sbennett3348
Honorary Members-
Posts
46 -
Joined
-
Last visited
Reputation
0 Neutral-
Malware/pup help please
sbennett3348 replied to sbennett3348's topic in Resolved Malware Removal Logs
Awesome, thanks. -
Malware/pup help please
sbennett3348 replied to sbennett3348's topic in Resolved Malware Removal Logs
So I should be good even with the caught trojan and removed malware? I feel like when I have gotten something usually more comes with it. If so, that would be awesome to be able to use my comp for everything again. -
Malware/pup help please
sbennett3348 replied to sbennett3348's topic in Resolved Malware Removal Logs
Thanks scan log jan 7.txt -
Malware/pup help please
sbennett3348 replied to sbennett3348's topic in Resolved Malware Removal Logs
The first thing I saw was a trojan blocked by windows defender, I wanted to make sure there aren't any other trojans and the second was called PUP.Optional.Crossrider found by malwarebytes -
Hi, I am currently having problems and I am hoping to get help. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015Ran by Shad (administrator) on SJBENNETT (05-01-2016 08:51:15)Running from C:\Users\Shad\DownloadsLoaded Profiles: Shad (Available Profiles: Shad)Platform: Windows 8.1 Pro (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(AMD) C:\Windows\System32\atieclxx.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3165040 2013-08-14] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [bncsaui.exe] => %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exeHKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124536 2015-06-04] (LeapFrog Enterprises, Inc.)HKLM-x32\...\Run: [VizzedRgrPluginServiceLoader] => C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe [40448 2015-09-26] ()HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [Amazon Music] => C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeHKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeStartup: C:\Users\Shad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-29]ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{5F403669-F653-4852-9407-11FD1DE8054E}: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{B4F62580-3941-47B8-A5FB-CCB971F1889B}: [DhcpNameServer] 155.97.136.200 155.101.246.200 Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.comSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1595739235-987919694-39041242-1001 -> {B3D1926F-4CB7-43B2-A011-A429B406E4C6} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-05] (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-05] (Oracle Corporation)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) FireFox:========FF ProfilePath: C:\Users\Shad\AppData\Roaming\Mozilla\Firefox\Profiles\lc65gpxy.default-1419348729014FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-09-05] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-05] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-11] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll [2015-09-26] (Vizzed.com)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-20] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.) Chrome: =======CHR Profile: C:\Users\Shad\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]CHR Extension: (Adblock Plus) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]CHR Extension: (Block site) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-09-23]CHR Extension: (Google Docs Offline) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]CHR Extension: (AdBlock) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]CHR Extension: (StayFocusd) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-09-15]CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-12-29]CHR Extension: (Chrome Web Store Payments) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [4130960 2014-01-21] (Bradford Networks)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] ()S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-01-15] (Advanced Micro Devices)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-05] (Symantec Corporation)S3 EraserUtilDrv11311; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [140376 2013-09-05] (Symantec Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-04] (Malwarebytes)S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-24] (Realtek Semiconductor Corporation )R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-05 08:50 - 2016-01-05 08:50 - 00000000 ____D C:\Users\Shad\Downloads\FRST-OlderVersion2015-12-17 12:55 - 2015-12-17 12:55 - 00243478 _____ C:\Users\Shad\Desktop\Amazon.pdf2015-12-17 12:49 - 2015-12-17 12:49 - 00243459 _____ C:\Users\Shad\Downloads\Amazon.pdf2015-12-17 10:21 - 2015-12-17 10:21 - 00008685 _____ C:\Users\Shad\Desktop\research hours spreadsheet.xlsx2015-12-16 09:36 - 2015-12-17 10:20 - 00008684 _____ C:\Users\Shad\Documents\Research spreadsheet.xlsx2015-12-15 22:22 - 2015-12-15 22:22 - 00015015 _____ C:\Users\Shad\Desktop\Johns transition.xlsx2015-12-14 07:38 - 2015-12-14 07:38 - 00164748 _____ C:\Users\Shad\Downloads\Final Project Description (1)2015-12-14 07:36 - 2015-12-14 07:36 - 00164748 _____ C:\Users\Shad\Downloads\Final Project Description2015-12-09 13:44 - 2015-12-09 13:44 - 00742295 _____ C:\Users\Shad\Downloads\Disability Rights Laws_Certificate of Course Completion.pdf2015-12-09 13:44 - 2015-12-09 13:44 - 00742295 _____ C:\Users\Shad\Desktop\Disability Rights Laws_Certificate of Course Completion.pdf2015-12-09 12:52 - 2015-10-10 23:34 - 00468824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS2015-12-09 12:52 - 2015-10-10 23:34 - 00462168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys2015-12-09 12:52 - 2015-10-10 23:34 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys2015-12-09 12:52 - 2015-10-10 23:34 - 00092504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys2015-12-09 12:52 - 2015-10-10 23:34 - 00027992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys2015-12-09 12:52 - 2015-10-10 11:41 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys2015-12-09 12:52 - 2015-10-10 11:41 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys2015-12-09 12:52 - 2015-10-10 10:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll2015-12-09 12:52 - 2015-10-08 09:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll2015-12-09 12:52 - 2015-10-08 08:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll2015-12-09 12:52 - 2015-10-03 12:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2015-12-09 12:52 - 2015-10-03 12:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2015-12-09 10:49 - 2015-12-09 10:49 - 00084457 _____ C:\Users\Shad\Downloads\IntakeMeasureData without names (1).xlsx2015-12-09 10:33 - 2015-12-09 10:33 - 00098858 _____ C:\Users\Shad\Downloads\NBCOT_Proposal Final_ALT.pdf2015-12-09 09:10 - 2015-11-11 09:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2015-12-09 09:10 - 2015-11-11 09:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2015-12-09 09:10 - 2015-11-11 08:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2015-12-09 09:10 - 2015-11-11 08:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2015-12-09 09:10 - 2015-11-09 17:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2015-12-09 09:10 - 2015-11-09 17:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2015-12-09 09:10 - 2015-11-09 17:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll2015-12-09 09:10 - 2015-11-09 17:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2015-12-09 09:10 - 2015-11-09 16:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2015-12-09 09:10 - 2015-11-09 16:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2015-12-09 09:10 - 2015-11-09 16:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2015-12-09 09:10 - 2015-11-09 16:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2015-12-09 09:10 - 2015-11-09 16:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2015-12-09 09:10 - 2015-11-09 16:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll2015-12-09 09:10 - 2015-11-09 16:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2015-12-09 09:10 - 2015-11-09 16:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2015-12-09 09:10 - 2015-11-09 16:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2015-12-09 09:10 - 2015-11-08 15:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2015-12-09 09:10 - 2015-11-08 15:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2015-12-09 09:10 - 2015-11-08 15:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2015-12-09 09:10 - 2015-11-08 15:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll2015-12-09 09:10 - 2015-11-08 15:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2015-12-09 09:10 - 2015-11-08 14:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2015-12-09 09:10 - 2015-11-08 14:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll2015-12-09 09:10 - 2015-11-08 14:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2015-12-09 09:10 - 2015-11-08 14:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2015-12-09 09:10 - 2015-11-08 14:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2015-12-09 09:10 - 2015-11-08 14:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2015-12-09 09:10 - 2015-11-08 14:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2015-12-09 09:10 - 2015-11-08 14:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2015-12-09 09:10 - 2015-11-08 14:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2015-12-09 09:10 - 2015-11-08 13:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2015-12-09 09:10 - 2015-11-08 13:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2015-12-09 09:10 - 2015-11-08 13:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2015-12-09 09:10 - 2015-11-05 01:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys2015-12-09 09:09 - 2015-11-11 08:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2015-12-09 09:09 - 2015-11-11 08:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2015-12-09 09:09 - 2015-11-09 17:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2015-12-09 09:09 - 2015-11-09 16:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll2015-12-09 09:09 - 2015-11-08 13:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2015-12-09 09:07 - 2015-11-08 17:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll2015-12-09 09:07 - 2015-11-08 15:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2015-12-09 09:07 - 2015-11-08 14:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll2015-12-09 09:07 - 2015-11-08 14:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll2015-12-09 09:07 - 2015-11-08 14:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll2015-12-09 09:07 - 2015-11-08 13:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll2015-12-09 09:07 - 2015-11-08 13:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll2015-12-09 09:07 - 2015-11-08 13:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll2015-12-09 09:06 - 2015-11-21 23:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2015-12-09 09:06 - 2015-11-21 23:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2015-12-09 09:06 - 2015-11-21 23:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2015-12-09 09:06 - 2015-11-21 23:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2015-12-09 09:06 - 2015-11-21 23:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2015-12-09 09:06 - 2015-11-21 23:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2015-12-09 09:06 - 2015-11-21 23:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2015-12-09 09:06 - 2015-11-21 11:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll2015-12-09 09:06 - 2015-11-21 10:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll2015-12-09 09:06 - 2015-11-21 09:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll2015-12-09 09:06 - 2015-11-21 09:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll2015-12-09 09:06 - 2015-11-21 09:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll2015-12-09 09:06 - 2015-11-21 09:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll2015-12-09 09:05 - 2015-11-20 15:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2015-12-09 09:05 - 2015-11-20 11:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2015-12-09 09:05 - 2015-11-20 09:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2015-12-09 09:05 - 2015-11-20 09:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2015-12-09 09:05 - 2015-11-20 09:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2015-12-09 09:05 - 2015-11-20 09:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2015-12-09 09:05 - 2015-11-20 09:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2015-12-09 09:05 - 2015-11-20 09:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2015-12-09 09:05 - 2015-11-20 09:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2015-12-09 09:05 - 2015-11-20 09:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2015-12-09 09:05 - 2015-11-20 09:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2015-12-09 09:05 - 2015-11-20 09:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2015-12-09 09:05 - 2015-11-20 09:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2015-12-09 09:05 - 2015-10-28 08:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2015-12-09 09:05 - 2015-10-28 08:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2015-12-09 09:05 - 2015-10-05 11:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe2015-12-09 09:05 - 2015-10-05 11:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe2015-12-06 22:34 - 2015-12-06 22:34 - 00529619 _____ C:\Users\Shad\Downloads\Media Walk Around Sample.pdf2015-12-06 16:36 - 2015-12-06 16:36 - 00000000 ____D C:\Users\Shad\.android2015-12-06 16:24 - 2015-12-06 17:18 - 00000000 ____D C:\Users\Shad\AppData\Local\Genymobile2015-12-06 16:24 - 2015-12-06 16:47 - 00000000 ____D C:\Users\Shad\.VirtualBox2015-12-06 16:22 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys2015-12-06 16:22 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys2015-12-06 16:14 - 2015-12-06 16:15 - 132187096 _____ (Genymobile ) C:\Users\Shad\Downloads\genymotion-2.5.2-vbox.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-05 08:51 - 2015-02-09 15:26 - 00016117 _____ C:\Users\Shad\Downloads\FRST.txt2016-01-05 08:50 - 2015-02-09 15:25 - 02370560 _____ (Farbar) C:\Users\Shad\Downloads\FRST64.exe2016-01-05 08:50 - 2014-12-05 12:29 - 00000000 ____D C:\FRST2016-01-05 08:42 - 2014-07-04 19:01 - 00000000 ____D C:\Users\Shad\AppData\Local\Battle.net2016-01-04 23:21 - 2015-07-03 15:54 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2016-01-04 21:33 - 2015-02-20 15:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-12-31 19:22 - 2015-10-13 14:07 - 00000000 ____D C:\Program Files (x86)\Battle.net2015-12-30 10:12 - 2013-09-05 17:05 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1595739235-987919694-39041242-10012015-12-29 17:31 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps2015-12-29 17:31 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness2015-12-28 20:34 - 2015-07-03 15:54 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater2015-12-28 20:15 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp2015-12-18 14:04 - 2013-09-05 15:35 - 00000000 ____D C:\Users\Shad\AppData\Local\Packages2015-12-18 11:44 - 2013-08-22 08:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2015-12-18 11:39 - 2013-09-12 12:20 - 00000000 ____D C:\Program Files\Microsoft Office 152015-12-17 11:26 - 2015-10-13 14:09 - 00000000 ____D C:\Program Files (x86)\Hearthstone2015-12-17 10:24 - 2015-11-20 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-12-16 14:21 - 2013-09-05 17:46 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-12-15 12:41 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache2015-12-15 08:41 - 2015-09-29 12:33 - 00000000 ____D C:\Program Files (x86)\Mendeley Desktop2015-12-15 08:13 - 2013-10-29 05:15 - 00000000 ____D C:\Users\Shad\AppData\Local\CrashDumps2015-12-15 08:13 - 2013-09-05 19:55 - 00000000 ____D C:\Users\Shad\AppData\Local\Adobe2015-12-14 16:18 - 2014-07-04 19:01 - 00000000 ____D C:\Users\Shad\AppData\Roaming\Battle.net2015-12-14 16:18 - 2013-11-12 18:40 - 00000000 ____D C:\ProgramData\Battle.net2015-12-13 19:05 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF2015-12-11 18:57 - 2014-07-19 13:40 - 00000000 ___DO C:\Users\Shad\OneDrive2015-12-11 18:56 - 2013-09-05 17:44 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-12-11 10:35 - 2014-11-09 15:18 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat2015-12-11 10:35 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2015-12-11 10:35 - 2013-08-22 07:44 - 00509384 _____ C:\WINDOWS\system32\FNTCACHE.DAT2015-12-11 10:35 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf2015-12-11 10:32 - 2014-12-17 15:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-12-11 10:32 - 2014-01-10 20:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-12-11 10:32 - 2013-08-22 06:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI2015-12-11 10:27 - 2013-09-05 18:26 - 00000000 ____D C:\WINDOWS\system32\MRT2015-12-11 10:14 - 2013-09-05 18:26 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-12-09 13:44 - 2013-10-06 17:22 - 03527680 ___SH C:\Users\Shad\Downloads\Thumbs.db2015-12-09 11:04 - 2014-12-17 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-12-08 20:39 - 2013-09-06 09:20 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2015-12-06 17:18 - 2014-07-19 13:48 - 00000000 ____D C:\Program Files\AMD2015-12-06 16:42 - 2013-09-18 08:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-12-06 16:36 - 2014-07-19 10:26 - 00000000 ____D C:\Users\Shad2015-12-06 16:17 - 2013-09-05 21:40 - 01726976 ___SH C:\Users\Shad\Desktop\Thumbs.db ==================== Files in the root of some directories ======= 2014-03-19 18:27 - 2014-03-19 18:27 - 0005265 _____ () C:\Users\Shad\AppData\Roaming\callbanner.png Files to move or delete:====================C:\Users\Shad\jobq.dat ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\wininit.exe => File is digitally signedC:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\SysWOW64\explorer.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\SysWOW64\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\SysWOW64\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\SysWOW64\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\dnsapi.dll => File is digitally signedC:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-04 21:22 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015Ran by Shad (2016-01-05 08:58:38)Running from C:\Users\Shad\DownloadsWindows 8.1 Pro (X64) (2014-07-19 20:35:42)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1595739235-987919694-39041242-500 - Administrator - Disabled)Guest (S-1-5-21-1595739235-987919694-39041242-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1595739235-987919694-39041242-1005 - Limited - Enabled)Shad (S-1-5-21-1595739235-987919694-39041242-1001 - Administrator - Enabled) => C:\Users\Shad ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)Amazon Kindle (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Kindle) (Version: - Amazon)Amazon Music (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)AMD Catalyst Install Manager (HKLM\...\{83DEB2E3-26DC-26BE-2445-A3CA29203ABF}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)Anki (HKLM-x32\...\Anki) (Version: - )Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Bradford Persistent Agent (HKLM-x32\...\{892A1EE8-85D1-4487-A519-707AF9E94A80}) (Version: 3.1.4.16 - Bradford Networks)Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.29.1 - Google Inc.) HiddenHearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog)LeapFrog Connect (x32 Version: 7.0.6.19846 - LeapFrog) HiddenLeapFrog MyOwnLeaptop Plugin (x32 Version: 7.0.6.19846 - LeapFrog) HiddenMalwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) HiddenPlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)Toshiba Start (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin) (HKLM-x32\...\LeaptopPlugin) (Version: - LeapFrog)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Vizzed Retro Game Room (HKLM-x32\...\{65245253-FE12-4532-9FA2-18130C377C16}) (Version: 2.40 - Vizzed)WD Drive Utilities (HKLM-x32\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)WD SmartWare (HKLM\...\{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.)Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2495C376-D061-43C0-B98B-7E4775380404} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)Task: {31CE3ABA-E870-47AA-A465-8E3CF829BF39} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)Task: {31F8A95D-495C-483F-A632-35776759CE15} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exeTask: {3D06A8F7-733A-424F-922A-45E185B3EEE0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-18] (Microsoft Corporation)Task: {6A5139F2-3392-44E0-986A-C596D31F4577} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-11] (Microsoft Corporation)Task: {6D400E89-8251-4615-B7E9-F087CB557EDE} - System32\Tasks\{9CEAB1B1-915B-4951-A323-149D58BBB737} => pcalua.exe -a C:\DTToys\UDilbert.exe -d C:\DTToysTask: {A5EDE0D9-86FE-48DF-B6E2-3B39F05289BB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)Task: {AAC316C6-645B-494B-BAC7-8641E520C345} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exeTask: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= autoTask: {BAA9E648-0ED3-4E7E-AE5A-3328303BC3FF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)Task: {D561B15D-B104-4890-851A-FA7FD3789600} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)Task: {D5E3A5EB-85BA-460D-BE4D-E005C6F780C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {D9A2DAA0-8C20-44F4-A0D8-A4E6F67A9896} - System32\Tasks\TOSHIBA\TODDMain => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [2012-08-04] ()Task: {DD5716F6-3B73-49B8-94D6-6B8A8C9CA072} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)Task: {E64D4507-D4C7-46AC-8C60-4F4FCEB13A1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {F14BA311-233F-4858-9B6B-70225FDB47F3} - System32\Tasks\{5784A26B-C19D-4920-9FC6-7982AEF0ED21} => pcalua.exe -a "C:\GOG Games\Heroes of Might and Magic 4 Complete\unins000.exe" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe2015-10-30 18:58 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll2013-08-22 00:19 - 2013-08-21 23:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd2013-08-22 00:19 - 2013-08-21 23:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd2013-08-22 00:19 - 2013-08-21 23:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd2014-03-21 09:23 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2015-07-03 08:35 - 2015-07-03 08:35 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2015-12-16 14:20 - 2015-12-10 20:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll2015-12-16 14:20 - 2015-12-10 20:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\vizzed.com -> www.vizzed.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2015-12-15 08:38 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1595739235-987919694-39041242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shad\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpgDNS Servers: 192.168.0.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "RTHDVCPL"HKLM\...\StartupApproved\Run: => "Onboard"HKLM\...\StartupApproved\Run32: => "StartCCC"HKLM\...\StartupApproved\Run32: => "bncsaui.exe"HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"HKLM\...\StartupApproved\Run32: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "Monitor"HKLM\...