Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by admin (administrator) on CHRISTHOMAS (13-12-2015 11:29:11)
Running from C:\Users\admin\Desktop
Loaded Profiles: admin (Available Profiles: admin & DefaultAppPool)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(
www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
(Spotify Ltd) C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Users\admin\Desktop\U1304.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1512.4020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6509.64001.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-18] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [BitTorrent] => C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe [1873952 2015-12-10] (BitTorrent Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [Google Update] => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [Spotify Web Helper] => C:\Users\admin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2345584 2015-12-01] (Spotify Ltd)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [Spotify] => C:\Users\admin\AppData\Roaming\Spotify\Spotify.exe [8270448 2015-12-01] (Spotify Ltd)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-04] (Google Inc.)
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [DeskBar] => C:\Users\admin\AppData\Local\DeskBar\dblaunch.exe [239104 2015-11-09] ()
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll No File
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\admin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll No File
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-12-12]
ShortcutTarget: SmartWeb.lnk -> C:\Users\admin\AppData\Local\SmartWeb\SmartWebHelper.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-3515164915-2860861682-270758949-1000] => Proxy is enabled.
ProxyServer: [S-1-5-21-3515164915-2860861682-270758949-1000] => 127.0.0.1:9666
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{23f78ea8-39df-45e2-94cc-9220b0f1c01d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{41f58f90-1dd7-44ce-84b8-bf08657bdb81}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
hxxp://go.microsoft.com/fwlink/?LinkId= ... kId=255141HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Software\Microsoft\Internet Explorer\Main,Search Page =
hxxps://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
hxxp://go.microsoft.com/fwlink/?LinkID= ... 7953BE6032HKU\S-1-5-21-3515164915-2860861682-270758949-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
hxxp://uk.msn.com/URLSearchHook: HKLM-x32 - (No Name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
hxxps://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
hxxps://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3515164915-2860861682-270758949-1000 -> {39E20AE7-59E6-4072-BBF1-E8FCFC883642} URL =
hxxp://search.yahoo.com/search?fr=chr-g ... =714647&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3515164915-2860861682-270758949-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
hxxps://search.yahoo.com/yhs/search?typ ... yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3515164915-2860861682-270758949-1000 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL =
hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1449929700&a=1024132&uuid=b52dc2a9-b058-401e-b2f1-ad7994814e13
SearchScopes: HKU\S-1-5-21-3515164915-2860861682-270758949-1000 -> {E516D6F3-65F1-4F9B-9466-925DED6EE285} URL =
hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=FCCztutdk0004,1f163b47-ad6b-447b-9ad7-0e6a63c39609
BHO: YoutubeAdblocker -> {24E53A1A-B562-30F4-23A6-75DF529C4E4A} -> C:\Program Files (x86)\YoutubeAdblocker\THVtn7x.x64.dll => No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-18] (Microsoft Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-10] (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll => No File
BHO-x32: No Name -> {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-10] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - No Name - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No File
Toolbar: HKU\S-1-5-21-3515164915-2860861682-270758949-1000 -> No Name - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - No File
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A}
hxxps://uos-portal.salford.ac.uk/Intern ... ompMgr.cabHandler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-18] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228
FF Homepage: about:home
FF NetworkProxy: "backup.ftp", "127.0.0.1"
FF NetworkProxy: "backup.ftp_port", 9666
FF NetworkProxy: "backup.socks", "127.0.0.1"
FF NetworkProxy: "backup.socks_port", 9666
FF NetworkProxy: "backup.ssl", "127.0.0.1"
FF NetworkProxy: "backup.ssl_port", 9666
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 9666
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 9666
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9666
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 9666
FF NetworkProxy: "type", 0
FF Homepage:
hxxp://houmpage.com/?src=hp&ssid=144992 ... 7994814e13FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-10] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @citrixonline.com/appdetectorplugin -> C:\Users\admin\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-09-03] (Citrix Online)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\admin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @talk.google.com/O1DPlugin -> C:\Users\admin\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @tools.google.com/Google Update;version=3 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-3515164915-2860861682-270758949-1000: @tools.google.com/Google Update;version=9 -> C:\Users\admin\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-10] (Google Inc.)
