Jump to content

sbennett3348

Honorary Members
 View Profile  See their activity

  • Posts

    46

  • Joined

  • Last visited

Reputation

0 Neutral
  1. sbennett3348
    Awesome, thanks.
  2. sbennett3348
    So I should be good even with the caught trojan and removed malware? I feel like when I have gotten something usually more comes with it. If so, that would be awesome to be able to use my comp for everything again.
  3. sbennett3348
    Thanks scan log jan 7.txt
  4. sbennett3348
    The first thing I saw was a trojan blocked by windows defender, I wanted to make sure there aren't any other trojans and the second was called PUP.Optional.Crossrider found by malwarebytes
  5. sbennett3348
    Hi, I am currently having problems and I am hoping to get help. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015Ran by Shad (administrator) on SJBENNETT (05-01-2016 08:51:15)Running from C:\Users\Shad\DownloadsLoaded Profiles: Shad (Available Profiles: Shad)Platform: Windows 8.1 Pro (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(AMD) C:\Windows\System32\atieclxx.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3165040 2013-08-14] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [bncsaui.exe] => %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exeHKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124536 2015-06-04] (LeapFrog Enterprises, Inc.)HKLM-x32\...\Run: [VizzedRgrPluginServiceLoader] => C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe [40448 2015-09-26] ()HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [Amazon Music] => C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeHKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeStartup: C:\Users\Shad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-29]ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{5F403669-F653-4852-9407-11FD1DE8054E}: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{B4F62580-3941-47B8-A5FB-CCB971F1889B}: [DhcpNameServer] 155.97.136.200 155.101.246.200 Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.comSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1595739235-987919694-39041242-1001 -> {B3D1926F-4CB7-43B2-A011-A429B406E4C6} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-05] (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-05] (Oracle Corporation)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) FireFox:========FF ProfilePath: C:\Users\Shad\AppData\Roaming\Mozilla\Firefox\Profiles\lc65gpxy.default-1419348729014FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-09-05] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-05] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-11] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll [2015-09-26] (Vizzed.com)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-20] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.) Chrome: =======CHR Profile: C:\Users\Shad\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]CHR Extension: (Adblock Plus) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]CHR Extension: (Block site) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-09-23]CHR Extension: (Google Docs Offline) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]CHR Extension: (AdBlock) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]CHR Extension: (StayFocusd) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-09-15]CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-12-29]CHR Extension: (Chrome Web Store Payments) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [4130960 2014-01-21] (Bradford Networks)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] ()S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-01-15] (Advanced Micro Devices)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-05] (Symantec Corporation)S3 EraserUtilDrv11311; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [140376 2013-09-05] (Symantec Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-04] (Malwarebytes)S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-24] (Realtek Semiconductor Corporation )R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-05 08:50 - 2016-01-05 08:50 - 00000000 ____D C:\Users\Shad\Downloads\FRST-OlderVersion2015-12-17 12:55 - 2015-12-17 12:55 - 00243478 _____ C:\Users\Shad\Desktop\Amazon.pdf2015-12-17 12:49 - 2015-12-17 12:49 - 00243459 _____ C:\Users\Shad\Downloads\Amazon.pdf2015-12-17 10:21 - 2015-12-17 10:21 - 00008685 _____ C:\Users\Shad\Desktop\research hours spreadsheet.xlsx2015-12-16 09:36 - 2015-12-17 10:20 - 00008684 _____ C:\Users\Shad\Documents\Research spreadsheet.xlsx2015-12-15 22:22 - 2015-12-15 22:22 - 00015015 _____ C:\Users\Shad\Desktop\Johns transition.xlsx2015-12-14 07:38 - 2015-12-14 07:38 - 00164748 _____ C:\Users\Shad\Downloads\Final Project Description (1)2015-12-14 07:36 - 2015-12-14 07:36 - 00164748 _____ C:\Users\Shad\Downloads\Final Project Description2015-12-09 13:44 - 2015-12-09 13:44 - 00742295 _____ C:\Users\Shad\Downloads\Disability Rights Laws_Certificate of Course Completion.pdf2015-12-09 13:44 - 2015-12-09 13:44 - 00742295 _____ C:\Users\Shad\Desktop\Disability Rights Laws_Certificate of Course Completion.pdf2015-12-09 12:52 - 2015-10-10 23:34 - 00468824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS2015-12-09 12:52 - 2015-10-10 23:34 - 00462168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys2015-12-09 12:52 - 2015-10-10 23:34 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys2015-12-09 12:52 - 2015-10-10 23:34 - 00092504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys2015-12-09 12:52 - 2015-10-10 23:34 - 00027992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys2015-12-09 12:52 - 2015-10-10 11:41 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys2015-12-09 12:52 - 2015-10-10 11:41 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys2015-12-09 12:52 - 2015-10-10 10:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll2015-12-09 12:52 - 2015-10-08 09:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll2015-12-09 12:52 - 2015-10-08 08:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll2015-12-09 12:52 - 2015-10-03 12:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2015-12-09 12:52 - 2015-10-03 12:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2015-12-09 10:49 - 2015-12-09 10:49 - 00084457 _____ C:\Users\Shad\Downloads\IntakeMeasureData without names (1).xlsx2015-12-09 10:33 - 2015-12-09 10:33 - 00098858 _____ C:\Users\Shad\Downloads\NBCOT_Proposal Final_ALT.pdf2015-12-09 09:10 - 2015-11-11 09:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2015-12-09 09:10 - 2015-11-11 09:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2015-12-09 09:10 - 2015-11-11 08:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2015-12-09 09:10 - 2015-11-11 08:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2015-12-09 09:10 - 2015-11-09 17:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2015-12-09 09:10 - 2015-11-09 17:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2015-12-09 09:10 - 2015-11-09 17:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll2015-12-09 09:10 - 2015-11-09 17:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2015-12-09 09:10 - 2015-11-09 16:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2015-12-09 09:10 - 2015-11-09 16:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2015-12-09 09:10 - 2015-11-09 16:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2015-12-09 09:10 - 2015-11-09 16:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2015-12-09 09:10 - 2015-11-09 16:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2015-12-09 09:10 - 2015-11-09 16:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll2015-12-09 09:10 - 2015-11-09 16:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2015-12-09 09:10 - 2015-11-09 16:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2015-12-09 09:10 - 2015-11-09 16:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2015-12-09 09:10 - 2015-11-08 15:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2015-12-09 09:10 - 2015-11-08 15:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2015-12-09 09:10 - 2015-11-08 15:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2015-12-09 09:10 - 2015-11-08 15:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll2015-12-09 09:10 - 2015-11-08 15:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2015-12-09 09:10 - 2015-11-08 14:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2015-12-09 09:10 - 2015-11-08 14:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll2015-12-09 09:10 - 2015-11-08 14:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2015-12-09 09:10 - 2015-11-08 14:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2015-12-09 09:10 - 2015-11-08 14:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2015-12-09 09:10 - 2015-11-08 14:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2015-12-09 09:10 - 2015-11-08 14:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2015-12-09 09:10 - 2015-11-08 14:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2015-12-09 09:10 - 2015-11-08 14:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2015-12-09 09:10 - 2015-11-08 13:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2015-12-09 09:10 - 2015-11-08 13:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2015-12-09 09:10 - 2015-11-08 13:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2015-12-09 09:10 - 2015-11-05 01:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys2015-12-09 09:09 - 2015-11-11 08:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2015-12-09 09:09 - 2015-11-11 08:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2015-12-09 09:09 - 2015-11-09 17:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2015-12-09 09:09 - 2015-11-09 16:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll2015-12-09 09:09 - 2015-11-08 13:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2015-12-09 09:07 - 2015-11-08 17:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll2015-12-09 09:07 - 2015-11-08 15:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2015-12-09 09:07 - 2015-11-08 14:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll2015-12-09 09:07 - 2015-11-08 14:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll2015-12-09 09:07 - 2015-11-08 14:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll2015-12-09 09:07 - 2015-11-08 13:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll2015-12-09 09:07 - 2015-11-08 13:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll2015-12-09 09:07 - 2015-11-08 13:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll2015-12-09 09:06 - 2015-11-21 23:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2015-12-09 09:06 - 2015-11-21 23:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2015-12-09 09:06 - 2015-11-21 23:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2015-12-09 09:06 - 2015-11-21 23:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2015-12-09 09:06 - 2015-11-21 23:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2015-12-09 09:06 - 2015-11-21 23:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2015-12-09 09:06 - 2015-11-21 23:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2015-12-09 09:06 - 2015-11-21 11:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll2015-12-09 09:06 - 2015-11-21 10:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll2015-12-09 09:06 - 2015-11-21 09:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll2015-12-09 09:06 - 2015-11-21 09:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll2015-12-09 09:06 - 2015-11-21 09:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll2015-12-09 09:06 - 2015-11-21 09:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll2015-12-09 09:05 - 2015-11-20 15:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2015-12-09 09:05 - 2015-11-20 11:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2015-12-09 09:05 - 2015-11-20 09:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2015-12-09 09:05 - 2015-11-20 09:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2015-12-09 09:05 - 2015-11-20 09:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2015-12-09 09:05 - 2015-11-20 09:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2015-12-09 09:05 - 2015-11-20 09:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2015-12-09 09:05 - 2015-11-20 09:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2015-12-09 09:05 - 2015-11-20 09:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2015-12-09 09:05 - 2015-11-20 09:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2015-12-09 09:05 - 2015-11-20 09:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2015-12-09 09:05 - 2015-11-20 09:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2015-12-09 09:05 - 2015-11-20 09:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2015-12-09 09:05 - 2015-10-28 08:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2015-12-09 09:05 - 2015-10-28 08:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2015-12-09 09:05 - 2015-10-05 11:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe2015-12-09 09:05 - 2015-10-05 11:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe2015-12-06 22:34 - 2015-12-06 22:34 - 00529619 _____ C:\Users\Shad\Downloads\Media Walk Around Sample.pdf2015-12-06 16:36 - 2015-12-06 16:36 - 00000000 ____D C:\Users\Shad\.android2015-12-06 16:24 - 2015-12-06 17:18 - 00000000 ____D C:\Users\Shad\AppData\Local\Genymobile2015-12-06 16:24 - 2015-12-06 16:47 - 00000000 ____D C:\Users\Shad\.VirtualBox2015-12-06 16:22 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys2015-12-06 16:22 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys2015-12-06 16:14 - 2015-12-06 16:15 - 132187096 _____ (Genymobile ) C:\Users\Shad\Downloads\genymotion-2.5.2-vbox.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-05 08:51 - 2015-02-09 15:26 - 00016117 _____ C:\Users\Shad\Downloads\FRST.txt2016-01-05 08:50 - 2015-02-09 15:25 - 02370560 _____ (Farbar) C:\Users\Shad\Downloads\FRST64.exe2016-01-05 08:50 - 2014-12-05 12:29 - 00000000 ____D C:\FRST2016-01-05 08:42 - 2014-07-04 19:01 - 00000000 ____D C:\Users\Shad\AppData\Local\Battle.net2016-01-04 23:21 - 2015-07-03 15:54 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2016-01-04 21:33 - 2015-02-20 15:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-12-31 19:22 - 2015-10-13 14:07 - 00000000 ____D C:\Program Files (x86)\Battle.net2015-12-30 10:12 - 2013-09-05 17:05 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1595739235-987919694-39041242-10012015-12-29 17:31 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps2015-12-29 17:31 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness2015-12-28 20:34 - 2015-07-03 15:54 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater2015-12-28 20:15 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp2015-12-18 14:04 - 2013-09-05 15:35 - 00000000 ____D C:\Users\Shad\AppData\Local\Packages2015-12-18 11:44 - 2013-08-22 08:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2015-12-18 11:39 - 2013-09-12 12:20 - 00000000 ____D C:\Program Files\Microsoft Office 152015-12-17 11:26 - 2015-10-13 14:09 - 00000000 ____D C:\Program Files (x86)\Hearthstone2015-12-17 10:24 - 2015-11-20 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-12-16 14:21 - 2013-09-05 17:46 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-12-15 12:41 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache2015-12-15 08:41 - 2015-09-29 12:33 - 00000000 ____D C:\Program Files (x86)\Mendeley Desktop2015-12-15 08:13 - 2013-10-29 05:15 - 00000000 ____D C:\Users\Shad\AppData\Local\CrashDumps2015-12-15 08:13 - 2013-09-05 19:55 - 00000000 ____D C:\Users\Shad\AppData\Local\Adobe2015-12-14 16:18 - 2014-07-04 19:01 - 00000000 ____D C:\Users\Shad\AppData\Roaming\Battle.net2015-12-14 16:18 - 2013-11-12 18:40 - 00000000 ____D C:\ProgramData\Battle.net2015-12-13 19:05 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF2015-12-11 18:57 - 2014-07-19 13:40 - 00000000 ___DO C:\Users\Shad\OneDrive2015-12-11 18:56 - 2013-09-05 17:44 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-12-11 10:35 - 2014-11-09 15:18 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat2015-12-11 10:35 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2015-12-11 10:35 - 2013-08-22 07:44 - 00509384 _____ C:\WINDOWS\system32\FNTCACHE.DAT2015-12-11 10:35 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf2015-12-11 10:32 - 2014-12-17 15:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-12-11 10:32 - 2014-01-10 20:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-12-11 10:32 - 2013-08-22 06:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI2015-12-11 10:27 - 2013-09-05 18:26 - 00000000 ____D C:\WINDOWS\system32\MRT2015-12-11 10:14 - 2013-09-05 18:26 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-12-09 13:44 - 2013-10-06 17:22 - 03527680 ___SH C:\Users\Shad\Downloads\Thumbs.db2015-12-09 11:04 - 2014-12-17 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-12-08 20:39 - 2013-09-06 09:20 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2015-12-06 17:18 - 2014-07-19 13:48 - 00000000 ____D C:\Program Files\AMD2015-12-06 16:42 - 2013-09-18 08:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-12-06 16:36 - 2014-07-19 10:26 - 00000000 ____D C:\Users\Shad2015-12-06 16:17 - 2013-09-05 21:40 - 01726976 ___SH C:\Users\Shad\Desktop\Thumbs.db ==================== Files in the root of some directories ======= 2014-03-19 18:27 - 2014-03-19 18:27 - 0005265 _____ () C:\Users\Shad\AppData\Roaming\callbanner.png Files to move or delete:====================C:\Users\Shad\jobq.dat ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\wininit.exe => File is digitally signedC:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\SysWOW64\explorer.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\SysWOW64\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\SysWOW64\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\SysWOW64\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\dnsapi.dll => File is digitally signedC:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-04 21:22 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015Ran by Shad (2016-01-05 08:58:38)Running from C:\Users\Shad\DownloadsWindows 8.1 Pro (X64) (2014-07-19 20:35:42)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1595739235-987919694-39041242-500 - Administrator - Disabled)Guest (S-1-5-21-1595739235-987919694-39041242-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1595739235-987919694-39041242-1005 - Limited - Enabled)Shad (S-1-5-21-1595739235-987919694-39041242-1001 - Administrator - Enabled) => C:\Users\Shad ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)Amazon Kindle (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Kindle) (Version: - Amazon)Amazon Music (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)AMD Catalyst Install Manager (HKLM\...\{83DEB2E3-26DC-26BE-2445-A3CA29203ABF}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)Anki (HKLM-x32\...\Anki) (Version: - )Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Bradford Persistent Agent (HKLM-x32\...\{892A1EE8-85D1-4487-A519-707AF9E94A80}) (Version: 3.1.4.16 - Bradford Networks)Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.29.1 - Google Inc.) HiddenHearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog)LeapFrog Connect (x32 Version: 7.0.6.19846 - LeapFrog) HiddenLeapFrog MyOwnLeaptop Plugin (x32 Version: 7.0.6.19846 - LeapFrog) HiddenMalwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) HiddenPlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)Toshiba Start (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin) (HKLM-x32\...\LeaptopPlugin) (Version: - LeapFrog)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Vizzed Retro Game Room (HKLM-x32\...\{65245253-FE12-4532-9FA2-18130C377C16}) (Version: 2.40 - Vizzed)WD Drive Utilities (HKLM-x32\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)WD SmartWare (HKLM\...\{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.)Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2495C376-D061-43C0-B98B-7E4775380404} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)Task: {31CE3ABA-E870-47AA-A465-8E3CF829BF39} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)Task: {31F8A95D-495C-483F-A632-35776759CE15} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exeTask: {3D06A8F7-733A-424F-922A-45E185B3EEE0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-18] (Microsoft Corporation)Task: {6A5139F2-3392-44E0-986A-C596D31F4577} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-11] (Microsoft Corporation)Task: {6D400E89-8251-4615-B7E9-F087CB557EDE} - System32\Tasks\{9CEAB1B1-915B-4951-A323-149D58BBB737} => pcalua.exe -a C:\DTToys\UDilbert.exe -d C:\DTToysTask: {A5EDE0D9-86FE-48DF-B6E2-3B39F05289BB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)Task: {AAC316C6-645B-494B-BAC7-8641E520C345} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exeTask: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= autoTask: {BAA9E648-0ED3-4E7E-AE5A-3328303BC3FF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)Task: {D561B15D-B104-4890-851A-FA7FD3789600} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)Task: {D5E3A5EB-85BA-460D-BE4D-E005C6F780C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {D9A2DAA0-8C20-44F4-A0D8-A4E6F67A9896} - System32\Tasks\TOSHIBA\TODDMain => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [2012-08-04] ()Task: {DD5716F6-3B73-49B8-94D6-6B8A8C9CA072} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)Task: {E64D4507-D4C7-46AC-8C60-4F4FCEB13A1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {F14BA311-233F-4858-9B6B-70225FDB47F3} - System32\Tasks\{5784A26B-C19D-4920-9FC6-7982AEF0ED21} => pcalua.exe -a "C:\GOG Games\Heroes of Might and Magic 4 Complete\unins000.exe" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe2015-10-30 18:58 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll2013-08-22 00:19 - 2013-08-21 23:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd2013-08-22 00:19 - 2013-08-21 23:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd2013-08-22 00:19 - 2013-08-21 23:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd2014-03-21 09:23 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2015-07-03 08:35 - 2015-07-03 08:35 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2015-12-16 14:20 - 2015-12-10 20:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll2015-12-16 14:20 - 2015-12-10 20:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\vizzed.com -> www.vizzed.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2015-12-15 08:38 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1595739235-987919694-39041242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shad\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpgDNS Servers: 192.168.0.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "RTHDVCPL"HKLM\...\StartupApproved\Run: => "Onboard"HKLM\...\StartupApproved\Run32: => "StartCCC"HKLM\...\StartupApproved\Run32: => "bncsaui.exe"HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"HKLM\...\StartupApproved\Run32: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "Monitor"HKLM\...