Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer is infected (I guess, if I knew exactly what was wrong I coul

Started by hammerman25 , May 12 2016 12:14 PM

This topic is locked

#1
hammerman25

Posted 12 May 2016 - 12:14 PM

Member

Member
66 posts

A couple of weeks a go I let my friend use my computer (I bet you hear that one all the time) anyway, when I came back to check on him he using Explorer (I use Chrome) and was on a site called FUBAR. Social site or dating site or something along those lines. After he left I saw that he had 'incognito' mode on. I don't know where else he went. So, for a while after that everything seemed OK and I shut it down to go to work, but when I came back Screen 2 (the one I use) wouldn't work. (it was on but no picture) I couldn't get my PC to identify it. I finally figured that out and have screen 2 working now but my computer is very slow. I have to refresh the web pages 2 or 3 times just to get them to load. I also have a new search window that I can't figure out how to remove. That is about it. Thank you in advance for your time and help.

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-05-2016

Ran by e (administrator) on STATESECMONITOR (12-05-2016 12:50:45)

Running from C:\Users\e\Downloads

Loaded Profiles: e (Available Profiles: e)

Platform: Windows 8.1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Ralink Technology, Corp.) C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe

(Ralink Technology, Corp.) C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe

() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe

(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

() C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

() C:\Program Files\Samsung\Support Center\GuaranaAgent.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Farbar) C:\Users\e\Downloads\FRST64 (2).exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764032 2012-08-10] (Qualcomm Atheros)

HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-08-10] (Qualcomm Atheros Commnucations)

HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe

HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)

HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)

HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION

HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION

HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION

HKLM Group Policy restriction on software: ** <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION

HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION

HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION

HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION

HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION

HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION

HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION

HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Nike+ Connect] => "C:\Users\e\AppData\Local\Nike\Nike+ Connect\Nike+ Connect daemon.exe"

HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe [5458704 2009-07-16] (Logitech Inc.)

HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)

HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)

HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-11-30] (Apple Inc.)

HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [WebDiscoverBrowser] => C:\Program Files\WebDiscoverBrowser\2.145.2\chrome.exe [985312 2016-04-07] ()

HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)

BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Tcpip\..\Interfaces\{6A1D41FA-DC74-4930-BACA-22F167ADDC1F}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:

==================

HKU\S-1-5-21-1957965229-2164351736-1395244876-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/

SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10176__160503__yaie&p={searchTerms}

SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {6563BC40-1541-40F0-BEA7-0D4671A951E7} URL =

SearchScopes: HKU\S-1-5-21-1957965229-2164351736-1395244876-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10176__160503__yaie&p={searchTerms}

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-10] (Qualcomm Atheros Commnucations)

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:

========

FF ProfilePath: C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default

FF DefaultSearchEngine: Bing

FF SelectedSearchEngine: Bing

FF Homepage: hxxp://yahoo.com/

FF NewTab: hxxp://yahoo.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-22] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-22] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1957965229-2164351736-1395244876-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\e\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-11] (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-1957965229-2164351736-1395244876-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\e\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-01-11] (Zoom Video Communications, Inc.)

FF SearchPlugin: C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default\searchplugins\bing-lavasoft.xml [2016-05-03]

FF Extension: Avira Browser Safety - C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\fvsqiata.default\Extensions\[email protected] [2015-08-05] [not signed]

Chrome:

=======

CHR HomePage: Default -> hxxps://search.yahoo.com/?type=926458&fr=yo-yhp-ch

CHR StartupUrls: Default -> "hxxp://yahoo.com/"

CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}

CHR DefaultSearchKeyword: Default -> yahoo.com

CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}

CHR Profile: C:\Users\e\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-26]

CHR Extension: (Google Docs) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-26]

CHR Extension: (Google Drive) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (YouTube) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]

CHR Extension: (Google Search) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]

CHR Extension: (Google Sheets) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-26]

CHR Extension: (Google Docs Offline) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]

CHR Extension: (Track My Package) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnjfmapefliaemndnellojlcpobojplh [2016-04-22]

CHR Extension: (Chrome Web Store Payments) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-22]

CHR Extension: (Gmail) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [211584 2012-08-10] (Qualcomm Atheros Commnucations) [File not signed]

R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-10-19] (Samsung Electronics CO., LTD.)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

R2 RalinkRegistryWriter; C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe [374112 2011-11-22] (Ralink Technology, Corp.)