\StartupApproved\Run32: => "VizzedRgrPluginServiceLoader"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Pokki"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Spotify Web Helper"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Amazon Music"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "ApplePhotoStreams"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "iCloudServices" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{296B56CA-93B0-4019-AF88-D6F2105EB7F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exeFirewallRules: [{71139C16-07BB-4183-AF90-63FD816D51E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exeFirewallRules: [uDP Query User{50D8E7B5-780F-43EE-94B2-D7C7CFD5B181}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exeFirewallRules: [TCP Query User{B444C6A1-D951-4EC4-AF80-3E271702B725}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exeFirewallRules: [{1E8E04CD-8E59-4A2C-84BF-4AAB3F52DAB1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exeFirewallRules: [{D0040AFC-31A5-40D0-AB85-673CBE7409C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exeFirewallRules: [{BC679683-AEC0-4B5D-ACC7-B2E310B3C19C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exeFirewallRules: [{7F5F07F1-C145-459F-B820-620006AB931D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exeFirewallRules: [{DAEBDB78-BE0F-4C02-AB5F-293C1874B280}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exeFirewallRules: [{8545D658-74D1-4490-8B66-87FDF9A9F767}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{BCE735F6-0AD7-406B-B274-682C16A84CAC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{F944EC1D-E7E0-4304-B4EA-3902343553E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{81A6CF51-C192-4F41-942B-B5CAE0C020E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [uDP Query User{E4475B15-33FD-457E-8DCD-1AFAB19E77B8}C:\users\shad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shad\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{37CB316E-E3EE-4267-97CD-2837F5B58F10}C:\users\shad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shad\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{29C4F8AC-139B-4F34-9D50-6A56F1CE0E6A}C:\users\shad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shad\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{14ACE0C7-DBD2-4E2D-960E-0E90AD381F2F}C:\users\shad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shad\appdata\roaming\spotify\spotify.exeFirewallRules: [{9A542F5F-39F3-42BE-BDA9-ED83FFD7B88B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{7E451835-4115-4076-B2E8-8181D50E2652}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{C6E08D53-FD97-4877-B6EE-3CE407092FA5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{1FEFEA1A-6BBC-4EEE-AB49-E2464C947EE6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{06E55DC8-57C8-409A-9D25-4E5213F0E765}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [{FA5D7E61-91A2-4B90-A5F6-4E383DA45917}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [{B0192036-8CF9-4976-8DD8-59CA6AC7B3B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [{8DB06473-75D6-41FE-9285-A1FFADB3A2B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [{F63599B9-865D-447D-99A1-15DEB9CD26D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exeFirewallRules: [{2020F57A-7A07-4848-A6FC-8906F73E0266}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exeFirewallRules: [{335C448A-7C04-4D5E-B576-5DFE4FD79D2E}] => (Allow) C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeFirewallRules: [{AFF5EFF5-1659-421B-8713-C4CFCE2576A5}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [{08C3A5EF-9DE7-4F5E-AB34-D5E0252B407F}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [{DCD1B54C-B411-4EEC-AFFE-AD401BA00564}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exeFirewallRules: [{0E445407-838F-47CA-B0D2-D8BC98E52318}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exeFirewallRules: [{F291644D-806D-4BD4-AC94-47BEC01AE79E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exeFirewallRules: [{BF5E8F83-E2C5-4A00-BBBE-839BBAB04476}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exeFirewallRules: [{33D67A8A-4553-4901-88F2-182C571D1EB0}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [{47E41E7E-7A1F-4472-A6C1-CAAE2BFF0C30}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [{5D17B9AA-C00B-4FBF-B1C5-E05E9BAC4880}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exeFirewallRules: [{AB1EB778-CC1D-4AC5-9C5F-1A8EFF0281A0}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exeFirewallRules: [{E43B3589-FB52-49E3-AD1B-3EC4904D54AA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exeFirewallRules: [{255D5ED8-93F4-4A4F-BCA9-72660D4D558F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exeFirewallRules: [{AC4D6708-DC4C-43B3-A0B8-0A125FE93E65}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exeFirewallRules: [{8B936FFF-E7E5-41B2-814A-BFE6A3341704}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{BE27DB90-DE04-4B4D-BC6D-A68835952A01}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{A99EB9FC-36D1-4A08-90B7-067BFEF42595}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{E4D577D6-7A79-4CE9-978D-A4922CE3E6D3}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{85411AE5-C887-45FD-99EB-503F37866274}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{3B9C963E-7436-4E2A-BD57-B95DF0BE37C7}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{78556AC0-7A9F-4551-A717-0DF5327E6F8B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{2374B58B-9929-446E-9E4C-A80D53492FB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{32FEFED0-1B22-43EA-8FF6-3DA9CD0B2859}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exeFirewallRules: [{A3E04391-CDF2-4F8A-9611-D604EE8C7968}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exeFirewallRules: [{BFDFBA3B-BD30-45C1-82B2-6CC5ABE07F0B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exeFirewallRules: [TCP Query User{9852C7CB-DFAA-4CC2-B64D-4924A1EDCFB6}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exeFirewallRules: [uDP Query User{D945A59F-6CC3-4B25-87AB-99229ED2BB84}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exeFirewallRules: [{258FA923-6799-40FF-95CE-3F000D7A3287}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 15-12-2015 08:41:39 Removed Bradford Persistent Agent28-12-2015 20:12:58 Windows Update04-01-2016 22:42:49 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (01/05/2016 02:55:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1906 Error: (01/05/2016 02:55:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1906 Error: (01/05/2016 02:55:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/05/2016 02:54:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1750 Error: (01/05/2016 02:54:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1750 Error: (01/04/2016 11:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/01/2016 09:32:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6109 Error: (01/01/2016 09:32:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 6109 Error: (01/01/2016 09:32:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/01/2016 09:32:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4344 System errors:=============Error: (12/11/2015 10:27:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3112148). Error: (12/11/2015 10:27:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3102429). Error: (12/11/2015 10:05:22 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:22 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca CodeIntegrity:=================================== Date: 2015-12-31 14:47:58.880 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-31 14:47:48.867 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-31 14:47:38.521 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:36.201 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:32.277 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:29.377 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:26.486 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:22.125 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:16.594 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:11.832 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD E1-1200 APU with Radeon HD GraphicsPercentage of memory in use: 58%Total physical RAM: 3658.26 MBAvailable physical RAM: 1528.4 MBTotal Virtual: 5237.23 MBAvailable Virtual: 2207.81 MB ==================== Drives ================================ Drive c: (TI10664800G) (Fixed) (Total:452.82 GB) (Free:318.84 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
-
Hello, I have the problem where your real time protection continually shuts off. I have re-installed it and installed it and as it should it fixes the problem. My problem now is that I have had to do this 7-8 times in the half a year I have owned the premium version. I need a permanent fix. Is there anything else I can do besides uninstall it, have to dig up my licensing info, and re installing it?\ Please assist. Thanks.
