:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-07 14:17 - 2015-08-18 03:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-07 14:17 - 2015-08-18 03:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-07 14:17 - 2015-08-18 03:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-07 14:17 - 2015-08-18 03:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-09-07 14:17 - 2015-08-18 03:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-09-07 14:17 - 2015-08-18 03:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-07 14:17 - 2015-08-18 03:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-07 14:17 - 2015-08-18 03:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-07 14:17 - 2015-08-18 03:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-07 14:17 - 2015-08-18 03:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-07 14:17 - 2015-08-18 03:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-07 14:17 - 2015-08-18 02:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-07 14:17 - 2015-08-18 02:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-07 14:17 - 2015-08-18 02:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-07 14:17 - 2015-08-18 02:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-07 14:17 - 2015-08-18 02:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-07 14:17 - 2015-08-18 02:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-07 14:17 - 2015-08-18 02:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-07 14:17 - 2015-08-18 02:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-07 14:17 - 2015-08-18 02:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-07 14:17 - 2015-08-18 02:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-07 14:17 - 2015-08-18 02:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-09-07 14:17 - 2015-08-18 02:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-07 14:17 - 2015-08-18 02:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-07 14:17 - 2015-08-18 02:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-07 14:17 - 2015-08-18 02:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-09-07 14:17 - 2015-08-18 02:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-07 14:17 - 2015-08-18 02:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-09-07 14:17 - 2015-08-18 02:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-09-07 14:17 - 2015-08-18 02:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-09-07 14:17 - 2015-08-18 02:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-09-07 14:17 - 2015-08-18 02:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-07 14:17 - 2015-08-18 02:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-09-07 14:17 - 2015-08-18 00:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-09-06 19:53 - 2015-09-06 19:55 - 00000000 ____D C:\Users\Louis\AppData\Local\Comms
2015-09-06 17:58 - 2015-09-20 17:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-06 17:32 - 2015-09-06 17:32 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-09-06 17:22 - 2015-08-11 05:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-06 17:21 - 2015-08-13 00:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-09-06 17:21 - 2015-08-13 00:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-09-06 17:21 - 2015-08-12 23:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-09-06 17:21 - 2015-08-11 06:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-09-06 17:21 - 2015-08-11 06:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-09-06 17:21 - 2015-08-11 06:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-09-06 17:21 - 2015-08-11 06:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-09-06 17:21 - 2015-08-11 06:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-09-06 17:21 - 2015-08-11 06:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-09-06 17:21 - 2015-08-11 06:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-09-06 17:21 - 2015-08-11 05:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-09-06 17:21 - 2015-08-11 05:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-06 17:21 - 2015-08-11 05:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-09-06 17:21 - 2015-08-11 05:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-09-06 17:21 - 2015-08-11 05:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-09-06 17:21 - 2015-08-11 05:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-09-06 17:21 - 2015-08-11 05:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-09-06 17:21 - 2015-08-11 05:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-09-06 17:21 - 2015-08-11 05:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-09-06 17:21 - 2015-08-11 05:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-09-06 17:21 - 2015-08-11 05:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-09-06 17:21 - 2015-08-11 05:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-09-06 17:21 - 2015-08-11 05:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-09-06 17:21 - 2015-08-11 05:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-09-06 17:21 - 2015-08-11 05:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-09-06 17:21 - 2015-08-11 05:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-09-06 17:21 - 2015-08-11 05:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-09-06 17:21 - 2015-08-11 05:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-09-06 17:21 - 2015-08-11 05:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-09-06 17:21 - 2015-08-11 05:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-06 17:21 - 2015-08-11 05:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-09-06 17:21 - 2015-08-11 05:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-09-06 17:21 - 2015-08-11 05:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-09-06 17:21 - 2015-08-11 05:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-09-06 17:21 - 2015-08-11 05:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-09-06 17:21 - 2015-08-11 05:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-09-06 17:21 - 2015-08-11 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-09-06 17:21 - 2015-08-11 05:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-09-06 17:21 - 2015-08-11 05:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-09-06 17:21 - 2015-08-11 05:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-09-06 17:21 - 2015-08-11 05:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-09-06 17:21 - 2015-08-11 05:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-09-06 17:21 - 2015-08-11 05:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-09-06 17:21 - 2015-08-11 05:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-09-06 17:21 - 2015-08-11 05:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-09-06 17:21 - 2015-08-11 05:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-09-06 17:21 - 2015-08-11 05:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-09-06 17:21 - 2015-08-11 05:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-09-06 17:21 - 2015-08-11 05:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-09-06 17:21 - 2015-08-11 05:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-09-06 17:21 - 2015-08-11 05:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-09-06 17:21 - 2015-08-11 04:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-06 17:21 - 2015-08-11 04:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-09-06 17:21 - 2015-08-11 04:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-09-06 17:21 - 2015-08-11 04:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-09-06 17:21 - 2015-08-11 04:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-09-06 17:21 - 2015-08-11 04:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-09-06 17:21 - 2015-08-11 04:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-09-06 17:21 - 2015-08-11 04:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-09-06 17:21 - 2015-08-11 04:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-09-06 17:21 - 2015-08-11 04:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-09-06 17:21 - 2015-08-11 04:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-09-06 17:21 - 2015-08-11 04:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-09-06 17:21 - 2015-08-11 04:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-09-06 17:21 - 2015-08-11 04:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-06 17:21 - 2015-08-11 04:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-09-06 17:21 - 2015-08-11 04:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-09-06 17:21 - 2015-08-11 04:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-09-06 17:21 - 2015-08-11 04:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-09-06 17:21 - 2015-08-11 04:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-09-06 17:21 - 2015-08-11 04:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-09-06 17:21 - 2015-08-11 04:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-09-06 17:21 - 2015-08-11 04:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-09-06 17:21 - 2015-08-11 04:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-23 20:54 - 2014-04-18 18:48 - 00027935 _____ C:\Users\Louis\Downloads\FRST.txt
2015-09-23 20:54 - 2014-04-18 18:47 - 00000000 ____D C:\FRST
2015-09-23 20:47 - 2012-11-08 22:56 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-23 20:21 - 2013-11-23 02:41 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-23 20:16 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-23 19:24 - 2014-01-22 03:26 - 00001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-09-23 19:24 - 2014-01-22 03:26 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-09-23 19:23 - 2012-10-06 16:32 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-09-23 19:21 - 2014-06-10 17:34 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-23 19:19 - 2013-11-23 02:41 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-23 19:18 - 2012-10-06 16:33 - 00122752 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2015-09-23 19:18 - 2012-10-06 16:33 - 00107368 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2015-09-23 19:18 - 2012-10-06 16:33 - 00035688 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2015-09-23 19:16 - 2015-08-10 00:35 - 00000000 ____D C:\Users\Louis
2015-09-23 19:16 - 2015-07-10 08:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-23 19:15 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-23 19:15 - 2012-10-06 16:33 - 00000000 ____D C:\ProgramData\LogMeIn
2015-09-23 18:05 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-23 17:56 - 2010-12-27 15:12 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-09-21 19:25 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-21 15:01 - 2012-11-30 23:51 - 00000296 _____ C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job