R2 RalinkRegistryWriter64; C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [451936 2011-11-22] (Ralink Technology, Corp.)

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-03] (CyberLink)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

S2 wdsvc; C:\Program Files\WebDiscoverBrowser\wdsvc2.exe [305376 2016-04-07] (Startup Service)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-10] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-10] (Qualcomm Atheros)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-12 12:50 - 2016-05-12 12:50 - 00001169 _____ C:\Users\e\Desktop\FRST64 (1).exe - Shortcut.lnk

2016-05-12 12:49 - 2016-05-12 12:49 - 02381312 _____ (Farbar) C:\Users\e\Desktop\FRST64.exe

2016-05-12 12:49 - 2016-05-12 12:49 - 02381312 _____ (Farbar) C:\Users\e\Desktop\FRST64 (2).exe

2016-05-12 12:49 - 2016-05-12 12:49 - 02381312 _____ (Farbar) C:\Users\e\Desktop\FRST64 (1).exe

2016-05-12 12:43 - 2016-05-12 12:43 - 02381312 _____ (Farbar) C:\Users\e\Downloads\FRST64 (2).exe

2016-05-12 12:37 - 2016-05-12 12:38 - 02381312 _____ (Farbar) C:\Users\e\Downloads\FRST64 (1).exe

2016-05-10 07:01 - 2016-05-10 07:01 - 00000000 ___RD C:\Users\e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2016-05-03 19:34 - 2016-05-03 18:44 - 00450103 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160503-193430.backup

2016-05-03 18:48 - 2016-05-03 18:48 - 00000000 ____D C:\Program Files\Common Files\AV

2016-05-03 18:48 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe

2016-05-03 18:44 - 2016-01-16 07:52 - 00449985 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160503-184418.backup

2016-05-03 18:36 - 2016-05-03 18:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2016-05-03 18:36 - 2016-05-03 18:36 - 00004064 _____ C:\WINDOWS\System32\Tasks\WebDiscover Browser Update Task

2016-05-03 18:36 - 2016-05-03 18:36 - 00003294 _____ C:\WINDOWS\System32\Tasks\WebDiscover Browser Launch Task

2016-05-03 18:36 - 2016-05-03 18:36 - 00001407 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2016-05-03 18:36 - 2016-05-03 18:36 - 00001395 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2016-05-03 18:36 - 2016-05-03 18:36 - 00001028 _____ C:\Users\Public\Desktop\WebDiscover Browser.lnk

2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking

2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\Users\e\AppData\Local\Chromium

2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2016-05-03 18:36 - 2016-05-03 18:36 - 00000000 ____D C:\Program Files\WebDiscoverBrowser

2016-05-03 18:36 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe

2016-05-03 18:34 - 2016-05-03 18:34 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll

2016-05-03 18:34 - 2016-05-03 18:34 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll

2016-05-03 18:34 - 2016-05-03 18:34 - 00002920 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini

2016-05-03 18:34 - 2016-05-03 18:34 - 00002920 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini

2016-05-03 18:31 - 2016-05-03 18:32 - 00215168 _____ C:\Users\e\Downloads\SpybotSetup-51e2ecb4572934e5.exe

2016-05-02 23:37 - 2016-05-02 23:37 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk

2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\Program Files\iTunes

2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\Program Files\iPod

2016-05-02 23:37 - 2016-05-02 23:37 - 00000000 ____D C:\Program Files (x86)\iTunes

2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple

2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files\Bonjour

2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\Bonjour

2016-05-02 23:33 - 2016-05-02 23:33 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2016-05-02 23:08 - 2016-05-02 23:19 - 169713992 _____ (Apple Inc.) C:\Users\e\Downloads\iTunes6464Setup.exe