-
It seems to have been running fine, even after the malware. I just wasn't sure if it infected more.
-
Thanks for your help! Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015 Ran by Shad at 2015-02-09 15:31:18 Running from C:\Users\Shad\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.) Amazon Kindle (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Kindle) (Version: - Amazon) Amazon Music (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC) AMD Catalyst Install Manager (HKLM\...\{83DEB2E3-26DC-26BE-2445-A3CA29203ABF}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) Anki (HKLM-x32\...\Anki) (Version: - ) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bradford Persistent Agent (HKLM-x32\...\{892A1EE8-85D1-4487-A519-707AF9E94A80}) (Version: 3.1.4.16 - Bradford Networks) Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Heroes of Might and Magic 4 Complete (HKLM-x32\...\GOGPACKHOMM4COMPLETE_is1) (Version: 2.0.0.12 - GOG.com) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - ) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Might and Magic IX (HKLM-x32\...\GOGPACKMM9_is1) (Version: 2.0.0.11 - GOG.com) Might and Magic VIII - Day of the Destroyer (HKLM-x32\...\GOGPACKMM8_is1) (Version: 2.0.0.13 - GOG.com) Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated) TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation) TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation) Toshiba Start (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Vizzed Retro Game Room (HKLM-x32\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed) WD Drive Utilities (HKLM-x32\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.) WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 14-01-2015 17:03:52 Windows Update 22-01-2015 22:10:13 Scheduled Checkpoint 26-01-2015 09:26:02 Windows Update 31-01-2015 16:03:13 Windows Modules Installer 06-02-2015 13:00:44 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06FF914E-C72A-40E5-AE03-F71F5AEEF8F9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {2495C376-D061-43C0-B98B-7E4775380404} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated) Task: {31CE3ABA-E870-47AA-A465-8E3CF829BF39} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {31F8A95D-495C-483F-A632-35776759CE15} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe Task: {3D06A8F7-733A-424F-922A-45E185B3EEE0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation) Task: {6BF1754A-0DDE-4EEE-85B4-FCAA5E598EA4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-17] (Microsoft Corporation) Task: {6D400E89-8251-4615-B7E9-F087CB557EDE} - System32\Tasks\{9CEAB1B1-915B-4951-A323-149D58BBB737} => pcalua.exe -a C:\DTToys\UDilbert.exe -d C:\DTToys Task: {88FA6C13-5191-4E65-A00C-773821720736} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SJBENNETT-Shad SJBennett => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation) Task: {973234F8-3685-4436-84FA-D15B6F743846} - System32\Tasks\Norton PCCU OOBE Mode => C:\Program Files (x86)\PC Checkup\OOBEHelper.exe [2013-01-31] (Symantec Corporation) Task: {AAC316C6-645B-494B-BAC7-8641E520C345} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe Task: {D5E3A5EB-85BA-460D-BE4D-E005C6F780C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.) Task: {D9A2DAA0-8C20-44F4-A0D8-A4E6F67A9896} - System32\Tasks\TOSHIBA\TODDMain => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [2012-08-04] () Task: {DD5716F6-3B73-49B8-94D6-6B8A8C9CA072} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation) Task: {E64D4507-D4C7-46AC-8C60-4F4FCEB13A1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-03-21 09:23 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe 2014-11-22 18:30 - 2014-09-23 06:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2014-09-17 05:20 - 2014-10-14 22:35 - 06281024 _____ () C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe 2013-08-22 00:19 - 2013-08-21 23:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd 2013-08-22 00:19 - 2013-08-21 23:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd 2013-08-22 00:19 - 2013-08-21 23:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-02-06 16:51 - 2015-02-04 02:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll 2015-02-06 16:51 - 2015-02-04 02:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll 2015-02-06 16:51 - 2015-02-04 02:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Shad\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1595739235-987919694-39041242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shad\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "bncsaui.exe" HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace" HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Pokki" HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Accounts: ============================= Administrator (S-1-5-21-1595739235-987919694-39041242-500 - Administrator - Disabled) Guest (S-1-5-21-1595739235-987919694-39041242-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1595739235-987919694-39041242-1005 - Limited - Enabled) Shad (S-1-5-21-1595739235-987919694-39041242-1001 - Administrator - Enabled) => C:\Users\Shad ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10842485 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10842485 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10829078 Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10829078 Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10813172 Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10813172 System errors: ============= Error: (02/06/2015 08:43:16 PM) (Source: DCOM) (EventID: 10016) (User: SJBENNETT) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}SJBennettShadS-1-5-21-1595739235-987919694-39041242-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (02/06/2015 00:27:59 PM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer MARV that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}. The master browser is stopping or an election is being forced. Error: (02/05/2015 08:45:17 AM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer MARV that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}. The master browser is stopping or an election is being forced. Error: (01/31/2015 05:20:10 PM) (Source: DCOM) (EventID: 10016) (User: SJBENNETT) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}SJBennettShadS-1-5-21-1595739235-987919694-39041242-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (01/31/2015 04:48:26 PM) (Source: DCOM) (EventID: 10016) (User: SJBENNETT) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}SJBennettShadS-1-5-21-1595739235-987919694-39041242-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (01/28/2015 09:23:36 AM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer MARV that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}. The master browser is stopping or an election is being forced. Error: (01/27/2015 08:51:50 PM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer MARV that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}. The master browser is stopping or an election is being forced. Error: (01/25/2015 00:36:06 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.134. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer. Error: (01/23/2015 09:08:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240055: Security Update for Internet Explorer Flash Player for Windows 8.1 for x64-based Systems (KB3033408). Error: (01/23/2015 07:25:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service. Microsoft Office Sessions: ========================= Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10842485 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10842485 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10829078 Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10829078 Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10813172 Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10813172 CodeIntegrity Errors: =================================== Date: 2015-02-02 23:40:34.285 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:33.183 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:32.134 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:31.292 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:30.425 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:29.341 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:28.040 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:27.206 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:26.430 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:25.079 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD E1-1200 APU with Radeon HD Graphics Percentage of memory in use: 88% Total physical RAM: 3658.26 MB Available physical RAM: 427.32 MB Total Pagefile: 5089.68 MB Available Pagefile: 928.26 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (TI10664800G) (Fixed) (Total:452.82 GB) (Free:353.99 GB) NTFS Drive d: (BOY_MEETS_WORLD_SEASON_2) (CDROM) (Total:7.95 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015 Ran by Shad (administrator) on SJBENNETT on 09-02-2015 15:26:44 Running from C:\Users\Shad\Downloads Loaded Profiles: Shad (Available profiles: Shad) Platform: Windows 8.1 Pro (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe () C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3733\Agent.exe (Blizzard Entertainment) C:\Program Files (x86)\Diablo III\Diablo III.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation) HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3165040 2013-08-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [3487888 2014-01-21] (Bradford Networks) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [Amazon Music] => C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1595739235-987919694-39041242-1001 -> {B3D1926F-4CB7-43B2-A011-A429B406E4C6} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 FireFox: ======== FF ProfilePath: C:\Users\Shad\AppData\Roaming\Mozilla\Firefox\Profiles\lc65gpxy.default-1419348729014 FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) Chrome: ======= CHR Profile: C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (Adblock Plus) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-23] CHR Extension: (AdBlock) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-09] CHR Extension: (Google Wallet) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed] R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [4130960 2014-01-21] (Bradford Networks) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation) R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation) S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-01-15] (Advanced Micro Devices) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.) S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation) S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-05] (Symantec Corporation) S3 EraserUtilDrv11311; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [140376 2013-09-05] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-24] (Realtek Semiconductor Corporation ) R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 15:26 - 2015-02-09 15:28 - 00013780 _____ () C:\Users\Shad\Downloads\FRST.txt 2015-02-09 15:25 - 2015-02-09 15:25 - 02132992 _____ (Farbar) C:\Users\Shad\Downloads\FRST64.exe 2015-02-07 14:03 - 2015-02-09 15:21 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-07 14:03 - 2015-02-07 14:03 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-02-07 14:03 - 2015-02-07 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-02-07 14:02 - 2015-02-07 14:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-02-07 14:02 - 2015-02-07 14:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-07 14:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-07 14:02 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-07 14:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-07 14:01 - 2015-02-07 14:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Shad\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-07 13:51 - 2015-02-09 12:56 - 00015664 _____ () C:\WINDOWS\PFRO.log 2015-02-07 13:50 - 2015-02-07 13:50 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Shad\Downloads\mbam-clean-2.1.1.1001.exe 2015-02-07 11:43 - 2015-02-07 11:43 - 00000000 ____D () C:\Users\Shad\Documents\Diablo III 2015-02-07 09:30 - 2015-02-07 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III 2015-02-07 09:29 - 2015-02-07 11:41 - 00000000 ____D () C:\Program Files (x86)\Diablo III 2015-02-07 08:55 - 2015-02-07 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2015-02-07 08:55 - 2015-02-07 08:56 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-02-07 08:50 - 2015-02-07 08:52 - 03589024 _____ (Blizzard Entertainment) C:\Users\Shad\Downloads\Diablo-III-Setup-enUS.exe 2015-02-06 17:52 - 2015-02-06 17:52 - 00015380 _____ () C:\Users\Shad\Desktop\Cranial Nerves.apkg 2015-02-06 16:55 - 2015-02-06 16:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe 2015-02-06 16:53 - 2015-02-06 16:54 - 05006144 _____ (Adobe Systems Inc.) C:\Users\Shad\Downloads\Shockwave_Installer_Slim.exe 2015-02-06 16:52 - 2015-02-06 16:52 - 00132240 _____ () C:\Users\Shad\Downloads\neyes1.13.dcr 2015-02-04 19:57 - 2015-02-04 19:58 - 00005353 _____ () C:\Users\Shad\Desktop\Neuro-lab.apkg 2015-02-04 19:57 - 2015-02-04 19:57 - 00009634 _____ () C:\Users\Shad\Desktop\Neuro-Forebrain.apkg 2015-01-31 15:55 - 2015-01-31 15:55 - 06063552 _____ () C:\Users\Shad\Downloads\mm9_manual (1).zip 2015-01-31 14:39 - 2015-01-31 14:39 - 00001717 _____ () C:\Users\Public\Desktop\Might and Magic IX.lnk 2015-01-31 14:39 - 2015-01-31 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Might and Magic IX [GOG.com] 2015-01-31 14:38 - 2015-01-31 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Might and Magic VIII - Day of the Destroyer [GOG.com] 2015-01-31 14:38 - 2015-01-31 14:38 - 00001911 _____ () C:\Users\Public\Desktop\Might and Magic VIII - Day of the Destroyer.lnk 2015-01-31 14:22 - 2015-01-31 14:22 - 06063552 _____ () C:\Users\Shad\Downloads\mm9_manual.zip 2015-01-31 14:22 - 2015-01-31 14:22 - 00486162 _____ () C:\Users\Shad\Downloads\manual.zip 2015-01-31 14:21 - 2015-01-31 14:24 - 572504648 _____ (GOG.com ) C:\Users\Shad\Downloads\setup_mm9_2.0.0.11.exe 2015-01-31 14:20 - 2015-01-31 14:23 - 619253368 _____ (GOG.com ) C:\Users\Shad\Downloads\setup_mm8_2.0.0.13.exe 2015-01-27 11:19 - 2015-01-27 11:24 - 00000000 ____D () C:\Users\Shad\Desktop\SOC1200 2015-01-27 11:12 - 2015-02-02 07:39 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SJBENNETT-Shad SJBennett 2015-01-26 19:21 - 2015-02-09 12:57 - 00000539 _____ () C:\WINDOWS\setupact.log 2015-01-26 19:21 - 2015-01-26 19:21 