2015-09-21 11:41 - 2015-08-10 01:33 - 00000000 ____D C:\Users\Louis\OneDrive
2015-09-21 06:03 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-20 21:43 - 2015-08-10 01:27 - 00000000 ____D C:\Users\Louis\AppData\Local\Packages
2015-09-20 19:10 - 2015-07-10 08:20 - 00026969 _____ C:\WINDOWS\setupact.log
2015-09-20 18:40 - 2015-04-19 19:26 - 00007611 _____ C:\Users\Louis\AppData\Local\Resmon.ResmonCfg
2015-09-20 18:29 - 2014-06-10 16:34 - 00000000 ____D C:\ProgramData\Oracle
2015-09-20 18:28 - 2014-10-16 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-20 18:27 - 2015-01-23 23:48 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-09-20 18:27 - 2010-09-03 02:39 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-20 17:50 - 2015-07-10 08:20 - 04973136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-20 17:49 - 2015-08-10 00:25 - 00009472 _____ C:\WINDOWS\PFRO.log
2015-09-20 17:48 - 2015-07-10 05:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-09-20 17:48 - 2012-05-11 00:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-20 17:47 - 2015-07-10 09:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-20 17:47 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-20 17:28 - 2012-10-31 22:49 - 02213976 _____ (Kaspersky Lab ZAO) C:\Users\Louis\Desktop\TDSSKiller.exe
2015-09-20 11:23 - 2015-08-10 01:08 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-20 11:16 - 2013-11-23 02:41 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-20 11:16 - 2013-11-23 02:41 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-20 10:51 - 2010-11-21 04:30 - 00000000 ____D C:\ProgramData\WildTangent
2015-09-20 10:51 - 2010-11-21 04:30 - 00000000 ____D C:\Program Files (x86)\HP Games
2015-09-20 10:51 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-20 10:46 - 2010-12-25 15:51 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-20 10:42 - 2010-12-25 15:52 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-20 10:39 - 2011-08-26 03:26 - 00000000 ____D C:\Users\Louis\AppData\Local\Google
2015-09-20 10:28 - 2015-08-10 01:33 - 00002338 _____ C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-15 12:12 - 2015-07-10 07:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 12:12 - 2015-07-10 07:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-10 20:05 - 2011-03-24 11:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-10 19:59 - 2013-07-16 15:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 00:14 - 2015-08-10 00:33 - 01009666 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-08 00:05 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-07 12:14 - 2010-12-25 14:13 - 00003502 _____ C:\WINDOWS\System32\Tasks\ServicePlan
2015-09-07 12:10 - 2012-05-23 17:43 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-09-07 12:05 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-07 12:05 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-07 12:05 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-07 12:05 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-09-07 11:57 - 2012-05-12 01:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-07 11:57 - 2012-05-12 01:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-26 18:37 - 2010-12-26 06:32 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2011-07-02 02:07 - 2010-11-04 21:57 - 0055632 _____ (Microsoft Corporation) C:\Users\Louis\AppData\Roaming\C4Y44N69RH.exe
2011-03-29 01:18 - 2011-07-04 02:47 - 0001854 _____ () C:\Users\Louis\AppData\Roaming\GhostObjGAFix.xml
2013-05-17 00:55 - 2013-05-17 02:10 - 0001452 _____ () C:\Users\Louis\AppData\Roaming\Keys
2012-11-03 23:50 - 2013-03-26 00:42 - 0000029 _____ () C:\Users\Louis\AppData\Roaming\mbam.context.scan
2012-09-21 15:49 - 2012-11-08 20:50 - 0213187 _____ () C:\Users\Louis\AppData\Roaming\MMUpgrade.jpg
2011-07-20 20:43 - 2014-06-17 17:09 - 0044963 _____ () C:\Users\Louis\AppData\Roaming\UserTile.png
2010-12-29 21:24 - 2013-10-19 18:28 - 0008192 _____ () C:\Users\Louis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-19 19:26 - 2015-09-20 18:40 - 0007611 _____ () C:\Users\Louis\AppData\Local\Resmon.ResmonCfg
2011-07-17 07:33 - 2011-07-21 00:51 - 0001940 _____ () C:\Users\Louis\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2015-02-04 00:01 - 2015-02-04 00:18 - 0000444 _____ () C:\ProgramData\hpzinstall.log
2012-04-17 22:29 - 2014-12-18 15:01 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2010-11-21 04:25 - 2010-11-21 04:25 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-09-03 02:06 - 2010-09-03 02:06 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-11-21 04:25 - 2010-11-21 04:25 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-09-03 01:59 - 2010-09-03 02:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-11-21 04:24 - 2010-11-21 04:24 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-11-21 04:25 - 2010-11-21 04:25 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-09-03 01:58 - 2010-09-03 01:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-09-03 02:00 - 2010-09-03 02:06 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-11-21 04:26 - 2010-11-21 04:26 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\Users\Guest\InDesignServer_8_LS18.exe

