Jump to content

Got a message saying I was infected


lman2

Recommended Posts

Good evening,

 

Thank you for taking the time to help. I was browsing the internet the other day and got a popup that kept flashing with audio saying my laptop was suddenly infected with malware and to have it fixed before putting in any personal information to prevent fraud. My laptop has been running slow ever since and was hoping someone could help. Here is the log.

 

 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Louis (administrator) on LOUIS-HP (23-09-2015 20:54:29)
Running from C:\Users\Louis\Downloads
Loaded Profiles: Louis &  (Available Profiles: Louis & Mcx1-LOUIS-HP & Guest & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\HPResignFileLoader.exe
(Farbar) C:\Users\Louis\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-03-03] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-06-08] (LogMeIn, Inc.)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKU\S-1-5-21-3787845837-1606334649-2329562173-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3787845837-1606334649-2329562173-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.)
HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6274184 2015-08-23] (Plex, Inc.)
HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe <==== ATTENTION
HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Guest\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Louis\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 pc-gizmos-ssl.com www.pc-gizmos-ssl.com # added by PC-Gizmos.com
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{026e2e1f-48f6-405b-8be5-2e5c648b768b}: [DhcpNameServer] 172.26.38.1 172.26.38.2
Tcpip\..\Interfaces\{7ae4314c-6078-45f5-8aff-72c7dd5f8bdf}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-3787845837-1606334649-2329562173-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM -> {292D83CF-023C-4955-9AAC-ADDC18D857C1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2CDD6A60-ED41-4E0D-92BA-3FECF9011986} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {CE313EBE-595F-4CF8-95D0-F3935695F6F7} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {292D83CF-023C-4955-9AAC-ADDC18D857C1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2CDD6A60-ED41-4E0D-92BA-3FECF9011986} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> DefaultScope {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> {292D83CF-023C-4955-9AAC-ADDC18D857C1} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> {2CDD6A60-ED41-4E0D-92BA-3FECF9011986} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> {CE313EBE-595F-4CF8-95D0-F3935695F6F7} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {292D83CF-023C-4955-9AAC-ADDC18D857C1} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2CDD6A60-ED41-4E0D-92BA-3FECF9011986} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CE313EBE-595F-4CF8-95D0-F3935695F6F7} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {BB52DC5F-6AC7-4263-83CB-89F82A317019} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {023BEF91-46DF-49F5-B4D5-A624219D7BA0} URL =
SearchScopes: HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CE313EBE-595F-4CF8-95D0-F3935695F6F7} URL =
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-20] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-20] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3787845837-1606334649-2329562173-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl: hxxp://search.yahoo.com/search?fr=mkg030&p=
FF Homepage: boxingnews24.com
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-11-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-03-30] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3787845837-1606334649-2329562173-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll No File
FF Plugin HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hulu.com/Hulu Desktop -> C:\Users\Default.migrated\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll No File
FF user.js: detected! => C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\user.js [2014-08-05]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-01-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-01-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-01-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-01-11] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-01-11] (Apple Inc.)
FF Extension: Youtube MP3 Podcaster - C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2015-09-21]
FF Extension: Adblock Plus - C:\Users\Louis\AppData\Roaming\Mozilla\Firefox\Profiles\cbmgyega.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-07]
FF HKU\S-1-5-21-3787845837-1606334649-2329562173-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
CHR Plugin: (Java Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-09-20]
CHR Extension: (PC Gizmos) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajkolhbfkfffmhanhkpnhnphpfpgbgcp [2013-07-17]
CHR Extension: (Adblock Plus) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-13]
CHR Extension: (Adblock for Youtube™) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-09-20]
CHR Extension: (Google Search) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-06]
CHR Extension: (AdBlock) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-13]
CHR Extension: (YouTube To MP3!) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgdohmjplligggendhbmghhmpphabopi [2015-09-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-02]