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228\user.js [2015-12-12]
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-04-16] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\admin\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: Add to Amazon Wish List Button - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228\extensions\amznUWL2@amazon.com.xpi [2014-08-02] [not signed]
FF Extension: Pocket - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228\extensions\isreaditlater@ideashower.com [2014-10-03] [not signed]
FF Extension: Media Hint - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\ei9163pu.default-1391602121228\Extensions\mediahint@jetpack.xpi [2014-05-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2013-12-04] [not signed]
Chrome:
=======
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=FCCztutdk0004,1f163b47-ad6b-447b-9ad7-0e6a63c39609&vp=ch&prd=set_ch"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.1\\npsitesafety.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll => No File
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (ZenMate - IP & Browser Check) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchhalahcjpkabdgonjhoogdcipienhf [2015-12-06]
CHR Extension: (Pocket) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-06-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Diner Builder) - C:\Users\admin\AppData\Local\Diner Builder\Component [2015-12-12]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] -
hxxps://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\admin\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-10-03]
CHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\admin\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] -
hxxps://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-3515164915-2860861682-270758949-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] -
hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] -
hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\admin\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-12-04]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [619328 2013-06-29] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (
www.shadowexplorer.com) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-03] (Synaptics Incorporated)
S2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [169280 2013-04-02] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /svc [X]
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /medsvc [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c64x64.sys [468752 2014-07-28] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)
R3 SNP2UVC; C:\Windows\system32\DRIVERS\snp2uvc.sys [2668424 2015-06-08] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-13 11:26 - 2015-12-13 11:29 - 00029567 _____ C:\Users\admin\Desktop\FRST.txt
2015-12-13 11:24 - 2015-12-13 11:26 - 00628314 _____ C:\WINDOWS\SPSS 17 Uninstall Log.txt
2015-12-13 11:13 - 2015-12-13 11:13 - 00016148 _____ C:\WINDOWS\system32\CHRISTHOMAS_admin_HistoryPrediction.bin
2015-12-13 05:33 - 2015-12-13 05:34 - 00000000 ____D C:\WINDOWS\system32\config\mybackup
2015-12-13 05:07 - 2015-12-13 05:07 - 00000000 ___HD C:\$Windows.~BT
2015-12-13 05:07 - 2015-12-13 05:07 - 00000000 _____ C:\Recovery.txt
2015-12-13 05:06 - 2015-12-13 05:07 - 00000000 ___HD C:\$SysReset
2015-12-12 21:59 - 2015-12-13 11:29 - 00000000 ____D C:\FRST
2015-12-12 21:58 - 2015-12-12 21:59 - 02369536 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-12-12 21:46 - 2015-12-12 21:46 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-12 21:37 - 2015-12-12 21:37 - 00278304 _____ C:\WINDOWS\Minidump\121215-39453-01.dmp
2015-12-12 21:16 - 2015-12-12 21:25 - 00313504 _____ C:\WINDOWS\ntbtlog.txt
2015-12-12 20:46 - 2015-12-12 20:46 - 00000000 ____D C:\Users\admin\AppData\Local\AvgSetupLog
2015-12-12 20:46 - 2015-12-12 20:46 - 00000000 ____D C:\Users\admin\AppData\Local\Avg
2015-12-12 20:35 - 2015-12-12 20:35 - 00000000 ____D C:\7200e41f036706b356537d
2015-12-12 20:30 - 2015-12-12 20:30 - 00000000 ____D C:\WINDOWS\system32\fafg
2015-12-12 18:16 - 2015-12-12 17:55 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\admin\Desktop\SpyHunter-Installer.exe
2015-12-12 17:13 - 2015-12-12 17:13 - 00000000 ____D C:\WINDOWS\system32\toic
2015-12-12 16:43 - 2015-12-12 20:43 - 00000470 _____ C:\WINDOWS\Tasks\SPBIW_UpdateTask_Time_3431303934343133382d5737325a786c5a3237344541.job