Some files in TEMP:
====================
C:\Users\Louis\AppData\Local\Temp\jre-8u60-windows-au.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-21 04:57

==================== End of FRST.txt ============================

June 10, 2014

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 6/10/2014

Scan Time: 5:24:31 PM

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.06.10.08

Rootkit Database: v2014.06.02.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Margo

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 265774

Time Elapsed: 33 min, 32 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

Rkill 2.6.6 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/10/2014 04:58:56 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 06/10/2014 05:00:22 PM

Execution time: 0 hours(s), 1 minute(s), and 25 seconds(s)

June 10, 2014

can someone help me please? A couple days after posting these logs I got the blue screen. Then when it rebooted it was on a black screen that basically said to insert harddrive or something. I couldnt get it to start up past that screen so I left it alone for like a week. I just turned it on and it went to windows fix or w.e its called and did a system restore and now all of a sudden its working again.

May 13, 2014

Users shortcut scan result (x64) Version: 11-05-2014 01

Ran by Margo at 2014-05-12 18:47:10

Running from C:\Users\Margo\Downloads

Boot Mode: Normal

==================== Shortcuts =============================

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk -> C:\Windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk -> C:\Windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk -> C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk -> C:\Program Files (x86)\Microsoft Works\MSWorks.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Call.lnk -> C:\Program Files (x86)\Windows Live\Messenger\wlcstart.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Messenger .lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter\Roxio Burn Options.lnk -> C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter\Roxio Creator Starter.lnk -> C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Getting Started.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\gtngstrtd.ico ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Calendar.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Database.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Portfolio.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk -> C:\Program Files (x86)\Microsoft Works\MSWorks.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works\Microsoft Works Word Processor.lnk -> C:\Windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe (Microsoft® Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam\Dell Webcam Central.lnk -> C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\CyberLink PowerDVD 9.5.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5\PowerDVD 9.5 Help file.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Enu\PowerDVD9.CHM ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\DisplaySwitch.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Margo\Links\Desktop.lnk -> C:\Users\Margo\Desktop ()

Shortcut: C:\Users\Margo\Links\Downloads.lnk -> C:\Users\Margo\Downloads ()

Shortcut: C:\Users\Margo\Desktop\Google Chrome.lnk -> C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)

Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Margo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\Users\Public\Videos\Sample Videos\Comic 012 - Shortcut.lnk -> C:\Users\Margo\Downloads\Comic 012.wmv ()

Shortcut: C:\Users\Public\Videos\Sample Videos\Comic 013 - Shortcut.lnk -> C:\Users\Margo\Downloads\Comic 013.wmv ()

Shortcut: C:\Users\Public\Videos\Sample Videos\Comic 014 - Shortcut.lnk -> C:\Users\Margo\Downloads\Comic 014.wmv ()

Shortcut: C:\Users\Public\Videos\Sample Videos\Comic 015 - Shortcut.lnk -> C:\Users\Margo\Downloads\Comic 015.wmv ()

Shortcut: C:\Users\Public\Desktop\Adobe Reader X.lnk -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)

Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

Shortcut: C:\Users\Public\Desktop\Microsoft Works.lnk -> C:\Program Files (x86)\Microsoft Works\MSWorks.exe (Microsoft® Corporation)

Shortcut: C:\Users\Public\Desktop\Roxio Creator Starter.lnk -> C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe ()

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter\Roxio Burn.lnk -> C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe () -> /STARTMENU

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff

ShortcutWithArgument: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter

ShortcutWithArgument: C:\Users\Margo\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Margo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

InternetURL: C:\Users\Margo\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice

==================== End of log =============================

May 13, 2014

here are the three farbar logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01

Ran by Margo (administrator) on MININT-4LVINM5 on 12-05-2014 18:39:42

Running from C:\Users\Margo\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\dfrgui.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

(Google Inc.) C:\Users\Margo\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Google Inc.) C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(Google Inc.) C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe

(Farbar) C:\Users\Margo\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1862952 2009-10-13] (Synaptics Incorporated)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2009-12-03] (Realtek Semiconductor)

HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3995906719-3827859630-497814531-1003\...\Run: [Google Update] => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-11-17] (Google Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP50

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Margo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Margo\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

Chrome:

=======

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\Margo\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File

CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\plugin/npUrlAdvisor.dll No File

CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll No File

CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Users\Margo\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File

CHR Extension: (YouTube) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]

CHR Extension: (Adblock Plus) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-12]

CHR Extension: (Google Search) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28]

CHR Extension: (AdBlock) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-12]

CHR Extension: (Google Wallet) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

CHR Extension: (Gmail) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28]

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Acceler.sys C49C56B35BFC6CDA8D1FDCAD2885568F

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49

C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\system32\drivers\arc.sys ==> MD5 is legit

C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bcmwl664.sys 6F1BBCC35E33AD4404E0CD782D47CAF3

C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706

C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\drivers\disk.sys ==> MD5 is legit

C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52

C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit

C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B

C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0

C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF

C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit

C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366

C:\Windows\System32\DRIVERS\igdkmd64.sys 0372C154226F7074CD150F475A4870A6

C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\Impcd.sys 4B6363CD4610BB848531BB260B15DFCC