CHR Extension: (Gmail) - C:\Users\Louis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417640 2015-09-23] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507752 2015-09-23] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-06-08] (LogMeIn, Inc.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-10] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-10] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-27] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-10] (Microsoft Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-23 20:53 - 2015-09-23 20:54 - 02192384 _____ (Farbar) C:\Users\Louis\Downloads\FRST64(1).exe
2015-09-23 20:30 - 2015-09-23 20:30 - 00016148 _____ C:\WINDOWS\system32\LOUIS-HP_Louis_HistoryPrediction.bin
2015-09-23 19:46 - 2015-09-23 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-09-23 19:46 - 2015-09-23 19:46 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-09-23 19:46 - 2015-09-23 19:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-09-23 19:28 - 2015-09-23 19:45 - 02865192 _____ (Malwarebytes ) C:\Users\Louis\Downloads\mbae-setup-1.07.1.1015.exe
2015-09-23 18:10 - 2015-09-23 18:10 - 00469776 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin98ip.dll
2015-09-21 14:09 - 2015-09-21 14:09 - 00000000 ____D C:\Users\Louis\AppData\Local\Plex Media Server
2015-09-21 14:05 - 2015-09-21 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-09-21 14:04 - 2015-09-21 14:04 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-21 14:04 - 2015-09-21 14:04 - 00000000 ____D C:\Program Files (x86)\Plex
2015-09-21 13:38 - 2015-09-21 14:03 - 86981096 _____ (Plex, Inc.) C:\Users\Louis\Downloads\Plex-Media-Server-0.9.1211.1406-8403350-en-US.exe
2015-09-20 18:27 - 2015-09-20 18:27 - 00000000 ____D C:\Users\Louis\AppData\Roaming\Sun
2015-09-20 18:27 - 2015-09-20 18:27 - 00000000 ____D C:\Users\Louis\.oracle_jre_usage
2015-09-20 17:29 - 2015-09-20 17:29 - 04383777 _____ C:\Users\Louis\Downloads\tdsskiller.zip
2015-09-20 17:29 - 2015-09-20 17:29 - 00000000 ____D C:\Users\Louis\AppData\Local\MicrosoftEdge
2015-09-20 10:47 - 2015-09-20 10:47 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-20 10:47 - 2015-09-20 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-20 10:46 - 2015-09-20 10:47 - 00000000 ____D C:\Program Files\iTunes
2015-09-20 10:46 - 2015-09-20 10:46 - 00000000 ____D C:\Program Files\iPod
2015-09-20 10:46 - 2015-09-20 10:46 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-20 10:43 - 2015-09-20 10:43 - 00000000 ____D C:\Program Files\Bonjour
2015-09-20 10:43 - 2015-09-20 10:43 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-20 10:42 - 2015-09-20 10:42 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-09-20 10:42 - 2015-09-20 10:42 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-10 19:20 - 2015-09-23 19:15 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForLouis.job
2015-09-10 19:20 - 2015-09-23 17:58 - 00003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForLouis
2015-09-10 19:20 - 2015-09-01 21:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-10 19:20 - 2015-09-01 20:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-10 19:20 - 2015-09-01 20:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-10 19:20 - 2015-08-27 02:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-10 19:20 - 2015-08-27 02:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-10 19:20 - 2015-08-27 02:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-10 19:20 - 2015-08-27 01:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-10 19:20 - 2015-08-27 01:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-10 19:20 - 2015-08-27 01:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-10 19:20 - 2015-08-27 01:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-10 19:20 - 2015-08-27 01:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-10 19:20 - 2015-08-27 01:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-10 19:20 - 2015-08-27 01:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-10 19:20 - 2015-08-27 01:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-10 19:20 - 2015-08-27 01:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-10 19:20 - 2015-08-27 01:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-10 19:20 - 2015-08-27 01:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-10 19:20 - 2015-08-27 01:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-10 19:20 - 2015-08-27 01:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-10 19:20 - 2015-08-27 01:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-10 19:20 - 2015-08-27 01:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-10 19:20 - 2015-08-27 01:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-10 19:20 - 2015-08-27 01:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-10 19:20 - 2015-08-27 01:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-10 19:20 - 2015-08-27 01:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-10 19:20 - 2015-08-27 01:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 19:20 - 2015-08-27 01:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-10 19:20 - 2015-08-27 01:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-10 19:20 - 2015-08-27 01:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-10 19:20 - 2015-08-27 01:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-10 19:20 - 2015-08-27 01:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-10 19:20 - 2015-08-27 01:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-07 14:18 - 2015-08-20 02:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-07 14:18 - 2015-08-20 01:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-07 14:17 - 2015-08-20 02:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-07 