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-25 16:54 - 2015-02-09 15:21 - 01964042 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-25 16:16 - 2015-01-25 16:17 - 12994216 _____ () C:\Users\Shad\Downloads\Nitemare-3D.zip 2015-01-25 16:15 - 2015-01-25 16:15 - 00000000 ____D () C:\Users\Shad\Downloads\labfull 2015-01-25 16:09 - 2015-01-25 16:09 - 00887582 _____ () C:\Users\Shad\Downloads\labfull.zip 2015-01-25 13:16 - 2015-01-25 13:16 - 00010412 _____ () C:\Users\Shad\Downloads\psychosocial quiz 1.apkg 2015-01-23 15:21 - 2012-02-08 16:36 - 00363520 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B8L.dll 2015-01-23 15:21 - 2012-01-24 16:18 - 00077568 _____ () C:\WINDOWS\system32\CNC1762D.TBL 2015-01-23 15:21 - 2012-01-16 14:21 - 00287744 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B8C.dll 2015-01-23 15:21 - 2012-01-16 14:20 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B8I.dll 2015-01-23 15:21 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll 2015-01-22 09:24 - 2015-01-22 09:24 - 00077312 _____ () C:\Users\Shad\Downloads\2009-10-Estimations-Nation (1).xls 2015-01-22 09:19 - 2015-01-22 09:19 - 00077312 _____ () C:\Users\Shad\Downloads\2009-10-Estimations-Nation.xls 2015-01-20 19:37 - 2015-01-20 19:37 - 00010178 _____ () C:\Users\Shad\Downloads\OT Books for Sale.xlsx 2015-01-20 13:21 - 2015-01-20 13:21 - 00049683 _____ () C:\Users\Shad\Downloads\Soc 1200 Roster-1.xlsx 2015-01-20 10:01 - 2015-01-20 10:19 - 00011497 _____ () C:\Users\Shad\Documents\Students in both classes Spring 2015.xlsx 2015-01-20 09:50 - 2015-01-20 09:59 - 00001889 _____ () C:\Users\Shad\Downloads\Grades-SOC-1200-151-V37-Hammond-SPRING_2015-XLIST (1).csv 2015-01-20 09:13 - 2015-01-20 09:13 - 00048656 _____ () C:\Users\Shad\Downloads\Soc 1200 Roster (1).xlsx 2015-01-20 09:12 - 2015-01-20 09:13 - 00050635 _____ () C:\Users\Shad\Downloads\Soc 1010 Roster (1).xlsx 2015-01-17 15:50 - 2012-03-26 05:00 - 00389120 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMB8.DLL 2015-01-14 13:57 - 2015-01-14 13:57 - 00048656 _____ () C:\Users\Shad\Downloads\Soc 1200 Roster.xlsx 2015-01-14 13:56 - 2015-01-14 13:56 - 00050635 _____ () C:\Users\Shad\Downloads\Soc 1010 Roster.xlsx 2015-01-14 09:56 - 2014-12-18 23:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 09:56 - 2014-12-11 19:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 09:56 - 2014-12-11 17:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 09:56 - 2014-12-08 18:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 09:56 - 2014-12-08 12:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 09:56 - 2014-12-05 20:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 09:56 - 2014-12-05 18:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 09:56 - 2014-12-05 18:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-12 07:54 - 2015-01-12 10:20 - 00000000 ____D () C:\Users\Shad\Desktop\Photos end of 2014 2015-01-10 09:28 - 2015-01-10 09:28 - 00001872 _____ () C:\Users\Public\Desktop\Heroes of Might and Magic 4 Complete.lnk 2015-01-10 09:28 - 2015-01-10 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic 4 Complete [GOG.com] 2015-01-10 09:07 - 2015-01-10 09:21 - 995423848 _____ (GOG.com ) C:\Users\Shad\Downloads\setup_homm4_complete_2.0.0.12 (3).exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 15:27 - 2014-12-05 12:29 - 00000000 ____D () C:\FRST 2015-02-09 15:21 - 2014-07-04 19:01 - 00000000 ____D () C:\Users\Shad\AppData\Local\Battle.net 2015-02-09 15:20 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-09 13:42 - 2013-09-05 17:44 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-09 13:01 - 2014-07-19 13:40 - 00000000 ___DO () C:\Users\Shad\OneDrive 2015-02-09 12:58 - 2013-09-05 17:44 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-09 12:57 - 2014-11-09 15:18 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat 2015-02-09 12:57 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-09 12:56 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-07 18:52 - 2013-09-05 17:05 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1595739235-987919694-39041242-1001 2015-02-07 18:36 - 2013-09-05 15:35 - 00000000 ____D () C:\Users\Shad\AppData\Local\Packages 2015-02-07 13:45 - 2013-09-05 21:40 - 01288192 ___SH () C:\Users\Shad\Desktop\Thumbs.db 2015-02-07 13:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-07 09:27 - 2014-07-04 19:01 - 00000000 ____D () C:\Users\Shad\AppData\Roaming\Battle.net 2015-02-06 18:54 - 2013-09-14 19:51 - 00000000 ____D () C:\Users\Shad\Documents\Anki 2015-02-06 16:52 - 2013-09-05 17:46 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-06 13:03 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-06 09:37 - 2013-09-05 17:44 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 09:37 - 2013-09-05 17:44 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-03 12:31 - 2014-12-16 20:08 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 12:31 - 2014-12-16 20:08 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 08:42 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-01-31 16:04 - 2013-10-29 05:15 - 00000000 ____D () C:\Users\Shad\AppData\Local\CrashDumps 2015-01-31 16:04 - 2013-08-22 04:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll 2015-01-31 16:04 - 2013-08-22 04:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe 2015-01-31 16:04 - 2013-08-22 04:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll 2015-01-31 16:04 - 2013-08-22 04:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll 2015-01-31 16:04 - 2013-08-22 04:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll 2015-01-31 16:04 - 2013-08-21 20:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll 2015-01-31 16:04 - 2013-08-21 20:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe 2015-01-31 16:04 - 2013-08-21 20:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll 2015-01-31 16:04 - 2013-08-21 20:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll 2015-01-31 16:04 - 2013-08-21 20:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll 2015-01-31 14:35 - 2014-04-19 07:00 - 00000000 ____D () C:\GOG Games 2015-01-27 10:43 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-25 16:18 - 2014-08-15 11:04 - 00000000 ____D () C:\Users\Shad\Desktop\attempt to fix 2015-01-17 11:46 - 2014-07-19 10:26 - 00000000 ____D () C:\Users\Shad 2015-01-17 11:35 - 2013-09-05 18:26 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-17 11:26 - 2013-09-05 18:26 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-16 08:46 - 2014-03-18 03:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-12 15:00 - 2014-07-31 12:03 - 00000000 ____D () C:\Users\Shad\Desktop\Family Testbank Questions2014 2015-01-12 14:59 - 2014-07-31 12:03 - 00000000 ____D () C:\Users\Shad\Desktop\Intro Testbank Questions2014 ==================== Files in the root of some directories ======= 2014-03-19 18:27 - 2014-03-19 18:27 - 0005265 _____ () C:\Users\Shad\AppData\Roaming\callbanner.png ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-30 21:13 ==================== End Of Log ============================
-
Hi, I was downloading shockwave from adobe (or so I thought) and malwarebytes premium picked it up as malware. Can have someone help me look at this to make sure I didn't do any damage? The file was located at C:\Windows\SysWOW64\Adobe\Shockwave 12\SCC.dll It is currently quarantined. Thanks!