C:\Windows\System32\drivers\RTKVHD64.sys DCF6AFBA140AF3F880A427C2656BE44D

C:\Windows\System32\DRIVERS\IntcDAud.sys DA24C1F66EE1B5A92E045376D7A44B58

C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit

C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64

C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C

C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910

C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit

C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit

C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\MpFilter.sys C6B88D62F20AC646C6BD5C032EC2FAF9

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404

C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC

C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163

C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C

C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\NisDrvWFP.sys ACE8C64C57E4A711473C8BC10ADF692B

C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0

C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\system32\drivers\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7D

C:\Windows\system32\drivers\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354

C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD

C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\system32\drivers\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\drivers\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1

C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\System32\Drivers\RtsUStor.sys 502B316947EA887CDDD325D4745EB7D0

C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\serial.sys ==> MD5 is legit

C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B

C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28

C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3

C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\SynTP.sys 5BAC1DF7DBB5E3AADA8AB0AE3C2DCA40

C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51

C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8

C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09

C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit

C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A

C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31

C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965

C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA

C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC

C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6

C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3

C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit

C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\drivers\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D

C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F

C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-12 18:43 - 2014-05-12 18:44 - 00000000 ____D () C:\b064bb6d8916d25712

2014-05-12 18:40 - 2014-05-12 18:44 - 00000000 ____D () C:\323f7c22c1137afd6ef874

2014-05-12 18:39 - 2014-05-12 18:44 - 00026196 _____ () C:\Users\Margo\Downloads\FRST.txt

2014-05-12 18:39 - 2014-05-12 18:39 - 00000000 ____D () C:\FRST

2014-05-12 18:38 - 2014-05-12 18:38 - 02066944 _____ (Farbar) C:\Users\Margo\Downloads\FRST64.exe

2014-05-12 18:38 - 2014-05-12 18:38 - 02066944 _____ (Farbar) C:\Users\Margo\Downloads\FRST64 (1).exe

2014-05-12 18:37 - 2014-05-12 18:37 - 00001945 _____ () C:\Windows\epplauncher.mif

2014-05-12 18:36 - 2014-05-12 18:36 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-05-12 18:36 - 2014-05-12 18:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-05-12 18:36 - 2014-05-12 18:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-05-12 18:35 - 2014-05-12 18:35 - 00000000 ____D () C:\Windows\LastGood

2014-05-12 18:33 - 2014-05-12 18:33 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\Oracle

2014-05-12 18:32 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-05-12 18:32 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-05-12 18:32 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-05-12 18:32 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-05-12 18:31 - 2014-05-12 18:32 - 00005428 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

==================== One Month Modified Files and Folders =======

2014-05-12 18:44 - 2014-05-12 18:43 - 00000000 ____D () C:\b064bb6d8916d25712

2014-05-12 18:44 - 2014-05-12 18:40 - 00000000 ____D () C:\323f7c22c1137afd6ef874

2014-05-12 18:44 - 2014-05-12 18:39 - 00026196 _____ () C:\Users\Margo\Downloads\FRST.txt

2014-05-12 18:44 - 2011-10-31 19:55 - 01302774 _____ () C:\Windows\WindowsUpdate.log

2014-05-12 18:39 - 2014-05-12 18:39 - 00000000 ____D () C:\FRST

2014-05-12 18:38 - 2014-05-12 18:38 - 02066944 _____ (Farbar) C:\Users\Margo\Downloads\FRST64.exe

2014-05-12 18:38 - 2014-05-12 18:38 - 02066944 _____ (Farbar) C:\Users\Margo\Downloads\FRST64 (1).exe

2014-05-12 18:37 - 2014-05-12 18:37 - 00001945 _____ () C:\Windows\epplauncher.mif

2014-05-12 18:37 - 2011-11-17 12:01 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003UA.job

2014-05-12 18:37 - 2011-11-17 12:01 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003Core.job

2014-05-12 18:36 - 2014-05-12 18:36 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

2014-05-12 18:36 - 2014-05-12 18:36 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-05-12 18:36 - 2014-05-12 18:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-05-12 18:35 - 2014-05-12 18:35 - 00000000 ____D () C:\Windows\LastGood

2014-05-12 18:33 - 2014-05-12 18:33 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\Oracle