14:17 - 2015-08-20 02:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-07 14:17 - 2015-08-20 01:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-07 14:17 - 2015-08-20 01:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-07 14:17 - 2015-08-20 01:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-07 14:17 - 2015-08-18 03:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-07 14:17 - 2015-08-18 03:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-07 14:17 - 2015-08-18 03:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-07 14:17 - 2015-08-18 03:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-09-07 14:17 - 2015-08-18 03:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-09-07 14:17 - 2015-08-18 03:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-07 14:17 - 2015-08-18 03:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-07 14:17 - 2015-08-18 03:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-07 14:17 - 2015-08-18 03:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-07 14:17 - 2015-08-18 03:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-07 14:17 - 2015-08-18 03:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-07 14:17 - 2015-08-18 02:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-07 14:17 - 2015-08-18 02:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-07 14:17 - 2015-08-18 02:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-07 14:17 - 2015-08-18 02:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-07 14:17 - 2015-08-18 02:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-07 14:17 - 2015-08-18 02:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-07 14:17 - 2015-08-18 02:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-07 14:17 - 2015-08-18 02:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-07 14:17 - 2015-08-18 02:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-07 14:17 - 2015-08-18 02:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-07 14:17 - 2015-08-18 02:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-09-07 14:17 - 2015-08-18 02:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-07 14:17 - 2015-08-18 02:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-07 14:17 - 2015-08-18 02:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-07 14:17 - 2015-08-18 02:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-09-07 14:17 - 2015-08-18 02:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-07 14:17 - 2015-08-18 02:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-09-07 14:17 - 2015-08-18 02:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-09-07 14:17 - 2015-08-18 02:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-09-07 14:17 - 2015-08-18 02:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-09-07 14:17 - 2015-08-18 02:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-07 14:17 - 2015-08-18 02:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-09-07 14:17 - 2015-08-18 00:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-09-06 19:53 - 2015-09-06 19:55 - 00000000 ____D C:\Users\Louis\AppData\Local\Comms
2015-09-06 17:58 - 2015-09-20 17:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-06 17:32 - 2015-09-06 17:32 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-09-06 17:22 - 2015-08-11 05:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-06 17:21 - 2015-08-13 00:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-09-06 17:21 - 2015-08-13 00:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-09-06 17:21 - 2015-08-12 23:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-09-06 17:21 - 2015-08-11 06:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-09-06 17:21 - 2015-08-11 06:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-09-06 17:21 - 2015-08-11 06:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-09-06 17:21 - 2015-08-11 06:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-09-06 17:21 - 2015-08-11 06:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-09-06 17:21 - 2015-08-11 06:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-09-06 17:21 - 2015-08-11 06:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-09-06 17:21 - 2015-08-11 05:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-09-06 17:21 - 2015-08-11 05:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-06 17:21 - 2015-08-11 05:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-09-06 17:21 - 2015-08-11 05:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-09-06 17:21 - 2015-08-11 05:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-09-06 17:21 - 2015-08-11 05:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-09-06 17:21 - 2015-08-11 05:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-09-06 17:21 - 2015-08-11 05:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-09-06 17:21 - 2015-08-11 05:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-09-06 17:21 - 2015-08-11 05:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-09-06 17:21 - 2015-08-11 05:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-09-06 17:21 - 2015-08-11 05:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-09-06 17:21 - 2015-08-11 05:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-09-06 17:21 - 2015-08-11 05:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-09-06 17:21 - 2015-08-11 05:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-09-06 17:21 - 2015-08-11 05:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-09-06 17:21 - 2015-08-11 05:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-09-06 17:21 - 2015-08-11 05:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-09-06 17:21 - 2015-08-11 05:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-09-06 17:21 - 2015-08-11 05:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-06 17:21 - 2015-08-11 05:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-09-06 17:21 - 2015-08-11 05:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-09-06 17:21 - 2015-08-11 05:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-09-06 17:21 - 2015-08-11 05:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-09-06 17:21 - 2015-08-11 05:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-09-06 17:21 - 2015-08-11 05:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-09-06 17:21 - 2015-08-11 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-09-06 17:21 - 2015-08-11 05:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-09-06 17:21 - 2015-08-11 05:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-09-06 17:21 - 2015-08-11 05:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-09-06 17:21 - 2015-08-11 05:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-09-06 17:21 - 2015-08-11 05:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-09-06 17:21 - 2015-08-11 05:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-09-06 17:21 - 2015-08-11 05:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-09-06 17:21 - 2015-08-11 05:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-09-06 17:21 - 2015-08-11 05:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-09-06 17:21 - 2015-08-11 05:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-09-06 17:21 - 2015-08-11 05:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-09-06 17:21 - 2015-08-11 05:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-09-06 17:21 - 2015-08-11 05:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-09-06 17:21 - 2015-08-11 05:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-09-06 17:21 - 2015-08-11 04:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-06 17:21 - 2015-08-11 04:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-09-06 17:21 - 2015-08-11 04:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-09-06 17:21 - 2015-08-11 04:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-09-06 17:21 - 2015-08-11 04:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-09-06 17:21 - 2015-08-11 04:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-09-06 17:21 - 2015-08-11 04:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-09-06 17:21 - 2015-08-11 04:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-09-06 17:21 - 2015-08-11 04:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-09-06 17:21 - 2015-08-11 04:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-09-06 17:21 - 2015-08-11 04:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-09-06 17:21 - 2015-08-11 04:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-09-06 17:21 - 2015-08-11 04:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-09-06 17:21 - 2015-08-11 04:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-06 17:21 - 2015-08-11 04:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-09-06 17:21 - 2015-08-11 04:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-09-06 17:21 - 2015-08-11 04:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-09-06 17:21 - 2015-08-11 04:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-09-06 17:21 - 2015-08-11 04:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-09-06 17:21 - 2015-08-11 04:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-09-06 17:21 - 2015-08-11 04:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-09-06 17:21 - 2015-08-11 04:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-09-06 17:21 - 2015-08-11 04:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-23 20:54 - 2014-04-18 18:48 - 00027935 _____ C:\Users\Louis\Downloads\FRST.txt
2015-09-23 20:54 - 2014-04-18 18:47 - 00000000 ____D C:\FRST
2015-09-23 20:47 - 2012-11-08 22:56 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-23 20:21 - 2013-11-23 02:41 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-23 20:16 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-23 19:24 - 2014-01-22 03:26 - 00001077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-09-23 19:24 - 2014-01-22 03:26 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-09-23 19:23 - 2012-10-06 16:32 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-09-23 19:21 - 2014-06-10 17:34 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-23 19:19 - 2013-11-23 02:41 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-23 19:18 - 2012-10-06 16:33 - 00122752 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2015-09-23 19:18 - 2012-10-06 16:33 - 00107368 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2015-09-23 19:18 - 2012-10-06 16:33 - 00035688 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2015-09-23 19:16 - 2015-08-10 00:35 - 00000000 ____D C:\Users\Louis
2015-09-23 19:16 - 2015-07-10 08:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-23 19:15 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-23 19:15 - 2012-10-06 16:33 - 00000000 ____D C:\ProgramData\LogMeIn
2015-09-23 18:05 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-23 17:56 - 2010-12-27 15:12 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-09-21 19:25 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-21 15:01 - 2012-11-30 23:51 - 00000296 _____ C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job
2015-09-21 11:41 - 2015-08-10 01:33 - 00000000 ____D C:\Users\Louis\OneDrive