2015-12-12 16:42 - 2015-12-12 16:42 - 00000000 ____D C:\WINDOWS\system32\goj
2015-12-12 16:40 - 2015-12-12 16:42 - 00000000 ____D C:\Program Files\Common Files\ShopperPro
2015-12-12 16:40 - 2015-12-12 16:40 - 00004408 _____ C:\WINDOWS\System32\Tasks\SPBIW_UpdateTask_Time_3431303934343133382d57783245782a5a3437324557
2015-12-12 16:40 - 2015-12-12 16:40 - 00003682 _____ C:\WINDOWS\System32\Tasks\ShopperProJSUpd
2015-12-12 16:40 - 2015-12-12 16:40 - 00000000 ____D C:\Users\Public\Documents\ShopperPro
2015-12-12 16:40 - 2015-12-12 16:40 - 00000000 ____D C:\ProgramData\ShopperPro
2015-12-12 16:32 - 2015-12-12 16:32 - 00003228 _____ C:\WINDOWS\System32\Tasks\{3B2335E8-805F-4B6D-9A2D-426160A3578E}
2015-12-12 16:24 - 2015-12-12 16:24 - 00000000 ____D C:\Users\admin\AppData\LocalLow\BitTorrent
2015-12-12 15:54 - 2015-12-12 21:38 - 00000410 __RSH C:\ProgramData\ntuser.pol
2015-12-12 15:47 - 2015-12-12 15:47 - 00003162 _____ C:\WINDOWS\System32\Tasks\spw3016
2015-12-12 15:25 - 2015-12-12 15:25 - 00000017 _____ C:\WINDOWS\SysWOW64\history.dat
2015-12-12 15:14 - 2015-12-12 21:37 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-12 15:14 - 2015-12-12 15:14 - 00284208 _____ C:\WINDOWS\Minidump\121215-31687-01.dmp
2015-12-12 15:11 - 2015-12-12 15:15 - 00004752 _____ C:\WINDOWS\SysWOW64\Coiiigsa.ini
2015-12-12 15:11 - 2015-12-12 15:15 - 00002464 _____ C:\WINDOWS\SysWOW64\CoiiigsaOff.ini
2015-12-12 15:11 - 2015-12-12 15:15 - 00002464 _____ C:\WINDOWS\system32\CoiiigsaOff.ini
2015-12-12 15:11 - 2015-12-12 15:11 - 00003416 _____ C:\WINDOWS\System32\Tasks\Zutykenb
2015-12-12 15:11 - 2015-12-12 15:11 - 00000000 ____D C:\Users\admin\AppData\Roaming\VautKue
2015-12-12 15:11 - 2015-12-12 15:11 - 00000000 ____D C:\Users\admin\AppData\Local\DeskBar
2015-12-12 15:11 - 2015-12-12 13:47 - 00375152 _____ C:\WINDOWS\system32\Coiiigsa64.dll
2015-12-12 15:11 - 2015-12-12 13:47 - 00289136 _____ C:\WINDOWS\SysWOW64\Coiiigsa.dll
2015-12-12 15:07 - 2015-12-12 15:20 - 00000000 ____D C:\Users\admin\AppData\Roaming\RunDir
2015-12-12 15:07 - 2015-12-12 15:07 - 00004784 _____ C:\WINDOWS\SysWOW64\Ubazofi.ini
2015-12-12 15:07 - 2015-12-12 15:07 - 00002504 _____ C:\WINDOWS\SysWOW64\UbazofiOff.ini
2015-12-12 15:07 - 2015-12-12 15:07 - 00002504 _____ C:\WINDOWS\system32\UbazofiOff.ini
2015-12-12 15:07 - 2015-12-12 15:07 - 00000000 ____D C:\Users\admin\AppData\Roaming\NetService
2015-12-12 15:07 - 2015-12-12 13:52 - 00375144 _____ C:\WINDOWS\system32\Ubazofi64.dll
2015-12-12 15:07 - 2015-12-12 13:52 - 00289128 _____ C:\WINDOWS\SysWOW64\Ubazofi.dll
2015-12-12 15:06 - 2015-12-12 15:11 - 00000000 ____D C:\Users\admin\AppData\Local\Tempfolder
2015-12-12 15:06 - 2015-12-12 15:06 - 00034712 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-12-12 15:06 - 2015-12-12 15:06 - 00003416 _____ C:\WINDOWS\System32\Tasks\Rerlaply
2015-12-12 15:06 - 2015-12-12 15:06 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Company
2015-12-12 15:06 - 2015-12-12 15:06 - 00000000 ____D C:\Users\admin\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-12-12 15:06 - 2015-12-12 15:06 - 00000000 ____D C:\uninst
2015-12-12 15:05 - 2015-12-12 16:31 - 00000000 ____D C:\Users\admin\AppData\Local\SmartWeb
2015-12-12 15:05 - 2015-12-12 16:23 - 00000366 ____H C:\WINDOWS\Tasks\SXJVXMRYODXGIOSL.job
2015-12-12 15:05 - 2015-12-12 15:05 - 00004134 _____ C:\WINDOWS\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-12-12 15:05 - 2015-12-12 15:05 - 00003442 _____ C:\WINDOWS\System32\Tasks\SXJVXMRYODXGIOSL
2015-12-12 15:05 - 2015-12-12 15:05 - 00000000 ____D C:\ProgramData\Service1291
2015-12-12 15:05 - 2015-12-12 15:05 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-12-12 14:17 - 2015-12-12 14:20 - 00000000 ____D C:\Program Files (x86)\Tencent
2015-12-12 14:16 - 2015-12-12 14:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\SpringFiles
2015-12-12 14:15 - 2015-12-12 14:15 - 00185856 _____ C:\WINDOWS\rsrcs.dll
2015-12-12 14:15 - 2015-12-12 14:15 - 00003266 _____ C:\WINDOWS\System32\Tasks\Diner Builder
2015-12-12 14:15 - 2015-12-12 14:15 - 00003254 _____ C:\WINDOWS\System32\Tasks\Diner Builder2
2015-12-12 14:15 - 2015-12-12 14:15 - 00000966 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-12-12 14:15 - 2015-12-12 14:15 - 00000000 ____D C:\Users\admin\AppData\Local\Diner Builder
2015-12-12 14:15 - 2015-12-12 14:15 - 00000000 ____D C:\ProgramData\27d21954-6c17-1
2015-12-12 14:15 - 2015-12-12 14:15 - 00000000 ____D C:\ProgramData\27d21954-0ff7-0