\StartupApproved\Run32: => "VizzedRgrPluginServiceLoader"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Pokki"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Spotify Web Helper"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Amazon Music"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "ApplePhotoStreams"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "iCloudServices" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{296B56CA-93B0-4019-AF88-D6F2105EB7F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exeFirewallRules: [{71139C16-07BB-4183-AF90-63FD816D51E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exeFirewallRules: [uDP Query User{50D8E7B5-780F-43EE-94B2-D7C7CFD5B181}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exeFirewallRules: [TCP Query User{B444C6A1-D951-4EC4-AF80-3E271702B725}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exeFirewallRules: [{1E8E04CD-8E59-4A2C-84BF-4AAB3F52DAB1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exeFirewallRules: [{D0040AFC-31A5-40D0-AB85-673CBE7409C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exeFirewallRules: [{BC679683-AEC0-4B5D-ACC7-B2E310B3C19C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exeFirewallRules: [{7F5F07F1-C145-459F-B820-620006AB931D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exeFirewallRules: [{DAEBDB78-BE0F-4C02-AB5F-293C1874B280}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exeFirewallRules: [{8545D658-74D1-4490-8B66-87FDF9A9F767}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{BCE735F6-0AD7-406B-B274-682C16A84CAC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{F944EC1D-E7E0-4304-B4EA-3902343553E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{81A6CF51-C192-4F41-942B-B5CAE0C020E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [uDP Query User{E4475B15-33FD-457E-8DCD-1AFAB19E77B8}C:\users\shad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shad\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{37CB316E-E3EE-4267-97CD-2837F5B58F10}C:\users\shad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shad\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{29C4F8AC-139B-4F34-9D50-6A56F1CE0E6A}C:\users\shad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shad\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{14ACE0C7-DBD2-4E2D-960E-0E90AD381F2F}C:\users\shad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shad\appdata\roaming\spotify\spotify.exeFirewallRules: [{9A542F5F-39F3-42BE-BDA9-ED83FFD7B88B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{7E451835-4115-4076-B2E8-8181D50E2652}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{C6E08D53-FD97-4877-B6EE-3CE407092FA5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{1FEFEA1A-6BBC-4EEE-AB49-E2464C947EE6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{06E55DC8-57C8-409A-9D25-4E5213F0E765}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [{FA5D7E61-91A2-4B90-A5F6-4E383DA45917}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [{B0192036-8CF9-4976-8DD8-59CA6AC7B3B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [{8DB06473-75D6-41FE-9285-A1FFADB3A2B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [{F63599B9-865D-447D-99A1-15DEB9CD26D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exeFirewallRules: [{2020F57A-7A07-4848-A6FC-8906F73E0266}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exeFirewallRules: [{335C448A-7C04-4D5E-B576-5DFE4FD79D2E}] => (Allow) C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeFirewallRules: [{AFF5EFF5-1659-421B-8713-C4CFCE2576A5}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [{08C3A5EF-9DE7-4F5E-AB34-D5E0252B407F}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [{DCD1B54C-B411-4EEC-AFFE-AD401BA00564}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exeFirewallRules: [{0E445407-838F-47CA-B0D2-D8BC98E52318}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exeFirewallRules: [{F291644D-806D-4BD4-AC94-47BEC01AE79E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exeFirewallRules: [{BF5E8F83-E2C5-4A00-BBBE-839BBAB04476}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exeFirewallRules: [{33D67A8A-4553-4901-88F2-182C571D1EB0}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [{47E41E7E-7A1F-4472-A6C1-CAAE2BFF0C30}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [{5D17B9AA-C00B-4FBF-B1C5-E05E9BAC4880}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exeFirewallRules: [{AB1EB778-CC1D-4AC5-9C5F-1A8EFF0281A0}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exeFirewallRules: [{E43B3589-FB52-49E3-AD1B-3EC4904D54AA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exeFirewallRules: [{255D5ED8-93F4-4A4F-BCA9-72660D4D558F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exeFirewallRules: [{AC4D6708-DC4C-43B3-A0B8-0A125FE93E65}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exeFirewallRules: [{8B936FFF-E7E5-41B2-814A-BFE6A3341704}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{BE27DB90-DE04-4B4D-BC6D-A68835952A01}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{A99EB9FC-36D1-4A08-90B7-067BFEF42595}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{E4D577D6-7A79-4CE9-978D-A4922CE3E6D3}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{85411AE5-C887-45FD-99EB-503F37866274}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{3B9C963E-7436-4E2A-BD57-B95DF0BE37C7}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{78556AC0-7A9F-4551-A717-0DF5327E6F8B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{2374B58B-9929-446E-9E4C-A80D53492FB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{32FEFED0-1B22-43EA-8FF6-3DA9CD0B2859}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exeFirewallRules: [{A3E04391-CDF2-4F8A-9611-D604EE8C7968}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exeFirewallRules: [{BFDFBA3B-BD30-45C1-82B2-6CC5ABE07F0B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exeFirewallRules: [TCP Query User{9852C7CB-DFAA-4CC2-B64D-4924A1EDCFB6}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exeFirewallRules: [uDP Query User{D945A59F-6CC3-4B25-87AB-99229ED2BB84}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exeFirewallRules: [{258FA923-6799-40FF-95CE-3F000D7A3287}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 15-12-2015 08:41:39 Removed Bradford Persistent Agent28-12-2015 20:12:58 Windows Update04-01-2016 22:42:49 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (01/05/2016 02:55:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1906 Error: (01/05/2016 02:55:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1906 Error: (01/05/2016 02:55:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/05/2016 02:54:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1750 Error: (01/05/2016 02:54:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1750 Error: (01/04/2016 11:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/01/2016 09:32:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6109 Error: (01/01/2016 09:32:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 6109 Error: (01/01/2016 09:32:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/01/2016 09:32:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4344 System errors:=============Error: (12/11/2015 10:27:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3112148). Error: (12/11/2015 10:27:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3102429). Error: (12/11/2015 10:05:22 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:22 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca CodeIntegrity:=================================== Date: 2015-12-31 14:47:58.880 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-31 14:47:48.867 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-31 14:47:38.521 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:36.201 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:32.277 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:29.377 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:26.486 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:22.125 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:16.594 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:11.832 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD E1-1200 APU with Radeon HD GraphicsPercentage of memory in use: 58%Total physical RAM: 3658.26 MBAvailable physical RAM: 1528.4 MBTotal Virtual: 5237.23 MBAvailable Virtual: 2207.81 MB ==================== Drives ================================ Drive c: (TI10664800G) (Fixed) (Total:452.82 GB) (Free:318.84 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
  6. sbennett3348
    Hello, I have the problem where your real time protection continually shuts off. I have re-installed it and installed it and as it should it fixes the problem. My problem now is that I have had to do this 7-8 times in the half a year I have owned the premium version. I need a permanent fix. Is there anything else I can do besides uninstall it, have to dig up my licensing info, and re installing it?\ Please assist. Thanks.