2016-05-02 01:31 - 2016-05-02 01:31 - 32168632 _____ C:\Users\e\Downloads\kolik_x264_001.avi

2016-05-02 01:07 - 2016-05-02 01:07 - 02232432 _____ C:\Users\e\Downloads\MVI_0178.AVI

2016-04-29 14:35 - 2016-04-29 14:35 - 00121093 _____ C:\Users\e\Downloads\1018466651-20120511-133914-.pdf

2016-04-29 12:16 - 2016-04-29 12:16 - 01331443 _____ C:\Users\e\Downloads\1032686392-20160321-161616-.pdf

2016-04-29 12:14 - 2016-04-29 12:14 - 00067362 _____ C:\Users\e\Downloads\1033029940-20160420-122818-.pdf

2016-04-27 02:39 - 2016-04-27 02:39 - 00000000 ___DC C:\Users\e\AppData\Local\MigWiz

2016-04-25 19:56 - 2016-04-25 19:56 - 00000000 ____D C:\Users\e\AppData\Local\Apple Inc

2016-04-25 19:52 - 2016-04-25 19:52 - 00000000 ____D C:\Users\e\Downloads\iphone

2016-04-25 12:28 - 2016-04-25 12:28 - 00001857 _____ C:\Users\Public\Desktop\QuickTime Player.lnk

2016-04-25 12:28 - 2016-04-25 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2016-04-25 12:28 - 2016-04-25 12:28 - 00000000 ____D C:\Program Files (x86)\QuickTime

2016-04-25 12:26 - 2016-04-25 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2016-04-24 22:55 - 2016-04-24 22:55 - 00000000 _____ C:\Recovery.txt

2016-04-23 17:19 - 2016-04-23 18:37 - 00000000 ____D C:\Program Files\Reimage

2016-04-23 17:17 - 2016-04-23 17:17 - 00768248 _____ (Reimage®) C:\Users\e\Downloads\ReimageRepair.exe

2016-04-23 14:29 - 2016-04-23 14:29 - 00377409 _____ C:\Users\e\Downloads\EandT.htm

2016-04-22 22:01 - 2016-05-03 15:37 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-04-22 22:01 - 2016-05-03 15:37 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-04-22 21:47 - 2016-05-12 12:49 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-04-22 21:47 - 2016-05-12 05:49 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-04-22 21:47 - 2016-05-11 05:44 - 00003910 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2016-04-22 21:47 - 2016-05-11 05:44 - 00003674 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2016-04-22 21:43 - 2016-05-12 12:51 - 00031023 _____ C:\Users\e\Downloads\FRST.txt

2016-04-14 00:54 - 2016-03-21 21:04 - 35077421 _____ C:\Users\e\Downloads\Loaf Pinchers at Tin Dog Saloon 3-21-2016.m4a

2016-04-13 11:33 - 2016-04-13 11:33 - 03890755 _____ C:\Users\e\Downloads\IMG_4049 (1).MOV

2016-04-13 11:32 - 2016-04-13 11:33 - 03890755 _____ C:\Users\e\Downloads\IMG_4049.MOV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-12 12:50 - 2016-02-06 17:14 - 00000000 ____D C:\FRST

2016-05-12 12:50 - 2015-03-04 07:41 - 00139776 ___SH C:\Users\e\Desktop\Thumbs.db

2016-05-12 12:49 - 2015-02-23 19:11 - 19935744 ___SH C:\Users\e\Downloads\Thumbs.db

2016-05-12 12:34 - 2015-11-07 16:39 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-05-12 07:23 - 2015-02-23 18:26 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{52D1E520-8463-4173-977F-6BA65D81C2E3}

2016-05-10 08:07 - 2013-02-17 23:30 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1957965229-2164351736-1395244876-1001

2016-05-10 07:06 - 2012-11-18 19:33 - 00000000 ____D C:\ProgramData\WinClon

2016-05-10 07:04 - 2014-11-21 03:44 - 00005384 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-05-10 06:58 - 2015-02-22 21:49 - 00000000 ____D C:\Users\e