-
First pup since purchasing Premium
sbennett3348 replied to sbennett3348's topic in Resolved Malware Removal Logs
I reset all the browsers. I don't believe there are any more issues. Thanks so much for the help! -
First pup since purchasing Premium
sbennett3348 replied to sbennett3348's topic in Resolved Malware Removal Logs
Sorry, the file didn't attach Scan Results.txt -
First pup since purchasing Premium
sbennett3348 replied to sbennett3348's topic in Resolved Malware Removal Logs
Yes Please, Thanks -
First pup since purchasing Premium
sbennett3348 replied to sbennett3348's topic in Resolved Malware Removal Logs
In the process of doing windows updates right now. The only thing I am currently concerned about is the trojan it mentioned last time. Where do you think I currently stand? Results of screen317's Security Check version 0.99.93 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Mozilla Firefox (34.0.5) Google Chrome (39.0.2171.95) Google Chrome (plugins...) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014 Ran by Shad at 2014-12-17 13:24:39 Run:2 Running from C:\Users\Shad\Desktop\attempt to fix Loaded Profile: Shad (Available profiles: Shad) Boot Mode: Normal ============================================== Content of fixlist: ***************** start C:\Program Files (x86)\Flash Update C:\Windows\Installer\MSI338E.tmp- EmptyTemp: end ***************** C:\Program Files (x86)\Flash Update => Moved successfully. C:\Windows\Installer\MSI338E.tmp- => Moved successfully. EmptyTemp: => Removed 483.9 MB temporary data. The system needed a reboot. ==== End of Fixlog ==== -
First pup since purchasing Premium
sbennett3348 replied to sbennett3348's topic in Resolved Malware Removal Logs
Sorry, I was finishing up finals this week. RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits versionStarted in : Normal modeUser : Shad [Administrator]Mode : Scan -- Date : 12/13/2014 10:05:31 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 9 ¤¤¤[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1595739235-987919694-39041242-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1595739235-987919694-39041242-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B4F62580-3941-47B8-A5FB-CCB971F1889B} | DhcpNameServer : 161.28.140.250 161.28.20.250 161.28.224.90 161.28.224.91 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B4F62580-3941-47B8-A5FB-CCB971F1889B} | DhcpNameServer : 161.28.140.250 161.28.20.250 161.28.224.90 161.28.224.91 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++--- User ---[MBR] a84dd93b5b19931ceaddbccc47850486[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MBUser = LL1 ... OKError reading LL2 MBR! ([1] Incorrect function. ) ESET C:\Program Files (x86)\Flash Update\Win32FlashUpdate.exe Win32/Tivmonk.B trojanC:\Windows\Installer\MSI338E.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted applicationC:\Windows\Installer\MSI338E.tmp-\sppsm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted applicationC:\Windows\Installer\MSI338E.tmp-\spusm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted applicationC:\Windows\Installer\MSI338E.tmp-\srbu.dll a variant of MSIL/Toolbar.Linkury.F potentially unwanted application The computer seems to be running smoothly even with the PUP's found by those scans. Thanks! -
First pup since purchasing Premium
sbennett3348 replied to sbennett3348's topic in Resolved Malware Removal Logs
Thanks for helping! I uninstalled Spybot, and didn't seem to have any problems. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.0 (11.29.2014:1)OS: Windows 8.1 x64Ran by Shad on Mon 12/08/2014 at 21:40:54.75~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"Successfully deleted: [File] "C:\WINDOWS\wininit.ini" ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 12/08/2014 at 21:54:04.33End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# AdwCleaner v4.105 - Report created 08/12/2014 at 21:33:56# Updated 08/12/2014 by Xplode# Database : 2014-12-08.2 [Live]# Operating System : Windows 8.1 (64 bits)# Username : Shad - SJBENNETT# Running from : C:\Users\Shad\Downloads\AdwCleaner (1).exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v32.0.3 (x86 en-US) -\\ Google Chrome v39.0.2171.71 ************************* AdwCleaner[R0].txt - [1633 octets] - [08/12/2014 21:28:29]AdwCleaner[s0].txt - [1554 octets] - [08/12/2014 21:33:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1614 octets] ########## Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2014Ran by Shad at 2014-12-08 21:20:00 Run:1Running from C:\Users\Shad\Desktop\attempt to fixLoaded Profile: Shad (Available profiles: Shad)Boot Mode: Normal============================================== Content of fixlist:*****************start(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exeC:\Program Files (x86)\CouponsWinlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\MountPoints2: {16461feb-12b8-11e4-8251-008cfa64d4c8} - "E:\TL_Bootstrap.exe"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\MountPoints2: {9628af38-589b-11e4-bec6-008cfa64d4c8} - "E:\TL_Bootstrap.exe"SearchScopes: HKU\S-1-5-21-1595739235-987919694-39041242-1001 -> {B3D1926F-4CB7-43B2-A011-A429B406E4C6} URL = C:\Program Files (x86)\Pando NetworksFF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)2014-12-03 12:34 - 2014-12-03 12:34 - 00000000 __SHD () C:\Users\Shad\AppData\Local\EmieBrowserModeListreg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved\Pokki" /fCMD: ipconfig /flushdnsCMD: netsh winsock reset allEmptyTemp:end***************** [1388] C:\Program Files (x86)\Coupons\CouponPrinterService.exe => Process closed successfully.C:\Program Files (x86)\Coupons => Moved successfully."HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key not found."HKU\S-1-5-21-1595739235-987919694-39041242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16461feb-12b8-11e4-8251-008cfa64d4c8}" => Key deleted successfully."HKCR\CLSID\{16461feb-12b8-11e4-8251-008cfa64d4c8}" => Key not found."HKU\S-1-5-21-1595739235-987919694-39041242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9628af38-589b-11e4-bec6-008cfa64d4c8}" => Key deleted successfully."HKCR\CLSID\{9628af38-589b-11e4-bec6-008cfa64d4c8}" => Key not found."HKU\S-1-5-21-1595739235-987919694-39041242-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3D1926F-4CB7-43B2-A011-A429B406E4C6}" => Key deleted successfully."HKCR\CLSID\{B3D1926F-4CB7-43B2-A011-A429B406E4C6}" => Key not found.C:\Program Files (x86)\Pando Networks => Moved successfully."HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.CouponPrinterService => Service deleted successfully.C:\Users\Shad\AppData\Local\EmieBrowserModeList => Moved successfully. ========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved\Pokki" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= EmptyTemp: => Removed 699.9 MB temporary data. The system needed a reboot. ==== End of Fixlog ====