  7. sbennett3348
    It seems to have been running fine, even after the malware. I just wasn't sure if it infected more.
  8. sbennett3348
    Thanks for your help! Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015 Ran by Shad at 2015-02-09 15:31:18 Running from C:\Users\Shad\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.) Amazon Kindle (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Kindle) (Version: - Amazon) Amazon Music (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC) AMD Catalyst Install Manager (HKLM\...\{83DEB2E3-26DC-26BE-2445-A3CA29203ABF}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) Anki (HKLM-x32\...\Anki) (Version: - ) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bradford Persistent Agent (HKLM-x32\...\{892A1EE8-85D1-4487-A519-707AF9E94A80}) (Version: 3.1.4.16 - Bradford Networks) Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Heroes of Might and Magic 4 Complete (HKLM-x32\...\GOGPACKHOMM4COMPLETE_is1) (Version: 2.0.0.12 - GOG.com) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - ) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Might and Magic IX (HKLM-x32\...\GOGPACKMM9_is1) (Version: 2.0.0.11 - GOG.com) Might and Magic VIII - Day of the Destroyer (HKLM-x32\...\GOGPACKMM8_is1) (Version: 2.0.0.13 - GOG.com) Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated) TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation) TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation) Toshiba Start (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Vizzed Retro Game Room (HKLM-x32\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed) WD Drive Utilities (HKLM-x32\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.) WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 14-01-2015 17:03:52 Windows Update 22-01-2015 22:10:13 Scheduled Checkpoint 26-01-2015 09:26:02 Windows Update 31-01-2015 16:03:13 Windows Modules Installer 06-02-2015 13:00:44 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06FF914E-C72A-40E5-AE03-F71F5AEEF8F9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {2495C376-D061-43C0-B98B-7E4775380404} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated) Task: {31CE3ABA-E870-47AA-A465-8E3CF829BF39} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {31F8A95D-495C-483F-A632-35776759CE15} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe Task: {3D06A8F7-733A-424F-922A-45E185B3EEE0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation) Task: {6BF1754A-0DDE-4EEE-85B4-FCAA5E598EA4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-17] (Microsoft Corporation) Task: {6D400E89-8251-4615-B7E9-F087CB557EDE} - System32\Tasks\{9CEAB1B1-915B-4951-A323-149D58BBB737} => pcalua.exe -a C:\DTToys\UDilbert.exe -d C:\DTToys Task: {88FA6C13-5191-4E65-A00C-773821720736} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SJBENNETT-Shad SJBennett => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation) Task: {973234F8-3685-4436-84FA-D15B6F743846} - System32\Tasks\Norton PCCU OOBE Mode => C:\Program Files (x86)\PC Checkup\OOBEHelper.exe [2013-01-31] (Symantec Corporation) Task: {AAC316C6-645B-494B-BAC7-8641E520C345} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe Task: {D5E3A5EB-85BA-460D-BE4D-E005C6F780C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.) Task: {D9A2DAA0-8C20-44F4-A0D8-A4E6F67A9896} - System32\Tasks\TOSHIBA\TODDMain => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [2012-08-04] () Task: {DD5716F6-3B73-49B8-94D6-6B8A8C9CA072} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation) Task: {E64D4507-D4C7-46AC-8C60-4F4FCEB13A1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-03-21 09:23 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe 2014-11-22 18:30 - 2014-09-23 06:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2014-09-17 05:20 - 2014-10-14 22:35 - 06281024 _____ () C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe 2013-08-22 00:19 - 2013-08-21 23:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd 2013-08-22 00:19 - 2013-08-21 23:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd 2013-08-22 00:19 - 2013-08-21 23:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-02-06 16:51 - 2015-02-04 02:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll 2015-02-06 16:51 - 2015-02-04 02:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll 2015-02-06 16:51 - 2015-02-04 02:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Shad\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1595739235-987919694-39041242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shad\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "bncsaui.exe" HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace" HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Pokki" HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Accounts: ============================= Administrator (S-1-5-21-1595739235-987919694-39041242-500 - Administrator - Disabled) Guest (S-1-5-21-1595739235-987919694-39041242-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1595739235-987919694-39041242-1005 - Limited - Enabled) Shad (S-1-5-21-1595739235-987919694-39041242-1001 - Administrator - Enabled) => C:\Users\Shad ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10842485 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10842485 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10829078 Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10829078 Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10813172 Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10813172 System errors: ============= Error: (02/06/2015 08:43:16 PM) (Source: DCOM) (EventID: 10016) (User: SJBENNETT) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}SJBennettShadS-1-5-21-1595739235-987919694-39041242-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (02/06/2015 00:27:59 PM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer MARV that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}. The master browser is stopping or an election is being forced. Error: (02/05/2015 08:45:17 AM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer MARV that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}. The master browser is stopping or an election is being forced. Error: (01/31/2015 05:20:10 PM) (Source: DCOM) (EventID: 10016) (User: SJBENNETT) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}SJBennettShadS-1-5-21-1595739235-987919694-39041242-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (01/31/2015 04:48:26 PM) (Source: DCOM) (EventID: 10016) (User: SJBENNETT) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}SJBennettShadS-1-5-21-1595739235-987919694-39041242-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (01/28/2015 09:23:36 AM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer MARV that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}. The master browser is stopping or an election is being forced. Error: (01/27/2015 08:51:50 PM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer MARV that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}. The master browser is stopping or an election is being forced. Error: (01/25/2015 00:36:06 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.134. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer. Error: (01/23/2015 09:08:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240055: Security Update for Internet Explorer Flash Player for Windows 8.1 for x64-based Systems (KB3033408). Error: (01/23/2015 07:25:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service. Microsoft Office Sessions: ========================= Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10842485 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10842485 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10829078 Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10829078 Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10813172 Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10813172 CodeIntegrity Errors: =================================== Date: 2015-02-02 23:40:34.285 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:33.183 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:32.134 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:31.292 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:30.425 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:29.341 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:28.040 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:27.206 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:26.430 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:25.079 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD E1-1200 APU with Radeon HD Graphics Percentage of memory in use: 88% Total physical RAM: 3658.26 MB Available physical RAM: 427.32 MB Total Pagefile: 5089.68 MB Available Pagefile: 928.26 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (TI10664800G) (Fixed) (Total:452.82 GB) (Free:353.99 GB) NTFS Drive d: (BOY_MEETS_WORLD_SEASON_2) (CDROM) (Total:7.95 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015 Ran by Shad (administrator) on SJBENNETT on 09-02-2015 15:26:44 Running from C:\Users\Shad\Downloads Loaded Profiles: Shad (Available profiles: Shad) Platform: Windows 8.1 Pro (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe () C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3733\Agent.exe (Blizzard Entertainment) C:\Program Files (x86)\Diablo III\Diablo III.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation) HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3165040 2013-08-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [3487888 2014-01-21] (Bradford Networks) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [Amazon Music] => C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1595739235-987919694-39041242-1001 -> {B3D1926F-4CB7-43B2-A011-A429B406E4C6} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 FireFox: ======== FF ProfilePath: C:\Users\Shad\AppData\Roaming\Mozilla\Firefox\Profiles\lc65gpxy.default-1419348729014 FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) Chrome: ======= CHR Profile: C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (Adblock Plus) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-23] CHR Extension: (AdBlock) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-09] CHR Extension: (Google Wallet) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed] R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [4130960 2014-01-21] (Bradford Networks) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation) R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation) S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-01-15] (Advanced Micro Devices) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.) S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation) S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-05] (Symantec Corporation) S3 EraserUtilDrv11311; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [140376 2013-09-05] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-24] (Realtek Semiconductor Corporation ) R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 15:26 - 2015-02-09 15:28 - 00013780 _____ () C:\Users\Shad\Downloads\FRST.txt 2015-02-09 15:25 - 2015-02-09 15:25 - 02132992 _____ (Farbar) C:\Users\Shad\Downloads\FRST64.exe 2015-02-07 14:03 - 2015-02-09 15:21 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-07 14:03 - 2015-02-07 14:03 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-02-07 14:03 - 2015-02-07 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-02-07 14:02 - 2015-02-07 14:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-02-07 14:02 - 2015-02-07 14:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-07 14:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-07 14:02 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-07 14:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-07 14:01 - 2015-02-07 14:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Shad\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-07 13:51 - 2015-02-09 12:56 - 00015664 _____ () C:\WINDOWS\PFRO.log 2015-02-07 13:50 - 2015-02-07 13:50 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Shad\Downloads\mbam-clean-2.1.1.1001.exe 2015-02-07 11:43 - 2015-02-07 11:43 - 00000000 ____D () C:\Users\Shad\Documents\Diablo III 2015-02-07 09:30 - 2015-02-07 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III 2015-02-07 09:29 - 2015-02-07 11:41 - 00000000 ____D () C:\Program Files (x86)\Diablo III 2015-02-07 08:55 - 2015-02-07 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2015-02-07 08:55 - 2015-02-07 08:56 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-02-07 08:50 - 2015-02-07 08:52 - 03589024 _____ (Blizzard Entertainment) C:\Users\Shad\Downloads\Diablo-III-Setup-enUS.exe 2015-02-06 17:52 - 2015-02-06 17:52 - 00015380 _____ () C:\Users\Shad\Desktop\Cranial Nerves.apkg 2015-02-06 16:55 - 2015-02-06 16:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe 2015-02-06 16:53 - 2015-02-06 16:54 - 05006144 _____ (Adobe Systems Inc.) C:\Users\Shad\Downloads\Shockwave_Installer_Slim.exe 2015-02-06 16:52 - 2015-02-06 16:52 - 00132240 _____ () C:\Users\Shad\Downloads\neyes1.13.dcr 2015-02-04 19:57 - 2015-02-04 19:58 - 00005353 _____ () C:\Users\Shad\Desktop\Neuro-lab.apkg 2015-02-04 19:57 - 2015-02-04 19:57 - 00009634 _____ () C:\Users\Shad\Desktop\Neuro-Forebrain.apkg 2015-01-31 15:55 - 2015-01-31 15:55 - 06063552 _____ () C:\Users\Shad\Downloads\mm9_manual (1).zip 2015-01-31 14:39 - 2015-01-31 14:39 - 00001717 _____ () C:\Users\Public\Desktop\Might and Magic IX.lnk 2015-01-31 14:39 - 2015-01-31 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Might and Magic IX [GOG.com] 2015-01-31 14:38 - 2015-01-31 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Might and Magic VIII - Day of the Destroyer [GOG.com] 2015-01-31 14:38 - 2015-01-31 14:38 - 00001911 _____ () C:\Users\Public\Desktop\Might and Magic VIII - Day of the Destroyer.lnk 2015-01-31 14:22 - 2015-01-31 14:22 - 06063552 _____ () C:\Users\Shad\Downloads\mm9_manual.zip 2015-01-31 14:22 - 2015-01-31 14:22 - 00486162 _____ () C:\Users\Shad\Downloads\manual.zip 2015-01-31 14:21 - 2015-01-31 14:24 - 572504648 _____ (GOG.com ) C:\Users\Shad\Downloads\setup_mm9_2.0.0.11.exe 2015-01-31 14:20 - 2015-01-31 14:23 - 619253368 _____ (GOG.com ) C:\Users\Shad\Downloads\setup_mm8_2.0.0.13.exe 2015-01-27 11:19 - 2015-01-27 11:24 - 00000000 ____D () C:\Users\Shad\Desktop\SOC1200 2015-01-27 11:12 - 2015-02-02 07:39 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SJBENNETT-Shad SJBennett 2015-01-26 19:21 - 2015-02-09 12:57 - 00000539 _____ () C:\WINDOWS\setupact.log 2015-01-26 19:21 - 2015-01-26 19:21 