2016-05-10 06:58 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-05-10 06:57 - 2013-06-24 01:14 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs

2016-05-07 11:49 - 2013-11-20 08:54 - 00000000 ____D C:\Users\e\Downloads\Nudes

2016-05-04 12:44 - 2013-02-19 03:04 - 00007604 _____ C:\Users\e\AppData\Local\resmon.resmoncfg

2016-05-03 19:31 - 2013-03-09 18:14 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2016-05-03 15:32 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI

2016-05-03 14:52 - 2015-08-04 06:46 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-05-03 14:51 - 2015-08-04 06:46 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-05-03 14:51 - 2015-08-04 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-05-03 14:51 - 2015-08-04 06:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-05-02 23:37 - 2013-03-04 03:36 - 00000000 ____D C:\Program Files\Common Files\Apple

2016-05-02 23:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf

2016-05-02 23:33 - 2013-03-04 03:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2016-04-29 02:05 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-04-29 01:13 - 2015-02-22 21:42 - 00000000 ____D C:\Program Files\Common Files\logishrd

2016-04-28 20:53 - 2015-06-05 07:08 - 01271296 ___SH C:\Users\e\Documents\Thumbs.db

2016-04-28 20:37 - 2014-11-05 16:31 - 00000000 ____D C:\Users\e\Downloads\ideas

2016-04-27 14:52 - 2013-11-23 16:26 - 00000000 ____D C:\Users\e\Downloads\Paintings

2016-04-26 16:16 - 2013-12-14 09:36 - 00000000 ____D C:\Users\e\AppData\Local\Windows Live

2016-04-26 07:46 - 2016-03-03 14:58 - 00000000 ____D C:\Users\e\Downloads\phone

2016-04-26 00:39 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF

2016-04-25 23:18 - 2013-09-16 02:59 - 00000000 ____D C:\Users\e\Downloads\Mom and pop_files

2016-04-25 19:56 - 2013-03-04 03:38 - 00000000 ____D C:\Users\e\AppData\Roaming\Apple Computer

2016-04-23 19:00 - 2013-03-02 20:00 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-04-23 18:59 - 2015-08-18 16:40 - 00001253 _____ C:\Users\e\Desktop\JRT.txt

2016-04-23 17:27 - 2013-03-09 18:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy

2016-04-22 22:00 - 2013-03-06 17:25 - 00000000 ____D C:\Program Files (x86)\Google

2016-04-22 21:47 - 2015-02-26 16:00 - 00000000 ____D C:\Users\e\AppData\Local\Deployment

2016-04-22 21:34 - 2015-11-07 16:39 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2016-04-22 20:58 - 2016-04-06 17:41 - 00001680 _____ C:\SSDXFlashLog.zip

2016-04-22 20:51 - 2016-03-15 09:20 - 00000000 ____D C:\Program Files (x86)\AdwCleaner

2016-04-22 20:51 - 2015-08-18 15:59 - 00000000 ____D C:\AdwCleaner

2016-04-22 20:51 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\servicing

2016-04-22 20:49 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps

2016-04-22 20:31 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\registration

2016-04-22 20:30 - 2013-02-22 11:28 - 00000000 ____D C:\Program Files (x86)\Yahoo!

==================== Files in the root of some directories =======

2013-04-27 10:35 - 2015-01-25 18:39 - 0000542 _____ () C:\Users\e\AppData\Roaming\ClipGet-FlvConverterDefaultSettings.xml

2013-04-27 08:02 - 2013-04-27 08:02 - 0000026 _____ () C:\Users\e\AppData\Roaming\ClipGet-UpdatePerformed.txt

2015-02-08 01:53 - 2015-08-25 16:27 - 0005120 _____ () C:\Users\e\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2013-02-19 03:04 - 2016-05-04 12:44 - 0007604 _____ () C:\Users\e\AppData\Local\resmon.resmoncfg

2014-08-01 08:02 - 2013-02-21 16:59 - 2063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe

2012-11-18 19:38 - 2013-01-12 23:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-10 08:08

==================== End of FRST.txt ============================

Addition.txt