2015-12-12 14:13 - 2015-12-12 14:13 - 00000000 ____D C:\Users\admin\AppData\Local\Nico Mak Computing
2015-12-12 14:12 - 2015-12-12 14:19 - 00000000 ____D C:\ProgramData\WinZip
2015-12-12 14:07 - 2015-12-12 14:07 - 00000000 ____D C:\ProgramData\UniqueId
2015-12-11 20:29 - 2015-12-12 15:06 - 00056728 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-12-10 13:19 - 2015-12-13 08:44 - 00000000 ____D C:\Users\admin\Desktop\utmp
2015-12-10 13:19 - 2015-12-12 16:32 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8B2598D4-4884-43E4-9D3C-7205A56A6923}
2015-12-10 12:34 - 2015-12-10 12:33 - 00278624 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-12-10 12:33 - 2015-12-10 12:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\Sun
2015-12-10 12:33 - 2015-12-10 12:33 - 00000000 ____D C:\Users\admin\.oracle_jre_usage
2015-12-10 12:22 - 2015-12-10 12:22 - 00003756 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-10 12:18 - 2015-12-13 08:39 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-10 12:12 - 2015-12-10 12:12 - 06420480 _____ C:\Program Files (x86)\GUT2D9F.tmp
2015-12-10 12:12 - 2015-12-10 12:12 - 00000000 ____D C:\Program Files (x86)\GUM2D9E.tmp
2015-11-23 13:29 - 2015-11-23 13:29 - 00000000 ____D C:\Users\admin\AppData\Local\OfficeBSCache-MyComputer
2015-11-23 13:22 - 2015-11-23 13:22 - 00000000 ____D C:\Program Files\Recuva
2015-11-19 21:12 - 2015-12-10 12:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-19 21:12 - 2015-11-19 21:12 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-11-18 13:29 - 2015-11-18 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-11-18 13:21 - 2015-11-18 13:21 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-11-17 12:56 - 2015-11-18 13:17 - 00000000 ____D C:\Users\admin\AppData\Local\LogMeIn Rescue Applet
2015-11-13 09:34 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-13 09:34 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-13 09:34 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-13 09:34 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-13 09:34 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-13 09:34 - 2015-11-05 05:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-13 09:34 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-13 09:34 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-13 09:34 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-13 09:34 - 2015-11-05 04:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-13 09:34 - 2015-11-05 04:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-13 09:34 - 2015-11-05 04:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-13 09:34 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-13 09:34 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-13 09:34 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-13 09:34 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-13 09:34 - 2015-11-05 03:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-13 09:34 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-13 09:34 - 2015-11-05 03:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-13 09:34 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-13 09:34 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-13 09:34 - 2015-11-05 03:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-13 09:34 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-13 09:34 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-13 09:34 - 2015-11-05 03:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-13 09:34 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-13 09:34 - 2015-11-05 03:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-13 09:34 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-13 09:34 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-13 09:33 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-13 09:33 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-13 09:33 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-13 09:33 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-13 09:33 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-13 09:33 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-13 09:33 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-13 09:33 - 2015-11-05 04:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-13 09:33 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-13 09:33 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-13 09:33 