2015-09-21 06:03 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-20 21:43 - 2015-08-10 01:27 - 00000000 ____D C:\Users\Louis\AppData\Local\Packages
2015-09-20 19:10 - 2015-07-10 08:20 - 00026969 _____ C:\WINDOWS\setupact.log
2015-09-20 18:40 - 2015-04-19 19:26 - 00007611 _____ C:\Users\Louis\AppData\Local\Resmon.ResmonCfg
2015-09-20 18:29 - 2014-06-10 16:34 - 00000000 ____D C:\ProgramData\Oracle
2015-09-20 18:28 - 2014-10-16 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-20 18:27 - 2015-01-23 23:48 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-09-20 18:27 - 2010-09-03 02:39 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-20 17:50 - 2015-07-10 08:20 - 04973136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-20 17:49 - 2015-08-10 00:25 - 00009472 _____ C:\WINDOWS\PFRO.log
2015-09-20 17:48 - 2015-07-10 05:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-09-20 17:48 - 2012-05-11 00:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-20 17:47 - 2015-07-10 09:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-20 17:47 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-20 17:28 - 2012-10-31 22:49 - 02213976 _____ (Kaspersky Lab ZAO) C:\Users\Louis\Desktop\TDSSKiller.exe
2015-09-20 11:23 - 2015-08-10 01:08 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-20 11:16 - 2013-11-23 02:41 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-20 11:16 - 2013-11-23 02:41 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-20 10:51 - 2010-11-21 04:30 - 00000000 ____D C:\ProgramData\WildTangent
2015-09-20 10:51 - 2010-11-21 04:30 - 00000000 ____D C:\Program Files (x86)\HP Games
2015-09-20 10:51 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-20 10:46 - 2010-12-25 15:51 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-20 10:42 - 2010-12-25 15:52 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-20 10:39 - 2011-08-26 03:26 - 00000000 ____D C:\Users\Louis\AppData\Local\Google
2015-09-20 10:28 - 2015-08-10 01:33 - 00002338 _____ C:\Users\Louis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-15 12:12 - 2015-07-10 07:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 12:12 - 2015-07-10 07:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-10 20:05 - 2011-03-24 11:08 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-10 19:59 - 2013-07-16 15:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 00:14 - 2015-08-10 00:33 - 01009666 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-08 00:05 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-07 12:14 - 2010-12-25 14:13 - 00003502 _____ C:\WINDOWS\System32\Tasks\ServicePlan
2015-09-07 12:10 - 2012-05-23 17:43 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-09-07 12:05 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-07 12:05 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-07 12:05 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-07 12:05 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-09-07 11:57 - 2012-05-12 01:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-07 11:57 - 2012-05-12 01:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-26 18:37 - 2010-12-26 06:32 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2011-07-02 02:07 - 2010-11-04 21:57 - 0055632 _____ (Microsoft Corporation) C:\Users\Louis\AppData\Roaming\C4Y44N69RH.exe
2011-03-29 01:18 - 2011-07-04 02:47 - 0001854 _____ () C:\Users\Louis\AppData\Roaming\GhostObjGAFix.xml
2013-05-17 00:55 - 2013-05-17 02:10 - 0001452 _____ () C:\Users\Louis\AppData\Roaming\Keys
2012-11-03 23:50 - 2013-03-26 00:42 - 0000029 _____ () C:\Users\Louis\AppData\Roaming\mbam.context.scan
2012-09-21 15:49 - 2012-11-08 20:50 - 0213187 _____ () C:\Users\Louis\AppData\Roaming\MMUpgrade.jpg
2011-07-20 20:43 - 2014-06-17 17:09 - 0044963 _____ () C:\Users\Louis\AppData\Roaming\UserTile.png
2010-12-29 21:24 - 2013-10-19 18:28 - 0008192 _____ () C:\Users\Louis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-19 19:26 - 2015-09-20 18:40 - 0007611 _____ () C:\Users\Louis\AppData\Local\Resmon.ResmonCfg
2011-07-17 07:33 - 2011-07-21 00:51 - 0001940 _____ () C:\Users\Louis\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2015-02-04 00:01 - 2015-02-04 00:18 - 0000444 _____ () C:\ProgramData\hpzinstall.log
2012-04-17 22:29 - 2014-12-18 15:01 - 0000935 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2010-11-21 04:25 - 2010-11-21 04:25 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-09-03 02:06 - 2010-09-03 02:06 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-11-21 04:25 - 2010-11-21 04:25 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-09-03 01:59 - 2010-09-03 02:00 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-11-21 04:24 - 2010-11-21 04:24 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-11-21 04:25 - 2010-11-21 04:25 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-09-03 01:58 - 2010-09-03 01:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-09-03 02:00 - 2010-09-03 02:06 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-11-21 04:26 - 2010-11-21 04:26 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

Files to move or delete:
====================
C:\Users\Guest\InDesignServer_8_LS18.exe


Some files in TEMP:
====================
C:\Users\Louis\AppData\Local\Temp\jre-8u60-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-21 04:57

==================== End of FRST.txt ============================

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please upload them into your next reply.
Link to post
Share on other sites

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Cleaning.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.