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-25 16:54 - 2015-02-09 15:21 - 01964042 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-25 16:16 - 2015-01-25 16:17 - 12994216 _____ () C:\Users\Shad\Downloads\Nitemare-3D.zip 2015-01-25 16:15 - 2015-01-25 16:15 - 00000000 ____D () C:\Users\Shad\Downloads\labfull 2015-01-25 16:09 - 2015-01-25 16:09 - 00887582 _____ () C:\Users\Shad\Downloads\labfull.zip 2015-01-25 13:16 - 2015-01-25 13:16 - 00010412 _____ () C:\Users\Shad\Downloads\psychosocial quiz 1.apkg 2015-01-23 15:21 - 2012-02-08 16:36 - 00363520 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B8L.dll 2015-01-23 15:21 - 2012-01-24 16:18 - 00077568 _____ () C:\WINDOWS\system32\CNC1762D.TBL 2015-01-23 15:21 - 2012-01-16 14:21 - 00287744 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B8C.dll 2015-01-23 15:21 - 2012-01-16 14:20 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B8I.dll 2015-01-23 15:21 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll 2015-01-22 09:24 - 2015-01-22 09:24 - 00077312 _____ () C:\Users\Shad\Downloads\2009-10-Estimations-Nation (1).xls 2015-01-22 09:19 - 2015-01-22 09:19 - 00077312 _____ () C:\Users\Shad\Downloads\2009-10-Estimations-Nation.xls 2015-01-20 19:37 - 2015-01-20 19:37 - 00010178 _____ () C:\Users\Shad\Downloads\OT Books for Sale.xlsx 2015-01-20 13:21 - 2015-01-20 13:21 - 00049683 _____ () C:\Users\Shad\Downloads\Soc 1200 Roster-1.xlsx 2015-01-20 10:01 - 2015-01-20 10:19 - 00011497 _____ () C:\Users\Shad\Documents\Students in both classes Spring 2015.xlsx 2015-01-20 09:50 - 2015-01-20 09:59 - 00001889 _____ () C:\Users\Shad\Downloads\Grades-SOC-1200-151-V37-Hammond-SPRING_2015-XLIST (1).csv 2015-01-20 09:13 - 2015-01-20 09:13 - 00048656 _____ () C:\Users\Shad\Downloads\Soc 1200 Roster (1).xlsx 2015-01-20 09:12 - 2015-01-20 09:13 - 00050635 _____ () C:\Users\Shad\Downloads\Soc 1010 Roster (1).xlsx 2015-01-17 15:50 - 2012-03-26 05:00 - 00389120 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMB8.DLL 2015-01-14 13:57 - 2015-01-14 13:57 - 00048656 _____ () C:\Users\Shad\Downloads\Soc 1200 Roster.xlsx 2015-01-14 13:56 - 2015-01-14 13:56 - 00050635 _____ () C:\Users\Shad\Downloads\Soc 1010 Roster.xlsx 2015-01-14 09:56 - 2014-12-18 23:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 09:56 - 2014-12-11 19:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 09:56 - 2014-12-11 17:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 09:56 - 2014-12-08 18:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 09:56 - 2014-12-08 12:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 09:56 - 2014-12-05 20:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 09:56 - 2014-12-05 18:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 09:56 - 2014-12-05 18:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-12 07:54 - 2015-01-12 10:20 - 00000000 ____D () C:\Users\Shad\Desktop\Photos end of 2014 2015-01-10 09:28 - 2015-01-10 09:28 - 00001872 _____ () C:\Users\Public\Desktop\Heroes of Might and Magic 4 Complete.lnk 2015-01-10 09:28 - 2015-01-10 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic 4 Complete [GOG.com] 2015-01-10 09:07 - 2015-01-10 09:21 - 995423848 _____ (GOG.com ) C:\Users\Shad\Downloads\setup_homm4_complete_2.0.0.12 (3).exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 15:27 - 2014-12-05 12:29 - 00000000 ____D () C:\FRST 2015-02-09 15:21 - 2014-07-04 19:01 - 00000000 ____D () C:\Users\Shad\AppData\Local\Battle.net 2015-02-09 15:20 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-09 13:42 - 2013-09-05 17:44 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-09 13:01 - 2014-07-19 13:40 - 00000000 ___DO () C:\Users\Shad\OneDrive 2015-02-09 12:58 - 2013-09-05 17:44 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-09 12:57 - 2014-11-09 15:18 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat 2015-02-09 12:57 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-09 12:56 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-07 18:52 - 2013-09-05 17:05 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1595739235-987919694-39041242-1001 2015-02-07 18:36 - 2013-09-05 15:35 - 00000000 ____D () C:\Users\Shad\AppData\Local\Packages 2015-02-07 13:45 - 2013-09-05 21:40 - 01288192 ___SH () C:\Users\Shad\Desktop\Thumbs.db 2015-02-07 13:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-07 09:27 - 2014-07-04 19:01 - 00000000 ____D () C:\Users\Shad\AppData\Roaming\Battle.net 2015-02-06 18:54 - 2013-09-14 19:51 - 00000000 ____D () C:\Users\Shad\Documents\Anki 2015-02-06 16:52 - 2013-09-05 17:46 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-06 13:03 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-06 09:37 - 2013-09-05 17:44 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 09:37 - 2013-09-05 17:44 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-03 12:31 - 2014-12-16 20:08 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 12:31 - 2014-12-16 20:08 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 08:42 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-01-31 16:04 - 2013-10-29 05:15 - 00000000 ____D () C:\Users\Shad\AppData\Local\CrashDumps 2015-01-31 16:04 - 2013-08-22 04:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll 2015-01-31 16:04 - 2013-08-22 04:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe 2015-01-31 16:04 - 2013-08-22 04:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll 2015-01-31 16:04 - 2013-08-22 04:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll 2015-01-31 16:04 - 2013-08-22 04:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll 2015-01-31 16:04 - 2013-08-21 20:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll 2015-01-31 16:04 - 2013-08-21 20:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe 2015-01-31 16:04 - 2013-08-21 20:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll 2015-01-31 16:04 - 2013-08-21 20:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll 2015-01-31 16:04 - 2013-08-21 20:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll 2015-01-31 14:35 - 2014-04-19 07:00 - 00000000 ____D () C:\GOG Games 2015-01-27 10:43 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-25 16:18 - 2014-08-15 11:04 - 00000000 ____D () C:\Users\Shad\Desktop\attempt to fix 2015-01-17 11:46 - 2014-07-19 10:26 - 00000000 ____D () C:\Users\Shad 2015-01-17 11:35 - 2013-09-05 18:26 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-17 11:26 - 2013-09-05 18:26 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-16 08:46 - 2014-03-18 03:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-12 15:00 - 2014-07-31 12:03 - 00000000 ____D () C:\Users\Shad\Desktop\Family Testbank Questions2014 2015-01-12 14:59 - 2014-07-31 12:03 - 00000000 ____D () C:\Users\Shad\Desktop\Intro Testbank Questions2014 ==================== Files in the root of some directories ======= 2014-03-19 18:27 - 2014-03-19 18:27 - 0005265 _____ () C:\Users\Shad\AppData\Roaming\callbanner.png ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-30 21:13 ==================== End Of Log ============================
  9. sbennett3348
    Hi, I was downloading shockwave from adobe (or so I thought) and malwarebytes premium picked it up as malware. Can have someone help me look at this to make sure I didn't do any damage? The file was located at C:\Windows\SysWOW64\Adobe\Shockwave 12\SCC.dll It is currently quarantined. Thanks!
  10. sbennett3348
    I reset all the browsers. I don't believe there are any more issues. Thanks so much for the help!
  11. sbennett3348
    Sorry, the file didn't attach Scan Results.txt
  12. sbennett3348
    Yes Please, Thanks
  13. sbennett3348
    In the process of doing windows updates right now. The only thing I am currently concerned about is the trojan it mentioned last time. Where do you think I currently stand? Results of screen317's Security Check version 0.99.93 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Mozilla Firefox (34.0.5) Google Chrome (39.0.2171.95) Google Chrome (plugins...) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014 Ran by Shad at 2014-12-17 13:24:39 Run:2 Running from C:\Users\Shad\Desktop\attempt to fix Loaded Profile: Shad (Available profiles: Shad) Boot Mode: Normal ============================================== Content of fixlist: ***************** start C:\Program Files (x86)\Flash Update C:\Windows\Installer\MSI338E.tmp- EmptyTemp: end ***************** C:\Program Files (x86)\Flash Update => Moved successfully. C:\Windows\Installer\MSI338E.tmp- => Moved successfully. EmptyTemp: => Removed 483.9 MB temporary data. The system needed a reboot. ==== End of Fixlog ====
  14. sbennett3348
    Sorry, I was finishing up finals this week. RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits versionStarted in : Normal modeUser : Shad [Administrator]Mode : Scan -- Date : 12/13/2014 10:05:31 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 9 ¤¤¤[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1595739235-987919694-39041242-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1595739235-987919694-39041242-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B4F62580-3941-47B8-A5FB-CCB971F1889B} | DhcpNameServer : 161.28.140.250 161.28.20.250 161.28.224.90 161.28.224.91 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B4F62580-3941-47B8-A5FB-CCB971F1889B} | DhcpNameServer : 161.28.140.250 161.28.20.250 161.28.224.90 161.28.224.91 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++--- User ---[MBR] a84dd93b5b19931ceaddbccc47850486[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MBUser = LL1 ... OKError reading LL2 MBR! ([1] Incorrect function. ) ESET C:\Program Files (x86)\Flash Update\Win32FlashUpdate.exe Win32/Tivmonk.B trojanC:\Windows\Installer\MSI338E.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted applicationC:\Windows\Installer\MSI338E.tmp-\sppsm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted applicationC:\Windows\Installer\MSI338E.tmp-\spusm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted applicationC:\Windows\Installer\MSI338E.tmp-\srbu.dll a variant of MSIL/Toolbar.Linkury.F potentially unwanted application The computer seems to be running smoothly even with the PUP's found by those scans. Thanks!
  15. sbennett3348
    Thanks for helping! I uninstalled Spybot, and didn't seem to have any problems. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.0 (11.29.2014:1)OS: Windows 8.1 x64Ran by Shad on Mon 12/08/2014 at 21:40:54.75~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"Successfully deleted: [File] "C:\WINDOWS\wininit.ini" ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 12/08/2014 at 21:54:04.33End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# AdwCleaner v4.105 - Report created 08/12/2014 at 21:33:56# Updated 08/12/2014 by Xplode# Database : 2014-12-08.2 [Live]# Operating System : Windows 8.1 (64 bits)# Username : Shad - SJBENNETT# Running from : C:\Users\Shad\Downloads\AdwCleaner (1).exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v32.0.3 (x86 en-US) -\\ Google Chrome v39.0.2171.71 ************************* AdwCleaner[R0].txt - [1633 octets] - [08/12/2014 21:28:29]AdwCleaner[s0].txt - [1554 octets] - [08/12/2014 21:33:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1614 octets] ########## Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2014Ran by Shad at 2014-12-08 21:20:00 Run:1Running from C:\Users\Shad\Desktop\attempt to fixLoaded Profile: Shad (Available profiles: Shad)Boot Mode: Normal============================================== Content of fixlist:*****************start(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exeC:\Program Files (x86)\CouponsWinlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\MountPoints2: {16461feb-12b8-11e4-8251-008cfa64d4c8} - "E:\TL_Bootstrap.exe"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\MountPoints2: {9628af38-589b-11e4-bec6-008cfa64d4c8} - "E:\TL_Bootstrap.exe"SearchScopes: HKU\S-1-5-21-1595739235-987919694-39041242-1001 -> {B3D1926F-4CB7-43B2-A011-A429B406E4C6} URL = C:\Program Files (x86)\Pando NetworksFF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)2014-12-03 12:34 - 2014-12-03 12:34 - 00000000 __SHD () C:\Users\Shad\AppData\Local\EmieBrowserModeListreg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved\Pokki" /fCMD: ipconfig /flushdnsCMD: netsh winsock reset allEmptyTemp:end***************** [1388] C:\Program Files (x86)\Coupons\CouponPrinterService.exe => Process closed successfully.C:\Program Files (x86)\Coupons => Moved successfully."HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key not found."HKU\S-1-5-21-1595739235-987919694-39041242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16461feb-12b8-11e4-8251-008cfa64d4c8}" => Key deleted successfully."HKCR\CLSID\{16461feb-12b8-11e4-8251-008cfa64d4c8}" => Key not found."HKU\S-1-5-21-1595739235-987919694-39041242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9628af38-589b-11e4-bec6-008cfa64d4c8}" => Key deleted successfully."HKCR\CLSID\{9628af38-589b-11e4-bec6-008cfa64d4c8}" => Key not found."HKU\S-1-5-21-1595739235-987919694-39041242-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3D1926F-4CB7-43B2-A011-A429B406E4C6}" => Key deleted successfully."HKCR\CLSID\{B3D1926F-4CB7-43B2-A011-A429B406E4C6}" => Key not found.C:\Program Files (x86)\Pando Networks => Moved successfully."HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.CouponPrinterService => Service deleted successfully.C:\Users\Shad\AppData\Local\EmieBrowserModeList => Moved successfully. ========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved\Pokki" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= EmptyTemp: => Removed 699.9 MB temporary data. The system needed a reboot. ==== End of Fixlog ====
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.