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-13 09:33 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-13 09:33 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-13 09:33 - 2015-11-05 04:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-13 09:33 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-13 09:33 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-13 09:33 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-13 09:33 - 2015-11-05 03:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-13 09:33 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-13 09:33 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-13 09:33 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-13 09:33 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-13 09:33 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-13 09:33 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-13 11:29 - 2013-09-28 18:01 - 00000600 _____ C:\Users\admin\PUTTY.RND
2015-12-13 11:27 - 2015-07-10 09:05 - 00000000 ____D C:\Windows
2015-12-13 11:26 - 2013-11-03 17:03 - 00000000 ____D C:\ProgramData\Thomson.ResearchSoft.Installers
2015-12-13 11:15 - 2015-08-17 12:24 - 00000000 ____D C:\Users\admin
2015-12-13 11:11 - 2014-03-02 10:01 - 00000370 _____ C:\WINDOWS\Tasks\AmiUpdXp.job
2015-12-13 10:59 - 2015-08-17 12:23 - 01009718 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-13 10:59 - 2015-07-10 11:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-13 10:47 - 2013-11-03 14:47 - 00000292 _____ C:\WINDOWS\Tasks\DigitalSite.job
2015-12-13 10:43 - 2014-06-28 16:23 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA.job
2015-12-13 10:38 - 2012-08-19 02:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-13 09:43 - 2014-06-28 16:23 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core.job
2015-12-13 08:51 - 2015-08-17 12:47 - 00002616 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-13 08:48 - 2015-07-10 11:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-13 08:48 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-13 08:41 - 2014-08-13 08:59 - 00000000 ____D C:\Users\admin\AppData\Roaming\Spotify
2015-12-13 08:40 - 2014-08-13 09:00 - 00000000 ____D C:\Users\admin\AppData\Local\Spotify
2015-12-13 05:07 - 2015-08-17 21:15 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-12 22:07 - 2015-07-10 10:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-12 21:51 - 2015-10-03 16:48 - 00002115 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-12-12 21:51 - 2015-10-03 16:48 - 00002113 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-12-12 21:51 - 2015-10-03 16:48 - 00002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-12-12 21:51 - 2015-10-03 16:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-12-12 21:38 - 2013-07-04 14:18 - 00000503 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-12-12 21:37 - 2015-07-10 12:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-12 21:36 - 2013-06-28 20:00 - 281157024 _____ C:\WINDOWS\MEMORY.DMP
2015-12-12 20:50 - 2015-09-08 17:57 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-12 20:30 - 2015-07-10 09:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-12-12 20:01 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-12 16:42 - 2014-11-29 18:26 - 00000000 ___RD C:\Users\admin\OneDrive
2015-12-12 16:34 - 2013-06-27 03:43 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics
2015-12-12 16:27 - 2013-06-28 20:13 - 00000000 ___RD C:\Users\admin\Dropbox
2015-12-12 16:27 - 2013-06-28 20:09 - 00000000 ____D C:\Users\admin\AppData\Roaming\Dropbox
2015-12-12 16:25 - 2015-10-03 16:48 - 00000000 ___RD C:\Users\admin\Google Drive
2015-12-12 16:24 - 2013-06-29 17:02 - 00000000 ____D C:\Users\admin\AppData\Roaming\BitTorrent
2015-12-12 15:57 - 2015-08-17 12:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-12 15:52 - 2009-07-14 03:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-12-12 15:27 - 2014-03-02 10:01 - 00003442 _____ C:\WINDOWS\System32\Tasks\AmiUpdXp
2015-12-12 14:51 - 2014-01-15 15:33 - 00000000 ____D C:\Users\admin\AppData\Roaming\Malwarebytes
2015-12-12 14:51 - 2014-01-15 15:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-12 14:43 - 2015-01-27 12:41 - 00002255 _____ C:\Users\admin\Desktop\Chrome App Launcher.lnk
2015-12-12 13:48 - 2014-12-01 08:55 - 00000000 ____D C:\Users\admin\AppData\Local\E66673C4-8B55-4180-B023-460EC7F40E67.aplzod
2015-12-12 10:26 - 2015-08-17 13:02 - 00002404 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-10 18:27 - 2014-01-13 10:28 - 00000000 ____D C:\Users\admin\AppData\Local\Packages
2015-12-10 17:44 - 2014-06-28 16:23 - 00004048 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000UA
2015-12-10 17:44 - 2014-06-28 16:23 - 00003672 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515164915-2860861682-270758949-1000Core
2015-12-10 12:35 - 2013-12-09 12:21 - 00000000 ____D C:\ProgramData\Oracle
2015-12-10 12:34 - 2013-12-09 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-10 12:34 - 2013-07-31 15:12 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-10 12:33 - 2013-12-09 12:20 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-12-10 12:10 - 2015-07-10 12:20 - 04970024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-09 03:39 - 2012-08-19 01:35 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-05 15:07 - 2012-08-19 01:41 - 00000000 ____D C:\Users\admin\AppData\Local\Microsoft Help
2015-11-23 18:42 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-22 14:27 - 2013-07-24 15:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-22 12:51 - 2012-08-19 01:50 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-20 10:04 - 2012-08-19 01:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-19 21:15 - 2013-06-28 22:17 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2015-11-19 21:13 - 2015-01-08 09:52 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-19 21:12 - 2013-06-28 22:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-19 21:12 - 2012-08-19 02:48 - 00000000 ____D C:\ProgramData\Adobe
2015-11-18 13:36 - 2015-07-10 11:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-18 13:21 - 2015-07-10 11:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-18 13:13 - 2015-07-10 11:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-17 12:32 - 2015-10-03 16:50 - 00000000 ____D C:\Users\admin\AppData\Local\Comms
==================== Files in the root of some directories =======
2015-12-10 12:12 - 2015-12-10 12:12 - 6420480 _____ () C:\Program Files (x86)\GUT2D9F.tmp
2013-11-03 15:47 - 2014-01-15 10:00 - 0000113 _____ () C:\Users\admin\AppData\Roaming\WB.CFG
2013-12-31 16:04 - 2014-01-03 10:31 - 0000005 _____ () C:\Users\admin\AppData\Roaming\WBPU-Q5-TTL.DAT
2013-11-03 15:47 - 2014-01-15 10:00 - 0000005 _____ () C:\Users\admin\AppData\Roaming\WBPU-TTL.DAT
2014-04-21 10:50 - 2014-10-05 17:24 - 0007168 _____ () C:\Users\admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-21 21:35 - 2011-11-21 21:35 - 0010275 _____ () C:\ProgramData\regid.1995-04.com.kistler_2B134736-2DB6-488E-BB15-FC19631EE635.swidtag
2011-11-22 13:54 - 2011-11-22 13:54 - 0010260 _____ () C:\ProgramData\regid.1995-04.com.kistler_FE724B72-8B8B-4B49-85FE-24AC4E84CC09.swidtag
Some files in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\amisetup0839__16165.exe
C:\Users\admin\AppData\Local\Temp\amisetup5185__15940.exe
C:\Users\admin\AppData\Local\Temp\avg1F0A.exe
C:\Users\admin\AppData\Local\Temp\avgB12D.exe
C:\Users\admin\AppData\Local\Temp\avgDDAC.exe
C:\Users\admin\AppData\Local\Temp\avgEE99.exe
C:\Users\admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpabi_j3.dll
C:\Users\admin\AppData\Local\Temp\f9IgQ6Jn1q.exe
C:\Users\admin\AppData\Local\Temp\fsd6323.exe
C:\Users\admin\AppData\Local\Temp\fsd817.exe
C:\Users\admin\AppData\Local\Temp\hKh5zAQo2E.exe
C:\Users\admin\AppData\Local\Temp\jdG0oV4TCa.exe
C:\Users\admin\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\admin\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\admin\AppData\Local\Temp\l3sQsQrdR1.exe
C:\Users\admin\AppData\Local\Temp\oprun14485.exe
C:\Users\admin\AppData\Local\Temp\oprun202.exe
C:\Users\admin\AppData\Local\Temp\oprun25567.exe
C:\Users\admin\AppData\Local\Temp\oprun26449.exe
C:\Users\admin\AppData\Local\Temp\Ryan Holiday The Obstacle Is Downloader__3687_i1780645052_il1742732.exe
C:\Users\admin\AppData\Local\Temp\SpOrder.dll
C:\Users\admin\AppData\Local\Temp\tu17p84.exe
C:\Users\admin\AppData\Local\Temp\Uninstall.exe
C:\Users\admin\AppData\Local\Temp\UninstallModule.exe
C:\Users\admin\AppData\Local\Temp\ZLPcxP28sR.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 11:00] - [2015-07-10 11:00] - 0680256 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\WINDOWS\system32\dnsapi.dll => no Company Name <===== ATTENTION
C:\WINDOWS\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-13 09:09
==================== End of FRST.txt ============================