2014-05-12 18:33 - 2013-09-20 02:35 - 00000000 ____D () C:\ProgramData\Oracle

2014-05-12 18:32 - 2014-05-12 18:31 - 00005428 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log

2014-05-12 18:32 - 2013-09-20 02:35 - 00000000 ____D () C:\Program Files (x86)\Java

2014-05-12 18:32 - 2011-11-17 12:01 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003UA

2014-05-12 18:32 - 2011-11-17 12:01 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003Core

2014-05-12 18:30 - 2011-11-11 04:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-05-12 18:28 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-12 18:28 - 2009-07-13 23:45 - 00021472 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-12 18:26 - 2009-07-14 00:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-12 18:20 - 2013-07-08 22:36 - 00004212 _____ () C:\Windows\setupact.log

2014-05-12 18:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-14 20:13 - 2014-05-12 18:32 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-04-14 20:05 - 2014-05-12 18:32 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-04-14 20:05 - 2014-05-12 18:32 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-04-14 20:04 - 2014-05-12 18:32 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

Some content of TEMP:

====================

C:\Users\Margo\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe

C:\Users\Margo\AppData\Local\Temp\mpam-76108790.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager

--------------------

identifier {bootmgr}

device partition=C:

description Windows Boot Manager

locale en-US

inherit {globalsettings}

default {current}

resumeobject {cae1eb6e-042b-11e1-aadf-f04da24b68ec}

displayorder {current}

toolsdisplayorder {memdiag}

timeout 30

Windows Boot Loader

-------------------

identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}

device ramdisk=[D:]\Recovery\WindowsRE\winpe.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}

path \windows\system32\boot\winload.exe

description Capture boot

locale en-US

osdevice ramdisk=[D:]\Recovery\WindowsRE\winpe.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}

systemroot \windows

nx OptIn

detecthal Yes

winpe Yes

ems Yes

Windows Boot Loader

-------------------

identifier {current}

device partition=C:

path \Windows\system32\winload.exe

description Windows 7

locale en-US

inherit {bootloadersettings}

recoverysequence {cae1eb72-042b-11e1-aadf-f04da24b68ec}

recoveryenabled Yes

osdevice partition=C:

systemroot \Windows

resumeobject {cae1eb6e-042b-11e1-aadf-f04da24b68ec}

nx OptIn

Windows Boot Loader

-------------------

identifier {cae1eb72-042b-11e1-aadf-f04da24b68ec}

device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{cae1eb73-042b-11e1-aadf-f04da24b68ec}

path \windows\system32\winload.exe

description Windows Recovery Environment

inherit {bootloadersettings}

osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{cae1eb73-042b-11e1-aadf-f04da24b68ec}

systemroot \windows

nx OptIn

winpe Yes

Resume from Hibernate

---------------------

identifier {cae1eb6e-042b-11e1-aadf-f04da24b68ec}

device partition=C:

path \Windows\system32\winresume.exe

description Windows Resume Application

locale en-US

inherit {resumeloadersettings}

filedevice partition=C:

filepath \hiberfil.sys

debugoptionenabled No

Windows Memory Tester

---------------------

identifier {memdiag}

device partition=C:

path \boot\memtest.exe

description Windows Memory Diagnostic

locale en-US

inherit {globalsettings}

badmemoryaccess Yes

EMS Settings

------------

identifier {emssettings}

bootems Yes

Debugger Settings

-----------------

identifier {dbgsettings}

debugtype Serial

debugport 1

baudrate 115200

RAM Defects

-----------

identifier {badmemory}

Global Settings

---------------

identifier {globalsettings}

inherit {dbgsettings}

{emssettings}

{badmemory}

Boot Loader Settings

--------------------

identifier {bootloadersettings}

inherit {globalsettings}

{hypervisorsettings}

Hypervisor Settings

-------------------

identifier {hypervisorsettings}

hypervisordebugtype Serial

hypervisordebugport 1

hypervisorbaudrate 115200

Resume Loader Settings

----------------------

identifier {resumeloadersettings}

inherit {globalsettings}

Device options

--------------

identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}

description Ramdisk loader

ramdisksdidevice partition=C:

ramdisksdipath \windows\boot\dvd\pcat\boot.sdi

Device options

--------------

identifier {cae1eb73-042b-11e1-aadf-f04da24b68ec}

description Ramdisk Options

ramdisksdidevice partition=D:

ramdisksdipath \Recovery\WindowsRE\boot.sdi

LastRegBack: 2014-03-10 23:04

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014 01

Ran by Margo at 2014-05-12 18:44:59

Running from C:\Users\Margo\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)

Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)

CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426 - CyberLink Corp.) Hidden

Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.9.5 - Synaptics Incorporated)

Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)

DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden

Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1986 - Intel Corporation)

Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.6.2 - Dell Inc.)

RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5995 - Realtek Semiconductor Corp.)

Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden

Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden

Roxio Burn (x32 Version: 1.8 - Roxio) Hidden

Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)

Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden

Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden

Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden

Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)

Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

==================== Restore Points =========================

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0C6EF0AC-6534-4614-8771-D836AAB14D02} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003Core => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17] (Google Inc.)

Task: {E7C83269-6176-4011-AC46-58256F4ADC60} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003UA => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-17] (Google Inc.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003Core.job => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3995906719-3827859630-497814531-1003UA.job => C:\Users\Margo\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-29 22:40 - 2013-04-15 11:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL

2013-08-29 22:40 - 2013-04-15 11:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll

2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll

2014-05-12 18:41 - 2014-04-24 12:07 - 08676056 _____ () C:\Users\Margo\AppData\Local\Google\Update\Install\{F8D92CC1-7D3E-4320-B459-5368A1A60F94}\34.0.1847.131_33.0.1750.154_chrome_updater.exe

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (05/12/2014 06:31:22 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500)

Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (05/12/2014 06:31:02 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500)

Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (05/12/2014 06:30:55 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500)

Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (05/12/2014 06:30:54 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500)

Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.

Error: (05/12/2014 06:22:04 PM) (Source: WinMgmt) (User: ) (EventID: 10)

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/25/2014 10:32:19 PM) (Source: WinMgmt) (User: ) (EventID: 10)

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/25/2014 02:11:55 PM) (Source: WinMgmt) (User: ) (EventID: 10)

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/21/2014 01:15:36 AM) (Source: WinMgmt) (User: ) (EventID: 10)

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/12/2014 03:41:54 AM) (Source: WinMgmt) (User: ) (EventID: 10)

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2014 06:18:33 PM) (Source: SideBySide) (User: ) (EventID: 35)

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

System errors:

=============

Error: (05/12/2014 06:46:22 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.173.1957.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/12/2014 06:46:22 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.173.1957.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/12/2014 06:46:22 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.173.1957.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/12/2014 06:45:21 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)

Description: %MININT-4LVINM560 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 111.13.0.0

Update Source: %MININT-4LVINM551

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %MININT-4LVINM5602

Update Type: %MININT-4LVINM5604

User: MININT-4LVINM5\Margo

Current Engine Version: %MININT-4LVINM5605

Previous Engine Version: %MININT-4LVINM5606

Error code: %MININT-4LVINM5607

Error description: %MININT-4LVINM5608

Error: (05/12/2014 06:44:30 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)

Description: %MININT-4LVINM560 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.173.1957.0

Update Source: %MININT-4LVINM551

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %MININT-4LVINM5602

Update Type: %MININT-4LVINM5604

User: MININT-4LVINM5\Margo

Current Engine Version: %MININT-4LVINM5605

Previous Engine Version: %MININT-4LVINM5606

Error code: %MININT-4LVINM5607

Error description: %MININT-4LVINM5608

Error: (05/12/2014 06:44:30 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)

Description: %MININT-4LVINM560 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.173.1957.0

Update Source: %MININT-4LVINM551

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %MININT-4LVINM5602

Update Type: %MININT-4LVINM5604

User: MININT-4LVINM5\Margo

Current Engine Version: %MININT-4LVINM5605

Previous Engine Version: %MININT-4LVINM5606

Error code: %MININT-4LVINM5607

Error description: %MININT-4LVINM5608

Error: (05/12/2014 06:40:29 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/12/2014 06:40:29 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/12/2014 06:40:29 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/12/2014 06:39:44 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 0.0.0.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Microsoft Office Sessions:

=========================

Error: (05/12/2014 06:31:22 PM) (Source: MsiInstaller) (User: MININT-4LVINM5) (EventID: 11500)

Description: Product: Java 7 Update 55 -- Error 1500.Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL)