Jump to content

sbennett3348

Honorary Members
  • Posts

    46
  • Joined

  • Last visited

Everything posted by sbennett3348

  1. So I should be good even with the caught trojan and removed malware? I feel like when I have gotten something usually more comes with it. If so, that would be awesome to be able to use my comp for everything again.
  2. The first thing I saw was a trojan blocked by windows defender, I wanted to make sure there aren't any other trojans and the second was called PUP.Optional.Crossrider found by malwarebytes
  3. Hi, I am currently having problems and I am hoping to get help. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015Ran by Shad (administrator) on SJBENNETT (05-01-2016 08:51:15)Running from C:\Users\Shad\DownloadsLoaded Profiles: Shad (Available Profiles: Shad)Platform: Windows 8.1 Pro (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(AMD) C:\Windows\System32\atieclxx.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3165040 2013-08-14] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [bncsaui.exe] => %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exeHKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124536 2015-06-04] (LeapFrog Enterprises, Inc.)HKLM-x32\...\Run: [VizzedRgrPluginServiceLoader] => C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\VizzedRgrServiceLoader.exe [40448 2015-09-26] ()HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [Amazon Music] => C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] ()HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeHKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeStartup: C:\Users\Shad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-09-29]ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{5F403669-F653-4852-9407-11FD1DE8054E}: [DhcpNameServer] 192.168.0.1Tcpip\..\Interfaces\{B4F62580-3941-47B8-A5FB-CCB971F1889B}: [DhcpNameServer] 155.97.136.200 155.101.246.200 Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.comHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.comSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1595739235-987919694-39041242-1001 -> {B3D1926F-4CB7-43B2-A011-A429B406E4C6} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-09-05] (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-09-05] (Oracle Corporation)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cabHandler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) FireFox:========FF ProfilePath: C:\Users\Shad\AppData\Roaming\Mozilla\Firefox\Profiles\lc65gpxy.default-1419348729014FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-09-05] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-09-05] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-11] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll [2015-09-26] (Vizzed.com)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-20] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.) Chrome: =======CHR Profile: C:\Users\Shad\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]CHR Extension: (Adblock Plus) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-05]CHR Extension: (Block site) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2015-09-23]CHR Extension: (Google Docs Offline) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]CHR Extension: (AdBlock) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-12-04]CHR Extension: (StayFocusd) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-09-15]CHR Extension: (F.B Purity-Clean Up Facebook) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl [2015-12-29]CHR Extension: (Chrome Web Store Payments) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [4130960 2014-01-21] (Bradford Networks)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] ()S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation)S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.)R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-01-15] (Advanced Micro Devices)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.)S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-05] (Symantec Corporation)S3 EraserUtilDrv11311; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [140376 2013-09-05] (Symantec Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-04] (Malwarebytes)S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-24] (Realtek Semiconductor Corporation )R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-05 08:50 - 2016-01-05 08:50 - 00000000 ____D C:\Users\Shad\Downloads\FRST-OlderVersion2015-12-17 12:55 - 2015-12-17 12:55 - 00243478 _____ C:\Users\Shad\Desktop\Amazon.pdf2015-12-17 12:49 - 2015-12-17 12:49 - 00243459 _____ C:\Users\Shad\Downloads\Amazon.pdf2015-12-17 10:21 - 2015-12-17 10:21 - 00008685 _____ C:\Users\Shad\Desktop\research hours spreadsheet.xlsx2015-12-16 09:36 - 2015-12-17 10:20 - 00008684 _____ C:\Users\Shad\Documents\Research spreadsheet.xlsx2015-12-15 22:22 - 2015-12-15 22:22 - 00015015 _____ C:\Users\Shad\Desktop\Johns transition.xlsx2015-12-14 07:38 - 2015-12-14 07:38 - 00164748 _____ C:\Users\Shad\Downloads\Final Project Description (1)2015-12-14 07:36 - 2015-12-14 07:36 - 00164748 _____ C:\Users\Shad\Downloads\Final Project Description2015-12-09 13:44 - 2015-12-09 13:44 - 00742295 _____ C:\Users\Shad\Downloads\Disability Rights Laws_Certificate of Course Completion.pdf2015-12-09 13:44 - 2015-12-09 13:44 - 00742295 _____ C:\Users\Shad\Desktop\Disability Rights Laws_Certificate of Course Completion.pdf2015-12-09 12:52 - 2015-10-10 23:34 - 00468824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS2015-12-09 12:52 - 2015-10-10 23:34 - 00462168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys2015-12-09 12:52 - 2015-10-10 23:34 - 00443224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys2015-12-09 12:52 - 2015-10-10 23:34 - 00092504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys2015-12-09 12:52 - 2015-10-10 23:34 - 00027992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys2015-12-09 12:52 - 2015-10-10 11:41 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys2015-12-09 12:52 - 2015-10-10 11:41 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys2015-12-09 12:52 - 2015-10-10 10:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll2015-12-09 12:52 - 2015-10-08 09:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll2015-12-09 12:52 - 2015-10-08 08:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll2015-12-09 12:52 - 2015-10-03 12:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll2015-12-09 12:52 - 2015-10-03 12:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll2015-12-09 10:49 - 2015-12-09 10:49 - 00084457 _____ C:\Users\Shad\Downloads\IntakeMeasureData without names (1).xlsx2015-12-09 10:33 - 2015-12-09 10:33 - 00098858 _____ C:\Users\Shad\Downloads\NBCOT_Proposal Final_ALT.pdf2015-12-09 09:10 - 2015-11-11 09:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2015-12-09 09:10 - 2015-11-11 09:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2015-12-09 09:10 - 2015-11-11 08:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2015-12-09 09:10 - 2015-11-11 08:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2015-12-09 09:10 - 2015-11-09 17:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2015-12-09 09:10 - 2015-11-09 17:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2015-12-09 09:10 - 2015-11-09 17:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll2015-12-09 09:10 - 2015-11-09 17:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2015-12-09 09:10 - 2015-11-09 16:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2015-12-09 09:10 - 2015-11-09 16:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll2015-12-09 09:10 - 2015-11-09 16:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2015-12-09 09:10 - 2015-11-09 16:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2015-12-09 09:10 - 2015-11-09 16:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2015-12-09 09:10 - 2015-11-09 16:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll2015-12-09 09:10 - 2015-11-09 16:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2015-12-09 09:10 - 2015-11-09 16:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2015-12-09 09:10 - 2015-11-09 16:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2015-12-09 09:10 - 2015-11-08 15:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2015-12-09 09:10 - 2015-11-08 15:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2015-12-09 09:10 - 2015-11-08 15:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2015-12-09 09:10 - 2015-11-08 15:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll2015-12-09 09:10 - 2015-11-08 15:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2015-12-09 09:10 - 2015-11-08 14:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2015-12-09 09:10 - 2015-11-08 14:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll2015-12-09 09:10 - 2015-11-08 14:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll2015-12-09 09:10 - 2015-11-08 14:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll2015-12-09 09:10 - 2015-11-08 14:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2015-12-09 09:10 - 2015-11-08 14:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2015-12-09 09:10 - 2015-11-08 14:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2015-12-09 09:10 - 2015-11-08 14:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2015-12-09 09:10 - 2015-11-08 14:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2015-12-09 09:10 - 2015-11-08 13:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2015-12-09 09:10 - 2015-11-08 13:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2015-12-09 09:10 - 2015-11-08 13:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2015-12-09 09:10 - 2015-11-05 01:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys2015-12-09 09:09 - 2015-11-11 08:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2015-12-09 09:09 - 2015-11-11 08:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll2015-12-09 09:09 - 2015-11-09 17:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2015-12-09 09:09 - 2015-11-09 16:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll2015-12-09 09:09 - 2015-11-08 13:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2015-12-09 09:07 - 2015-11-08 17:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll2015-12-09 09:07 - 2015-11-08 15:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys2015-12-09 09:07 - 2015-11-08 14:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll2015-12-09 09:07 - 2015-11-08 14:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll2015-12-09 09:07 - 2015-11-08 14:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll2015-12-09 09:07 - 2015-11-08 13:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll2015-12-09 09:07 - 2015-11-08 13:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll2015-12-09 09:07 - 2015-11-08 13:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll2015-12-09 09:06 - 2015-11-21 23:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2015-12-09 09:06 - 2015-11-21 23:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll2015-12-09 09:06 - 2015-11-21 23:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2015-12-09 09:06 - 2015-11-21 23:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2015-12-09 09:06 - 2015-11-21 23:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2015-12-09 09:06 - 2015-11-21 23:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2015-12-09 09:06 - 2015-11-21 23:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll2015-12-09 09:06 - 2015-11-21 11:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll2015-12-09 09:06 - 2015-11-21 10:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll2015-12-09 09:06 - 2015-11-21 09:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll2015-12-09 09:06 - 2015-11-21 09:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll2015-12-09 09:06 - 2015-11-21 09:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll2015-12-09 09:06 - 2015-11-21 09:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll2015-12-09 09:05 - 2015-11-20 15:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2015-12-09 09:05 - 2015-11-20 11:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2015-12-09 09:05 - 2015-11-20 09:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2015-12-09 09:05 - 2015-11-20 09:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe2015-12-09 09:05 - 2015-11-20 09:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll2015-12-09 09:05 - 2015-11-20 09:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2015-12-09 09:05 - 2015-11-20 09:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2015-12-09 09:05 - 2015-11-20 09:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2015-12-09 09:05 - 2015-11-20 09:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2015-12-09 09:05 - 2015-11-20 09:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe2015-12-09 09:05 - 2015-11-20 09:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll2015-12-09 09:05 - 2015-11-20 09:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2015-12-09 09:05 - 2015-11-20 09:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2015-12-09 09:05 - 2015-10-28 08:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2015-12-09 09:05 - 2015-10-28 08:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2015-12-09 09:05 - 2015-10-05 11:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe2015-12-09 09:05 - 2015-10-05 11:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe2015-12-06 22:34 - 2015-12-06 22:34 - 00529619 _____ C:\Users\Shad\Downloads\Media Walk Around Sample.pdf2015-12-06 16:36 - 2015-12-06 16:36 - 00000000 ____D C:\Users\Shad\.android2015-12-06 16:24 - 2015-12-06 17:18 - 00000000 ____D C:\Users\Shad\AppData\Local\Genymobile2015-12-06 16:24 - 2015-12-06 16:47 - 00000000 ____D C:\Users\Shad\.VirtualBox2015-12-06 16:22 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys2015-12-06 16:22 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys2015-12-06 16:14 - 2015-12-06 16:15 - 132187096 _____ (Genymobile ) C:\Users\Shad\Downloads\genymotion-2.5.2-vbox.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-05 08:51 - 2015-02-09 15:26 - 00016117 _____ C:\Users\Shad\Downloads\FRST.txt2016-01-05 08:50 - 2015-02-09 15:25 - 02370560 _____ (Farbar) C:\Users\Shad\Downloads\FRST64.exe2016-01-05 08:50 - 2014-12-05 12:29 - 00000000 ____D C:\FRST2016-01-05 08:42 - 2014-07-04 19:01 - 00000000 ____D C:\Users\Shad\AppData\Local\Battle.net2016-01-04 23:21 - 2015-07-03 15:54 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2016-01-04 21:33 - 2015-02-20 15:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-12-31 19:22 - 2015-10-13 14:07 - 00000000 ____D C:\Program Files (x86)\Battle.net2015-12-30 10:12 - 2013-09-05 17:05 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1595739235-987919694-39041242-10012015-12-29 17:31 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps2015-12-29 17:31 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness2015-12-28 20:34 - 2015-07-03 15:54 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater2015-12-28 20:15 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp2015-12-18 14:04 - 2013-09-05 15:35 - 00000000 ____D C:\Users\Shad\AppData\Local\Packages2015-12-18 11:44 - 2013-08-22 08:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2015-12-18 11:39 - 2013-09-12 12:20 - 00000000 ____D C:\Program Files\Microsoft Office 152015-12-17 11:26 - 2015-10-13 14:09 - 00000000 ____D C:\Program Files (x86)\Hearthstone2015-12-17 10:24 - 2015-11-20 13:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2015-12-16 14:21 - 2013-09-05 17:46 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-12-15 12:41 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache2015-12-15 08:41 - 2015-09-29 12:33 - 00000000 ____D C:\Program Files (x86)\Mendeley Desktop2015-12-15 08:13 - 2013-10-29 05:15 - 00000000 ____D C:\Users\Shad\AppData\Local\CrashDumps2015-12-15 08:13 - 2013-09-05 19:55 - 00000000 ____D C:\Users\Shad\AppData\Local\Adobe2015-12-14 16:18 - 2014-07-04 19:01 - 00000000 ____D C:\Users\Shad\AppData\Roaming\Battle.net2015-12-14 16:18 - 2013-11-12 18:40 - 00000000 ____D C:\ProgramData\Battle.net2015-12-13 19:05 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF2015-12-11 18:57 - 2014-07-19 13:40 - 00000000 ___DO C:\Users\Shad\OneDrive2015-12-11 18:56 - 2013-09-05 17:44 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-12-11 10:35 - 2014-11-09 15:18 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat2015-12-11 10:35 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2015-12-11 10:35 - 2013-08-22 07:44 - 00509384 _____ C:\WINDOWS\system32\FNTCACHE.DAT2015-12-11 10:35 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf2015-12-11 10:32 - 2014-12-17 15:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight2015-12-11 10:32 - 2014-01-10 20:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight2015-12-11 10:32 - 2013-08-22 06:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI2015-12-11 10:27 - 2013-09-05 18:26 - 00000000 ____D C:\WINDOWS\system32\MRT2015-12-11 10:14 - 2013-09-05 18:26 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-12-09 13:44 - 2013-10-06 17:22 - 03527680 ___SH C:\Users\Shad\Downloads\Thumbs.db2015-12-09 11:04 - 2014-12-17 15:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-12-08 20:39 - 2013-09-06 09:20 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2015-12-06 17:18 - 2014-07-19 13:48 - 00000000 ____D C:\Program Files\AMD2015-12-06 16:42 - 2013-09-18 08:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2015-12-06 16:36 - 2014-07-19 10:26 - 00000000 ____D C:\Users\Shad2015-12-06 16:17 - 2013-09-05 21:40 - 01726976 ___SH C:\Users\Shad\Desktop\Thumbs.db ==================== Files in the root of some directories ======= 2014-03-19 18:27 - 2014-03-19 18:27 - 0005265 _____ () C:\Users\Shad\AppData\Roaming\callbanner.png Files to move or delete:====================C:\Users\Shad\jobq.dat ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\wininit.exe => File is digitally signedC:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\SysWOW64\explorer.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\SysWOW64\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\SysWOW64\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\SysWOW64\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\dnsapi.dll => File is digitally signedC:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-04 21:22 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015Ran by Shad (2016-01-05 08:58:38)Running from C:\Users\Shad\DownloadsWindows 8.1 Pro (X64) (2014-07-19 20:35:42)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1595739235-987919694-39041242-500 - Administrator - Disabled)Guest (S-1-5-21-1595739235-987919694-39041242-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1595739235-987919694-39041242-1005 - Limited - Enabled)Shad (S-1-5-21-1595739235-987919694-39041242-1001 - Administrator - Enabled) => C:\Users\Shad ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)Amazon Kindle (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Kindle) (Version: - Amazon)Amazon Music (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)AMD Catalyst Install Manager (HKLM\...\{83DEB2E3-26DC-26BE-2445-A3CA29203ABF}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)Anki (HKLM-x32\...\Anki) (Version: - )Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Bradford Persistent Agent (HKLM-x32\...\{892A1EE8-85D1-4487-A519-707AF9E94A80}) (Version: 3.1.4.16 - Bradford Networks)Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.29.1 - Google Inc.) HiddenHearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.6.19846 - LeapFrog)LeapFrog Connect (x32 Version: 7.0.6.19846 - LeapFrog) HiddenLeapFrog MyOwnLeaptop Plugin (x32 Version: 7.0.6.19846 - LeapFrog) HiddenMalwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)Microsoft OneDrive (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - )Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) HiddenPlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)Toshiba Start (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin) (HKLM-x32\...\LeaptopPlugin) (Version: - LeapFrog)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Vizzed Retro Game Room (HKLM-x32\...\{65245253-FE12-4532-9FA2-18130C377C16}) (Version: 2.40 - Vizzed)WD Drive Utilities (HKLM-x32\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)WD SmartWare (HKLM\...\{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.)Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2495C376-D061-43C0-B98B-7E4775380404} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)Task: {31CE3ABA-E870-47AA-A465-8E3CF829BF39} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)Task: {31F8A95D-495C-483F-A632-35776759CE15} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exeTask: {3D06A8F7-733A-424F-922A-45E185B3EEE0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-18] (Microsoft Corporation)Task: {6A5139F2-3392-44E0-986A-C596D31F4577} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-11] (Microsoft Corporation)Task: {6D400E89-8251-4615-B7E9-F087CB557EDE} - System32\Tasks\{9CEAB1B1-915B-4951-A323-149D58BBB737} => pcalua.exe -a C:\DTToys\UDilbert.exe -d C:\DTToysTask: {A5EDE0D9-86FE-48DF-B6E2-3B39F05289BB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)Task: {AAC316C6-645B-494B-BAC7-8641E520C345} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exeTask: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= autoTask: {BAA9E648-0ED3-4E7E-AE5A-3328303BC3FF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)Task: {D561B15D-B104-4890-851A-FA7FD3789600} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)Task: {D5E3A5EB-85BA-460D-BE4D-E005C6F780C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {D9A2DAA0-8C20-44F4-A0D8-A4E6F67A9896} - System32\Tasks\TOSHIBA\TODDMain => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [2012-08-04] ()Task: {DD5716F6-3B73-49B8-94D6-6B8A8C9CA072} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)Task: {E64D4507-D4C7-46AC-8C60-4F4FCEB13A1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)Task: {F14BA311-233F-4858-9B6B-70225FDB47F3} - System32\Tasks\{5784A26B-C19D-4920-9FC6-7982AEF0ED21} => pcalua.exe -a "C:\GOG Games\Heroes of Might and Magic 4 Complete\unins000.exe" (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe2015-10-30 18:58 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll2013-08-22 00:19 - 2013-08-21 23:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd2013-08-22 00:19 - 2013-08-21 23:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd2013-08-22 00:19 - 2013-08-21 23:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd2014-03-21 09:23 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2015-07-03 08:35 - 2015-07-03 08:35 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2015-12-16 14:20 - 2015-12-10 20:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll2015-12-16 14:20 - 2015-12-10 20:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\vizzed.com -> www.vizzed.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2015-12-15 08:38 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1595739235-987919694-39041242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shad\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpgDNS Servers: 192.168.0.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "RTHDVCPL"HKLM\...\StartupApproved\Run: => "Onboard"HKLM\...\StartupApproved\Run32: => "StartCCC"HKLM\...\StartupApproved\Run32: => "bncsaui.exe"HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"HKLM\...\StartupApproved\Run32: => "iTunesHelper"HKLM\...\StartupApproved\Run32: => "Monitor"HKLM\...\StartupApproved\Run32: => "VizzedRgrPluginServiceLoader"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Pokki"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Spotify Web Helper"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Amazon Music"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "ApplePhotoStreams"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "iCloudServices" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{296B56CA-93B0-4019-AF88-D6F2105EB7F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exeFirewallRules: [{71139C16-07BB-4183-AF90-63FD816D51E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exeFirewallRules: [uDP Query User{50D8E7B5-780F-43EE-94B2-D7C7CFD5B181}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exeFirewallRules: [TCP Query User{B444C6A1-D951-4EC4-AF80-3E271702B725}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe] => (Allow) C:\program files (x86)\spybot - search & destroy 2\sdupdate.exeFirewallRules: [{1E8E04CD-8E59-4A2C-84BF-4AAB3F52DAB1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exeFirewallRules: [{D0040AFC-31A5-40D0-AB85-673CBE7409C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exeFirewallRules: [{BC679683-AEC0-4B5D-ACC7-B2E310B3C19C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exeFirewallRules: [{7F5F07F1-C145-459F-B820-620006AB931D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exeFirewallRules: [{DAEBDB78-BE0F-4C02-AB5F-293C1874B280}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exeFirewallRules: [{8545D658-74D1-4490-8B66-87FDF9A9F767}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{BCE735F6-0AD7-406B-B274-682C16A84CAC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{F944EC1D-E7E0-4304-B4EA-3902343553E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{81A6CF51-C192-4F41-942B-B5CAE0C020E1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [uDP Query User{E4475B15-33FD-457E-8DCD-1AFAB19E77B8}C:\users\shad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shad\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{37CB316E-E3EE-4267-97CD-2837F5B58F10}C:\users\shad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shad\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{29C4F8AC-139B-4F34-9D50-6A56F1CE0E6A}C:\users\shad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shad\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{14ACE0C7-DBD2-4E2D-960E-0E90AD381F2F}C:\users\shad\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shad\appdata\roaming\spotify\spotify.exeFirewallRules: [{9A542F5F-39F3-42BE-BDA9-ED83FFD7B88B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{7E451835-4115-4076-B2E8-8181D50E2652}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{C6E08D53-FD97-4877-B6EE-3CE407092FA5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{1FEFEA1A-6BBC-4EEE-AB49-E2464C947EE6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exeFirewallRules: [{06E55DC8-57C8-409A-9D25-4E5213F0E765}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [{FA5D7E61-91A2-4B90-A5F6-4E383DA45917}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [{B0192036-8CF9-4976-8DD8-59CA6AC7B3B1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [{8DB06473-75D6-41FE-9285-A1FFADB3A2B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exeFirewallRules: [{F63599B9-865D-447D-99A1-15DEB9CD26D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exeFirewallRules: [{2020F57A-7A07-4848-A6FC-8906F73E0266}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exeFirewallRules: [{335C448A-7C04-4D5E-B576-5DFE4FD79D2E}] => (Allow) C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeFirewallRules: [{AFF5EFF5-1659-421B-8713-C4CFCE2576A5}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [{08C3A5EF-9DE7-4F5E-AB34-D5E0252B407F}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [{DCD1B54C-B411-4EEC-AFFE-AD401BA00564}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exeFirewallRules: [{0E445407-838F-47CA-B0D2-D8BC98E52318}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exeFirewallRules: [{F291644D-806D-4BD4-AC94-47BEC01AE79E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exeFirewallRules: [{BF5E8F83-E2C5-4A00-BBBE-839BBAB04476}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exeFirewallRules: [{33D67A8A-4553-4901-88F2-182C571D1EB0}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [{47E41E7E-7A1F-4472-A6C1-CAAE2BFF0C30}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exeFirewallRules: [{5D17B9AA-C00B-4FBF-B1C5-E05E9BAC4880}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exeFirewallRules: [{AB1EB778-CC1D-4AC5-9C5F-1A8EFF0281A0}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exeFirewallRules: [{E43B3589-FB52-49E3-AD1B-3EC4904D54AA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exeFirewallRules: [{255D5ED8-93F4-4A4F-BCA9-72660D4D558F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exeFirewallRules: [{AC4D6708-DC4C-43B3-A0B8-0A125FE93E65}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exeFirewallRules: [{8B936FFF-E7E5-41B2-814A-BFE6A3341704}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{BE27DB90-DE04-4B4D-BC6D-A68835952A01}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{A99EB9FC-36D1-4A08-90B7-067BFEF42595}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{E4D577D6-7A79-4CE9-978D-A4922CE3E6D3}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exeFirewallRules: [{85411AE5-C887-45FD-99EB-503F37866274}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{3B9C963E-7436-4E2A-BD57-B95DF0BE37C7}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exeFirewallRules: [{78556AC0-7A9F-4551-A717-0DF5327E6F8B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{2374B58B-9929-446E-9E4C-A80D53492FB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exeFirewallRules: [{32FEFED0-1B22-43EA-8FF6-3DA9CD0B2859}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exeFirewallRules: [{A3E04391-CDF2-4F8A-9611-D604EE8C7968}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exeFirewallRules: [{BFDFBA3B-BD30-45C1-82B2-6CC5ABE07F0B}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exeFirewallRules: [TCP Query User{9852C7CB-DFAA-4CC2-B64D-4924A1EDCFB6}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exeFirewallRules: [uDP Query User{D945A59F-6CC3-4B25-87AB-99229ED2BB84}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exeFirewallRules: [{258FA923-6799-40FF-95CE-3F000D7A3287}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 15-12-2015 08:41:39 Removed Bradford Persistent Agent28-12-2015 20:12:58 Windows Update04-01-2016 22:42:49 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (01/05/2016 02:55:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1906 Error: (01/05/2016 02:55:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1906 Error: (01/05/2016 02:55:09 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/05/2016 02:54:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 1750 Error: (01/05/2016 02:54:49 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 1750 Error: (01/04/2016 11:54:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/01/2016 09:32:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 6109 Error: (01/01/2016 09:32:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 6109 Error: (01/01/2016 09:32:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/01/2016 09:32:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 4344 System errors:=============Error: (12/11/2015 10:27:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3112148). Error: (12/11/2015 10:27:03 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)Description: Installation Failure: Windows failed to install the following update with error 0x8007045b: Update for Windows 8.1 for x64-based Systems (KB3102429). Error: (12/11/2015 10:05:22 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:22 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca Error: (12/11/2015 10:05:17 AM) (Source: DCOM) (EventID: 10010) (User: SJBENNETT)Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca CodeIntegrity:=================================== Date: 2015-12-31 14:47:58.880 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-31 14:47:48.867 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-31 14:47:38.521 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:36.201 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:32.277 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:29.377 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:26.486 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:22.125 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:16.594 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-12-18 14:11:11.832 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD E1-1200 APU with Radeon HD GraphicsPercentage of memory in use: 58%Total physical RAM: 3658.26 MBAvailable physical RAM: 1528.4 MBTotal Virtual: 5237.23 MBAvailable Virtual: 2207.81 MB ==================== Drives ================================ Drive c: (TI10664800G) (Fixed) (Total:452.82 GB) (Free:318.84 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
  4. Hello, I have the problem where your real time protection continually shuts off. I have re-installed it and installed it and as it should it fixes the problem. My problem now is that I have had to do this 7-8 times in the half a year I have owned the premium version. I need a permanent fix. Is there anything else I can do besides uninstall it, have to dig up my licensing info, and re installing it?\ Please assist. Thanks.
  5. It seems to have been running fine, even after the malware. I just wasn't sure if it infected more.
  6. Thanks for your help! Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015 Ran by Shad at 2015-02-09 15:31:18 Running from C:\Users\Shad\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.) Amazon Kindle (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Kindle) (Version: - Amazon) Amazon Music (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC) AMD Catalyst Install Manager (HKLM\...\{83DEB2E3-26DC-26BE-2445-A3CA29203ABF}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD) Anki (HKLM-x32\...\Anki) (Version: - ) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bradford Persistent Agent (HKLM-x32\...\{892A1EE8-85D1-4487-A519-707AF9E94A80}) (Version: 3.1.4.16 - Bradford Networks) Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Heroes of Might and Magic 4 Complete (HKLM-x32\...\GOGPACKHOMM4COMPLETE_is1) (Version: 2.0.0.12 - GOG.com) iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: - ) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Might and Magic IX (HKLM-x32\...\GOGPACKMM9_is1) (Version: 2.0.0.11 - GOG.com) Might and Magic VIII - Day of the Destroyer (HKLM-x32\...\GOGPACKMM8_is1) (Version: 2.0.0.13 - GOG.com) Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated) TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation) TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation) Toshiba Start (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Vizzed Retro Game Room (HKLM-x32\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed) WD Drive Utilities (HKLM-x32\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.) WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 14-01-2015 17:03:52 Windows Update 22-01-2015 22:10:13 Scheduled Checkpoint 26-01-2015 09:26:02 Windows Update 31-01-2015 16:03:13 Windows Modules Installer 06-02-2015 13:00:44 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {06FF914E-C72A-40E5-AE03-F71F5AEEF8F9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation) Task: {2495C376-D061-43C0-B98B-7E4775380404} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated) Task: {31CE3ABA-E870-47AA-A465-8E3CF829BF39} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {31F8A95D-495C-483F-A632-35776759CE15} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe Task: {3D06A8F7-733A-424F-922A-45E185B3EEE0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation) Task: {6BF1754A-0DDE-4EEE-85B4-FCAA5E598EA4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-17] (Microsoft Corporation) Task: {6D400E89-8251-4615-B7E9-F087CB557EDE} - System32\Tasks\{9CEAB1B1-915B-4951-A323-149D58BBB737} => pcalua.exe -a C:\DTToys\UDilbert.exe -d C:\DTToys Task: {88FA6C13-5191-4E65-A00C-773821720736} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SJBENNETT-Shad SJBennett => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation) Task: {973234F8-3685-4436-84FA-D15B6F743846} - System32\Tasks\Norton PCCU OOBE Mode => C:\Program Files (x86)\PC Checkup\OOBEHelper.exe [2013-01-31] (Symantec Corporation) Task: {AAC316C6-645B-494B-BAC7-8641E520C345} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe Task: {D5E3A5EB-85BA-460D-BE4D-E005C6F780C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.) Task: {D9A2DAA0-8C20-44F4-A0D8-A4E6F67A9896} - System32\Tasks\TOSHIBA\TODDMain => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [2012-08-04] () Task: {DD5716F6-3B73-49B8-94D6-6B8A8C9CA072} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation) Task: {E64D4507-D4C7-46AC-8C60-4F4FCEB13A1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-03-21 09:23 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe 2014-11-22 18:30 - 2014-09-23 06:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2014-09-17 05:20 - 2014-10-14 22:35 - 06281024 _____ () C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe 2013-08-22 00:19 - 2013-08-21 23:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd 2013-08-22 00:19 - 2013-08-21 23:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd 2013-08-22 00:19 - 2013-08-21 23:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-02-06 16:51 - 2015-02-04 02:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll 2015-02-06 16:51 - 2015-02-04 02:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll 2015-02-06 16:51 - 2015-02-04 02:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Shad\OneDrive:ms-properties ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1595739235-987919694-39041242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Shad\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "bncsaui.exe" HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace" HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Pokki" HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Spotify Web Helper" ==================== Accounts: ============================= Administrator (S-1-5-21-1595739235-987919694-39041242-500 - Administrator - Disabled) Guest (S-1-5-21-1595739235-987919694-39041242-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1595739235-987919694-39041242-1005 - Limited - Enabled) Shad (S-1-5-21-1595739235-987919694-39041242-1001 - Administrator - Enabled) => C:\Users\Shad ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10842485 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10842485 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10829078 Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10829078 Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10813172 Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10813172 System errors: ============= Error: (02/06/2015 08:43:16 PM) (Source: DCOM) (EventID: 10016) (User: SJBENNETT) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}SJBennettShadS-1-5-21-1595739235-987919694-39041242-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (02/06/2015 00:27:59 PM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer MARV that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}. The master browser is stopping or an election is being forced. Error: (02/05/2015 08:45:17 AM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer MARV that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}. The master browser is stopping or an election is being forced. Error: (01/31/2015 05:20:10 PM) (Source: DCOM) (EventID: 10016) (User: SJBENNETT) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}SJBennettShadS-1-5-21-1595739235-987919694-39041242-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (01/31/2015 04:48:26 PM) (Source: DCOM) (EventID: 10016) (User: SJBENNETT) Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}SJBennettShadS-1-5-21-1595739235-987919694-39041242-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (01/28/2015 09:23:36 AM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer MARV that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}. The master browser is stopping or an election is being forced. Error: (01/27/2015 08:51:50 PM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer MARV that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5F403669-F653-4852-9407-11FD1DE8054E}. The master browser is stopping or an election is being forced. Error: (01/25/2015 00:36:06 PM) (Source: NetBT) (EventID: 4321) (User: ) Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.134. The computer with the IP address 192.168.1.1 did not allow the name to be claimed by this computer. Error: (01/23/2015 09:08:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80240055: Security Update for Internet Explorer Flash Player for Windows 8.1 for x64-based Systems (KB3033408). Error: (01/23/2015 07:25:32 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service. Microsoft Office Sessions: ========================= Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1023) (User: ) Description: rdyboost4 Error: (02/09/2015 00:57:32 PM) (Source: Perflib) (EventID: 1008) (User: ) Description: BITSC:\Windows\System32\bitsperf.dll4 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10842485 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10842485 Error: (02/09/2015 01:34:57 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10829078 Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10829078 Error: (02/09/2015 01:34:44 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10813172 Error: (02/09/2015 01:34:28 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10813172 CodeIntegrity Errors: =================================== Date: 2015-02-02 23:40:34.285 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:33.183 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:32.134 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:31.292 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:30.425 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:29.341 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:28.040 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:27.206 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:26.430 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-02-02 23:40:25.079 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD E1-1200 APU with Radeon HD Graphics Percentage of memory in use: 88% Total physical RAM: 3658.26 MB Available physical RAM: 427.32 MB Total Pagefile: 5089.68 MB Available Pagefile: 928.26 MB Total Virtual: 131072 MB Available Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (TI10664800G) (Fixed) (Total:452.82 GB) (Free:353.99 GB) NTFS Drive d: (BOY_MEETS_WORLD_SEASON_2) (CDROM) (Total:7.95 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015 Ran by Shad (administrator) on SJBENNETT on 09-02-2015 15:26:44 Running from C:\Users\Shad\Downloads Loaded Profiles: Shad (Available profiles: Shad) Platform: Windows 8.1 Pro (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe () C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.3733\Agent.exe (Blizzard Entertainment) C:\Program Files (x86)\Diablo III\Diablo III.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation) HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3165040 2013-08-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [3487888 2014-01-21] (Bradford Networks) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [Amazon Music] => C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1595739235-987919694-39041242-1001 -> {B3D1926F-4CB7-43B2-A011-A429B406E4C6} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 FireFox: ======== FF ProfilePath: C:\Users\Shad\AppData\Roaming\Mozilla\Firefox\Profiles\lc65gpxy.default-1419348729014 FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) Chrome: ======= CHR Profile: C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (Adblock Plus) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-23] CHR Extension: (AdBlock) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-09] CHR Extension: (Google Wallet) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed] R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [4130960 2014-01-21] (Bradford Networks) S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation) R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation) S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-01-15] (Advanced Micro Devices) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.) S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation) S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-05] (Symantec Corporation) S3 EraserUtilDrv11311; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [140376 2013-09-05] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2987224 2013-11-24] (Realtek Semiconductor Corporation ) R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 15:26 - 2015-02-09 15:28 - 00013780 _____ () C:\Users\Shad\Downloads\FRST.txt 2015-02-09 15:25 - 2015-02-09 15:25 - 02132992 _____ (Farbar) C:\Users\Shad\Downloads\FRST64.exe 2015-02-07 14:03 - 2015-02-09 15:21 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-02-07 14:03 - 2015-02-07 14:03 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-02-07 14:03 - 2015-02-07 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-02-07 14:02 - 2015-02-07 14:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-02-07 14:02 - 2015-02-07 14:02 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-07 14:02 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-02-07 14:02 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2015-02-07 14:02 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-02-07 14:01 - 2015-02-07 14:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Shad\Downloads\mbam-setup-2.0.4.1028.exe 2015-02-07 13:51 - 2015-02-09 12:56 - 00015664 _____ () C:\WINDOWS\PFRO.log 2015-02-07 13:50 - 2015-02-07 13:50 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Shad\Downloads\mbam-clean-2.1.1.1001.exe 2015-02-07 11:43 - 2015-02-07 11:43 - 00000000 ____D () C:\Users\Shad\Documents\Diablo III 2015-02-07 09:30 - 2015-02-07 09:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III 2015-02-07 09:29 - 2015-02-07 11:41 - 00000000 ____D () C:\Program Files (x86)\Diablo III 2015-02-07 08:55 - 2015-02-07 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2015-02-07 08:55 - 2015-02-07 08:56 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-02-07 08:50 - 2015-02-07 08:52 - 03589024 _____ (Blizzard Entertainment) C:\Users\Shad\Downloads\Diablo-III-Setup-enUS.exe 2015-02-06 17:52 - 2015-02-06 17:52 - 00015380 _____ () C:\Users\Shad\Desktop\Cranial Nerves.apkg 2015-02-06 16:55 - 2015-02-06 16:55 - 00000000 ____D () C:\WINDOWS\SysWOW64\Adobe 2015-02-06 16:53 - 2015-02-06 16:54 - 05006144 _____ (Adobe Systems Inc.) C:\Users\Shad\Downloads\Shockwave_Installer_Slim.exe 2015-02-06 16:52 - 2015-02-06 16:52 - 00132240 _____ () C:\Users\Shad\Downloads\neyes1.13.dcr 2015-02-04 19:57 - 2015-02-04 19:58 - 00005353 _____ () C:\Users\Shad\Desktop\Neuro-lab.apkg 2015-02-04 19:57 - 2015-02-04 19:57 - 00009634 _____ () C:\Users\Shad\Desktop\Neuro-Forebrain.apkg 2015-01-31 15:55 - 2015-01-31 15:55 - 06063552 _____ () C:\Users\Shad\Downloads\mm9_manual (1).zip 2015-01-31 14:39 - 2015-01-31 14:39 - 00001717 _____ () C:\Users\Public\Desktop\Might and Magic IX.lnk 2015-01-31 14:39 - 2015-01-31 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Might and Magic IX [GOG.com] 2015-01-31 14:38 - 2015-01-31 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Might and Magic VIII - Day of the Destroyer [GOG.com] 2015-01-31 14:38 - 2015-01-31 14:38 - 00001911 _____ () C:\Users\Public\Desktop\Might and Magic VIII - Day of the Destroyer.lnk 2015-01-31 14:22 - 2015-01-31 14:22 - 06063552 _____ () C:\Users\Shad\Downloads\mm9_manual.zip 2015-01-31 14:22 - 2015-01-31 14:22 - 00486162 _____ () C:\Users\Shad\Downloads\manual.zip 2015-01-31 14:21 - 2015-01-31 14:24 - 572504648 _____ (GOG.com ) C:\Users\Shad\Downloads\setup_mm9_2.0.0.11.exe 2015-01-31 14:20 - 2015-01-31 14:23 - 619253368 _____ (GOG.com ) C:\Users\Shad\Downloads\setup_mm8_2.0.0.13.exe 2015-01-27 11:19 - 2015-01-27 11:24 - 00000000 ____D () C:\Users\Shad\Desktop\SOC1200 2015-01-27 11:12 - 2015-02-02 07:39 - 00004974 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for SJBENNETT-Shad SJBennett 2015-01-26 19:21 - 2015-02-09 12:57 - 00000539 _____ () C:\WINDOWS\setupact.log 2015-01-26 19:21 - 2015-01-26 19:21 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-01-25 16:54 - 2015-02-09 15:21 - 01964042 _____ () C:\WINDOWS\WindowsUpdate.log 2015-01-25 16:16 - 2015-01-25 16:17 - 12994216 _____ () C:\Users\Shad\Downloads\Nitemare-3D.zip 2015-01-25 16:15 - 2015-01-25 16:15 - 00000000 ____D () C:\Users\Shad\Downloads\labfull 2015-01-25 16:09 - 2015-01-25 16:09 - 00887582 _____ () C:\Users\Shad\Downloads\labfull.zip 2015-01-25 13:16 - 2015-01-25 13:16 - 00010412 _____ () C:\Users\Shad\Downloads\psychosocial quiz 1.apkg 2015-01-23 15:21 - 2012-02-08 16:36 - 00363520 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B8L.dll 2015-01-23 15:21 - 2012-01-24 16:18 - 00077568 _____ () C:\WINDOWS\system32\CNC1762D.TBL 2015-01-23 15:21 - 2012-01-16 14:21 - 00287744 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B8C.dll 2015-01-23 15:21 - 2012-01-16 14:20 - 00106496 _____ (CANON INC.) C:\WINDOWS\system32\CNC_B8I.dll 2015-01-23 15:21 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\WINDOWS\system32\CNHMCA6.dll 2015-01-22 09:24 - 2015-01-22 09:24 - 00077312 _____ () C:\Users\Shad\Downloads\2009-10-Estimations-Nation (1).xls 2015-01-22 09:19 - 2015-01-22 09:19 - 00077312 _____ () C:\Users\Shad\Downloads\2009-10-Estimations-Nation.xls 2015-01-20 19:37 - 2015-01-20 19:37 - 00010178 _____ () C:\Users\Shad\Downloads\OT Books for Sale.xlsx 2015-01-20 13:21 - 2015-01-20 13:21 - 00049683 _____ () C:\Users\Shad\Downloads\Soc 1200 Roster-1.xlsx 2015-01-20 10:01 - 2015-01-20 10:19 - 00011497 _____ () C:\Users\Shad\Documents\Students in both classes Spring 2015.xlsx 2015-01-20 09:50 - 2015-01-20 09:59 - 00001889 _____ () C:\Users\Shad\Downloads\Grades-SOC-1200-151-V37-Hammond-SPRING_2015-XLIST (1).csv 2015-01-20 09:13 - 2015-01-20 09:13 - 00048656 _____ () C:\Users\Shad\Downloads\Soc 1200 Roster (1).xlsx 2015-01-20 09:12 - 2015-01-20 09:13 - 00050635 _____ () C:\Users\Shad\Downloads\Soc 1010 Roster (1).xlsx 2015-01-17 15:50 - 2012-03-26 05:00 - 00389120 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMB8.DLL 2015-01-14 13:57 - 2015-01-14 13:57 - 00048656 _____ () C:\Users\Shad\Downloads\Soc 1200 Roster.xlsx 2015-01-14 13:56 - 2015-01-14 13:56 - 00050635 _____ () C:\Users\Shad\Downloads\Soc 1010 Roster.xlsx 2015-01-14 09:56 - 2014-12-18 23:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2015-01-14 09:56 - 2014-12-11 19:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe 2015-01-14 09:56 - 2014-12-11 17:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys 2015-01-14 09:56 - 2014-12-08 18:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2015-01-14 09:56 - 2014-12-08 12:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2015-01-14 09:56 - 2014-12-08 12:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2015-01-14 09:56 - 2014-12-05 20:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll 2015-01-14 09:56 - 2014-12-05 18:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll 2015-01-14 09:56 - 2014-12-05 18:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2015-01-12 07:54 - 2015-01-12 10:20 - 00000000 ____D () C:\Users\Shad\Desktop\Photos end of 2014 2015-01-10 09:28 - 2015-01-10 09:28 - 00001872 _____ () C:\Users\Public\Desktop\Heroes of Might and Magic 4 Complete.lnk 2015-01-10 09:28 - 2015-01-10 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of Might and Magic 4 Complete [GOG.com] 2015-01-10 09:07 - 2015-01-10 09:21 - 995423848 _____ (GOG.com ) C:\Users\Shad\Downloads\setup_homm4_complete_2.0.0.12 (3).exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 15:27 - 2014-12-05 12:29 - 00000000 ____D () C:\FRST 2015-02-09 15:21 - 2014-07-04 19:01 - 00000000 ____D () C:\Users\Shad\AppData\Local\Battle.net 2015-02-09 15:20 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-09 13:42 - 2013-09-05 17:44 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-09 13:01 - 2014-07-19 13:40 - 00000000 ___DO () C:\Users\Shad\OneDrive 2015-02-09 12:58 - 2013-09-05 17:44 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-09 12:57 - 2014-11-09 15:18 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat 2015-02-09 12:57 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-02-09 12:56 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2015-02-07 18:52 - 2013-09-05 17:05 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1595739235-987919694-39041242-1001 2015-02-07 18:36 - 2013-09-05 15:35 - 00000000 ____D () C:\Users\Shad\AppData\Local\Packages 2015-02-07 13:45 - 2013-09-05 21:40 - 01288192 ___SH () C:\Users\Shad\Desktop\Thumbs.db 2015-02-07 13:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2015-02-07 09:27 - 2014-07-04 19:01 - 00000000 ____D () C:\Users\Shad\AppData\Roaming\Battle.net 2015-02-06 18:54 - 2013-09-14 19:51 - 00000000 ____D () C:\Users\Shad\Documents\Anki 2015-02-06 16:52 - 2013-09-05 17:46 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-06 13:03 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2015-02-06 09:37 - 2013-09-05 17:44 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-06 09:37 - 2013-09-05 17:44 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-03 12:31 - 2014-12-16 20:08 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-02-03 12:31 - 2014-12-16 20:08 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 08:42 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache 2015-01-31 16:04 - 2013-10-29 05:15 - 00000000 ____D () C:\Users\Shad\AppData\Local\CrashDumps 2015-01-31 16:04 - 2013-08-22 04:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll 2015-01-31 16:04 - 2013-08-22 04:22 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe 2015-01-31 16:04 - 2013-08-22 04:17 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll 2015-01-31 16:04 - 2013-08-22 04:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll 2015-01-31 16:04 - 2013-08-22 04:17 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll 2015-01-31 16:04 - 2013-08-21 20:56 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll 2015-01-31 16:04 - 2013-08-21 20:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe 2015-01-31 16:04 - 2013-08-21 20:51 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll 2015-01-31 16:04 - 2013-08-21 20:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll 2015-01-31 16:04 - 2013-08-21 20:51 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll 2015-01-31 14:35 - 2014-04-19 07:00 - 00000000 ____D () C:\GOG Games 2015-01-27 10:43 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2015-01-25 16:18 - 2014-08-15 11:04 - 00000000 ____D () C:\Users\Shad\Desktop\attempt to fix 2015-01-17 11:46 - 2014-07-19 10:26 - 00000000 ____D () C:\Users\Shad 2015-01-17 11:35 - 2013-09-05 18:26 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-01-17 11:26 - 2013-09-05 18:26 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-01-16 08:46 - 2014-03-18 03:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-01-12 15:00 - 2014-07-31 12:03 - 00000000 ____D () C:\Users\Shad\Desktop\Family Testbank Questions2014 2015-01-12 14:59 - 2014-07-31 12:03 - 00000000 ____D () C:\Users\Shad\Desktop\Intro Testbank Questions2014 ==================== Files in the root of some directories ======= 2014-03-19 18:27 - 2014-03-19 18:27 - 0005265 _____ () C:\Users\Shad\AppData\Roaming\callbanner.png ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-30 21:13 ==================== End Of Log ============================
  7. Hi, I was downloading shockwave from adobe (or so I thought) and malwarebytes premium picked it up as malware. Can have someone help me look at this to make sure I didn't do any damage? The file was located at C:\Windows\SysWOW64\Adobe\Shockwave 12\SCC.dll It is currently quarantined. Thanks!
  8. I reset all the browsers. I don't believe there are any more issues. Thanks so much for the help!
  9. In the process of doing windows updates right now. The only thing I am currently concerned about is the trojan it mentioned last time. Where do you think I currently stand? Results of screen317's Security Check version 0.99.93 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Mozilla Firefox (34.0.5) Google Chrome (39.0.2171.95) Google Chrome (plugins...) ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014 Ran by Shad at 2014-12-17 13:24:39 Run:2 Running from C:\Users\Shad\Desktop\attempt to fix Loaded Profile: Shad (Available profiles: Shad) Boot Mode: Normal ============================================== Content of fixlist: ***************** start C:\Program Files (x86)\Flash Update C:\Windows\Installer\MSI338E.tmp- EmptyTemp: end ***************** C:\Program Files (x86)\Flash Update => Moved successfully. C:\Windows\Installer\MSI338E.tmp- => Moved successfully. EmptyTemp: => Removed 483.9 MB temporary data. The system needed a reboot. ==== End of Fixlog ====
  10. Sorry, I was finishing up finals this week. RogueKiller V10.1.0.0 (x64) [Dec 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits versionStarted in : Normal modeUser : Shad [Administrator]Mode : Scan -- Date : 12/13/2014 10:05:31 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 9 ¤¤¤[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1595739235-987919694-39041242-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1595739235-987919694-39041242-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B4F62580-3941-47B8-A5FB-CCB971F1889B} | DhcpNameServer : 161.28.140.250 161.28.20.250 161.28.224.90 161.28.224.91 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B4F62580-3941-47B8-A5FB-CCB971F1889B} | DhcpNameServer : 161.28.140.250 161.28.20.250 161.28.224.90 161.28.224.91 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)] -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: TOSHIBA MQ01ABF050 +++++--- User ---[MBR] a84dd93b5b19931ceaddbccc47850486[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MBUser = LL1 ... OKError reading LL2 MBR! ([1] Incorrect function. ) ESET C:\Program Files (x86)\Flash Update\Win32FlashUpdate.exe Win32/Tivmonk.B trojanC:\Windows\Installer\MSI338E.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll a variant of MSIL/Toolbar.Linkury.I potentially unwanted applicationC:\Windows\Installer\MSI338E.tmp-\sppsm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted applicationC:\Windows\Installer\MSI338E.tmp-\spusm.dll a variant of MSIL/Toolbar.Linkury.G potentially unwanted applicationC:\Windows\Installer\MSI338E.tmp-\srbu.dll a variant of MSIL/Toolbar.Linkury.F potentially unwanted application The computer seems to be running smoothly even with the PUP's found by those scans. Thanks!
  11. Thanks for helping! I uninstalled Spybot, and didn't seem to have any problems. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.0 (11.29.2014:1)OS: Windows 8.1 x64Ran by Shad on Mon 12/08/2014 at 21:40:54.75~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"Successfully deleted: [File] "C:\WINDOWS\wininit.ini" ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 12/08/2014 at 21:54:04.33End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# AdwCleaner v4.105 - Report created 08/12/2014 at 21:33:56# Updated 08/12/2014 by Xplode# Database : 2014-12-08.2 [Live]# Operating System : Windows 8.1 (64 bits)# Username : Shad - SJBENNETT# Running from : C:\Users\Shad\Downloads\AdwCleaner (1).exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4 ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17416 -\\ Mozilla Firefox v32.0.3 (x86 en-US) -\\ Google Chrome v39.0.2171.71 ************************* AdwCleaner[R0].txt - [1633 octets] - [08/12/2014 21:28:29]AdwCleaner[s0].txt - [1554 octets] - [08/12/2014 21:33:56] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1614 octets] ########## Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-12-2014Ran by Shad at 2014-12-08 21:20:00 Run:1Running from C:\Users\Shad\Desktop\attempt to fixLoaded Profile: Shad (Available profiles: Shad)Boot Mode: Normal============================================== Content of fixlist:*****************start(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exeC:\Program Files (x86)\CouponsWinlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\MountPoints2: {16461feb-12b8-11e4-8251-008cfa64d4c8} - "E:\TL_Bootstrap.exe"HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\MountPoints2: {9628af38-589b-11e4-bec6-008cfa64d4c8} - "E:\TL_Bootstrap.exe"SearchScopes: HKU\S-1-5-21-1595739235-987919694-39041242-1001 -> {B3D1926F-4CB7-43B2-A011-A429B406E4C6} URL = C:\Program Files (x86)\Pando NetworksFF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No FileFF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)2014-12-03 12:34 - 2014-12-03 12:34 - 00000000 __SHD () C:\Users\Shad\AppData\Local\EmieBrowserModeListreg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved\Pokki" /fCMD: ipconfig /flushdnsCMD: netsh winsock reset allEmptyTemp:end***************** [1388] C:\Program Files (x86)\Coupons\CouponPrinterService.exe => Process closed successfully.C:\Program Files (x86)\Coupons => Moved successfully."HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key not found."HKU\S-1-5-21-1595739235-987919694-39041242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16461feb-12b8-11e4-8251-008cfa64d4c8}" => Key deleted successfully."HKCR\CLSID\{16461feb-12b8-11e4-8251-008cfa64d4c8}" => Key not found."HKU\S-1-5-21-1595739235-987919694-39041242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9628af38-589b-11e4-bec6-008cfa64d4c8}" => Key deleted successfully."HKCR\CLSID\{9628af38-589b-11e4-bec6-008cfa64d4c8}" => Key not found."HKU\S-1-5-21-1595739235-987919694-39041242-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B3D1926F-4CB7-43B2-A011-A429B406E4C6}" => Key deleted successfully."HKCR\CLSID\{B3D1926F-4CB7-43B2-A011-A429B406E4C6}" => Key not found.C:\Program Files (x86)\Pando Networks => Moved successfully."HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) => Error: No automatic fix found for this entry.CouponPrinterService => Service deleted successfully.C:\Users\Shad\AppData\Local\EmieBrowserModeList => Moved successfully. ========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved\Pokki" /f ========= ERROR: The system was unable to find the specified registry key or value. ========= End of Reg: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset. ========= End of CMD: ========= EmptyTemp: => Removed 699.9 MB temporary data. The system needed a reboot. ==== End of Fixlog ====
  12. Heres the log from the first PUP Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/2/2014 Scan Time: 6:05:10 AM Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.12.02.04 Rootkit Database: v2014.12.01.02 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Shad Scan Type: Threat Scan Result: Completed Objects Scanned: 339579 Time Elapsed: 27 min, 21 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.ChromeHitory.A, C:\Users\Shad\AppData\Local\ChromeHitoryDB, Quarantined, [69a31f3f47353ff7c6a246fcad562dd3], Physical Sectors: 0 (No malicious items detected) (end) Heres the second Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/5/2014 Scan Time: 11:29:07 AM Logfile: Administrator: Yes Version: 2.00.4.1028 Malware Database: v2014.12.05.09 Rootkit Database: v2014.12.03.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Shad Scan Type: Threat Scan Result: Completed Objects Scanned: 341982 Time Elapsed: 52 min, 58 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.AZLyrics.A, C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, Quarantined, [4631bea06c106dc909dc2d190ff4d828], Physical Sectors: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014 Ran by Shad (administrator) on SJBENNETT on 05-12-2014 12:29:44 Running from C:\Users\Shad\Downloads Loaded Profile: Shad (Available profiles: Shad) Platform: Windows 8.1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Bradford Networks) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation) HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3165040 2013-08-14] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [bncsaui.exe] => C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe [3487888 2014-01-21] (Bradford Networks) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-08-14] (Western Digital Technologies, Inc.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.) HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Run: [Amazon Music] => C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-14] () HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\MountPoints2: {16461feb-12b8-11e4-8251-008cfa64d4c8} - "E:\TL_Bootstrap.exe" HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\MountPoints2: {9628af38-589b-11e4-bec6-008cfa64d4c8} - "E:\TL_Bootstrap.exe" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1595739235-987919694-39041242-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKU\S-1-5-21-1595739235-987919694-39041242-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com SearchScopes: HKU\S-1-5-21-1595739235-987919694-39041242-1001 -> {B3D1926F-4CB7-43B2-A011-A429B406E4C6} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Shad\AppData\Roaming\Mozilla\Firefox\Profiles\oqutojf4.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll (Vizzed.com) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.) Chrome: ======= CHR Profile: C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23] CHR Extension: (Adblock Plus) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-23] CHR Extension: (Google Wallet) - C:\Users\Shad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-23] (Advanced Micro Devices, Inc.) [File not signed] R2 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [4130960 2014-01-21] (Bradford Networks) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.) R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation) R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2013-01-31] (Symantec Corporation) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-08-14] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-07-10] (Western Digital Technologies, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-01-15] (Advanced Micro Devices) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [147768 2013-08-01] (AVG Technologies CZ, s.r.o.) S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation) S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-09-05] (Symantec Corporation) S3 EraserUtilDrv11311; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [140376 2013-09-05] (Symantec Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation ) R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-05 12:29 - 2014-12-05 12:30 - 00014878 _____ () C:\Users\Shad\Downloads\FRST.txt 2014-12-05 12:29 - 2014-12-05 12:29 - 00000000 ____D () C:\FRST 2014-12-05 12:28 - 2014-12-05 12:28 - 02117632 _____ (Farbar) C:\Users\Shad\Downloads\FRST64.exe 2014-12-03 12:34 - 2014-12-03 12:34 - 00000000 __SHD () C:\Users\Shad\AppData\Local\EmieBrowserModeList 2014-12-02 21:35 - 2014-12-02 21:35 - 00112774 _____ () C:\Users\Shad\Downloads\Person-Environment-Occupation Model.pptx 2014-12-02 12:01 - 2014-12-02 12:01 - 00010622 _____ () C:\Users\Shad\Downloads\November Work Hours.xlsx 2014-11-24 05:32 - 2014-11-24 05:32 - 00092177 _____ () C:\Users\Shad\Downloads\Lifestyle Redesign (1).pptx 2014-11-24 05:17 - 2014-11-24 05:17 - 00092177 _____ () C:\Users\Shad\Downloads\Lifestyle Redesign.pptx 2014-11-19 12:48 - 2014-11-19 12:49 - 00008034 _____ () C:\Users\Shad\Desktop\Plagiarism Comparison Turnitin.xlsx 2014-11-18 15:55 - 2014-11-09 16:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2014-11-18 15:55 - 2014-11-09 16:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2014-11-18 15:55 - 2014-11-09 16:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll 2014-11-18 15:55 - 2014-11-09 16:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll 2014-11-17 12:06 - 2014-11-17 12:13 - 365025797 _____ () C:\Users\Shad\Downloads\2008-06-01-the-restoration-360p-eng.mp4 2014-11-12 20:53 - 2014-09-21 21:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2014-11-12 20:53 - 2014-09-21 20:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2014-11-12 20:53 - 2014-09-21 20:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2014-11-12 20:53 - 2014-09-21 19:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2014-11-12 20:53 - 2014-09-18 17:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2014-11-12 20:53 - 2014-09-02 15:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2014-11-12 20:53 - 2014-09-02 15:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2014-11-12 20:52 - 2014-10-12 19:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe 2014-11-12 20:52 - 2014-10-10 17:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2014-11-12 20:52 - 2014-10-10 17:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2014-11-12 20:52 - 2014-10-08 00:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2014-11-12 20:52 - 2014-10-08 00:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll 2014-11-12 20:52 - 2014-10-07 23:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll 2014-11-12 20:52 - 2014-10-07 22:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-11-12 20:52 - 2014-10-07 22:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-11-12 12:57 - 2014-11-20 13:51 - 00714208 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-11-12 12:57 - 2014-11-20 13:51 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-12 07:04 - 2014-09-27 00:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll 2014-11-12 07:04 - 2014-09-26 22:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll 2014-11-12 07:04 - 2014-09-26 20:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2014-11-12 07:04 - 2014-09-26 20:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2014-11-12 07:04 - 2014-09-26 20:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2014-11-12 07:03 - 2014-10-09 18:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2014-11-12 07:03 - 2014-10-09 18:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys 2014-11-12 07:03 - 2014-10-09 18:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2014-11-12 07:03 - 2014-10-08 00:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll 2014-11-12 07:03 - 2014-10-08 00:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll 2014-11-12 07:03 - 2014-10-08 00:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2014-11-12 07:03 - 2014-10-08 00:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll 2014-11-12 07:03 - 2014-10-07 23:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2014-11-12 07:03 - 2014-10-07 23:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll 2014-11-12 07:03 - 2014-10-07 23:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll 2014-11-12 07:03 - 2014-10-07 23:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2014-11-12 07:03 - 2014-10-07 23:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-11-12 07:03 - 2014-10-07 22:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-11-12 07:00 - 2014-10-18 02:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2014-11-12 07:00 - 2014-10-18 01:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2014-11-12 07:00 - 2014-10-18 01:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2014-11-12 07:00 - 2014-10-18 00:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2014-11-12 07:00 - 2014-10-17 23:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll 2014-11-12 07:00 - 2014-10-17 23:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2014-11-12 07:00 - 2014-10-17 23:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2014-11-12 07:00 - 2014-10-17 23:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2014-11-12 07:00 - 2014-10-17 23:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2014-11-12 07:00 - 2014-10-17 23:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2014-11-12 07:00 - 2014-10-17 23:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2014-11-12 07:00 - 2014-10-17 23:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2014-11-12 07:00 - 2014-10-17 23:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2014-11-12 07:00 - 2014-10-17 23:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2014-11-12 07:00 - 2014-10-17 23:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2014-11-12 07:00 - 2014-10-17 23:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2014-11-12 07:00 - 2014-10-17 00:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2014-11-12 07:00 - 2014-10-16 23:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2014-11-12 06:58 - 2014-10-30 22:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-11-12 06:58 - 2014-10-30 20:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-11-12 06:51 - 2014-10-30 20:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-11-12 06:50 - 2014-10-30 19:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-11-12 06:49 - 2014-10-30 22:06 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-11-12 06:49 - 2014-10-30 22:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-11-12 06:49 - 2014-10-30 21:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2014-11-12 06:49 - 2014-10-30 21:51 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-11-12 06:49 - 2014-10-30 21:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-11-12 06:49 - 2014-10-30 21:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-11-12 06:49 - 2014-10-30 21:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-11-12 06:49 - 2014-10-30 21:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-11-12 06:49 - 2014-10-30 21:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2014-11-12 06:49 - 2014-10-30 21:05 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-11-12 06:49 - 2014-10-30 21:03 - 02124288 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-11-12 06:49 - 2014-10-30 20:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-11-12 06:49 - 2014-10-30 20:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2014-11-12 06:49 - 2014-10-30 20:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-11-12 06:49 - 2014-10-30 20:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-11-12 06:49 - 2014-10-30 20:20 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-11-12 06:49 - 2014-10-30 20:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-11-12 06:49 - 2014-10-30 20:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2014-11-12 06:49 - 2014-10-30 20:12 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2014-11-12 06:49 - 2014-10-30 20:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-11-12 06:49 - 2014-10-30 20:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-11-12 06:49 - 2014-10-30 19:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-11-12 06:49 - 2014-10-30 19:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-11-12 06:49 - 2014-10-30 19:46 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2014-11-12 06:49 - 2014-10-30 19:40 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-11-12 06:49 - 2014-10-30 19:39 - 02051072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-11-12 06:49 - 2014-10-30 19:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-11-12 06:49 - 2014-10-30 19:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-11-12 06:49 - 2014-10-30 19:11 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-11-12 06:48 - 2014-10-30 22:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe 2014-11-12 06:48 - 2014-10-30 22:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe 2014-11-12 06:48 - 2014-10-30 22:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe 2014-11-12 06:48 - 2014-10-30 22:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll 2014-11-12 06:48 - 2014-10-30 22:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe 2014-11-12 06:48 - 2014-10-30 22:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2014-11-12 06:48 - 2014-10-30 22:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-11-12 06:48 - 2014-10-30 22:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-11-12 06:48 - 2014-10-30 22:05 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-11-12 06:48 - 2014-10-30 22:04 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2014-11-12 06:48 - 2014-10-30 21:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-11-12 06:48 - 2014-10-30 21:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-11-12 06:48 - 2014-10-30 21:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll 2014-11-12 06:48 - 2014-10-30 21:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2014-11-12 06:48 - 2014-10-30 21:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-11-12 06:48 - 2014-10-30 21:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-11-12 06:48 - 2014-10-30 21:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2014-11-12 06:48 - 2014-10-30 21:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll 2014-11-12 06:48 - 2014-10-30 21:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2014-11-12 06:48 - 2014-10-30 21:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2014-11-12 06:48 - 2014-10-30 21:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll 2014-11-12 06:48 - 2014-10-30 21:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-11-12 06:48 - 2014-10-30 21:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-11-12 06:48 - 2014-10-30 21:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2014-11-12 06:48 - 2014-10-30 21:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-11-12 06:48 - 2014-10-30 21:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2014-11-12 06:48 - 2014-10-30 21:08 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2014-11-12 06:48 - 2014-10-30 21:06 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-11-12 06:48 - 2014-10-30 21:05 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-11-12 06:48 - 2014-10-30 20:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll 2014-11-12 06:48 - 2014-10-30 20:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe 2014-11-12 06:48 - 2014-10-30 20:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe 2014-11-12 06:48 - 2014-10-30 20:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe 2014-11-12 06:48 - 2014-10-30 20:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll 2014-11-12 06:48 - 2014-10-30 20:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe 2014-11-12 06:48 - 2014-10-30 20:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll 2014-11-12 06:48 - 2014-10-30 20:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-11-12 06:48 - 2014-10-30 20:23 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2014-11-12 06:48 - 2014-10-30 20:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-11-12 06:48 - 2014-10-30 20:22 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2014-11-12 06:48 - 2014-10-30 20:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-11-12 06:48 - 2014-10-30 20:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-11-12 06:48 - 2014-10-30 20:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll 2014-11-12 06:48 - 2014-10-30 20:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2014-11-12 06:48 - 2014-10-30 20:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-11-12 06:48 - 2014-10-30 20:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll 2014-11-12 06:48 - 2014-10-30 19:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 06:48 - 2014-10-30 19:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll 2014-11-12 06:48 - 2014-10-30 19:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2014-11-12 06:48 - 2014-10-30 19:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2014-11-12 06:48 - 2014-10-30 19:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-11-12 06:48 - 2014-10-30 19:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll 2014-11-12 06:48 - 2014-10-30 19:52 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-11-12 06:48 - 2014-10-30 19:51 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2014-11-12 06:48 - 2014-10-30 19:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll 2014-11-12 06:48 - 2014-10-30 19:42 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2014-11-12 06:48 - 2014-10-30 19:40 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2014-11-12 06:48 - 2014-10-30 19:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2014-11-12 06:48 - 2014-10-30 19:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll 2014-11-12 06:47 - 2014-10-22 22:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll 2014-11-12 06:47 - 2014-10-22 22:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll 2014-11-12 06:47 - 2014-10-06 23:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2014-11-12 06:47 - 2014-10-06 23:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2014-11-12 06:47 - 2014-10-06 23:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2014-11-12 06:47 - 2014-10-06 23:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2014-11-12 06:47 - 2014-10-06 23:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll 2014-11-12 06:47 - 2014-10-06 20:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2014-11-12 06:47 - 2014-10-06 20:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll 2014-11-12 06:47 - 2014-10-06 20:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2014-11-12 06:47 - 2014-10-06 20:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-11-12 06:47 - 2014-10-06 18:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2014-11-12 06:47 - 2014-10-06 18:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2014-11-12 06:47 - 2014-08-30 17:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-11-12 06:47 - 2014-08-22 22:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-11-12 06:47 - 2014-08-22 22:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-11-12 06:46 - 2014-09-09 23:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2014-11-12 06:46 - 2014-09-07 20:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-11-12 06:46 - 2014-09-07 20:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-11-12 06:46 - 2014-09-07 15:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-11-12 06:46 - 2014-09-04 15:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2014-11-12 06:46 - 2014-09-04 15:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2014-11-12 06:46 - 2014-09-03 20:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2014-11-12 06:46 - 2014-09-03 19:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2014-11-12 06:46 - 2014-09-03 18:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2014-11-12 06:46 - 2014-09-03 17:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2014-11-12 06:46 - 2014-08-30 17:17 - 00148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2014-11-12 06:46 - 2014-08-30 15:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-11-12 06:46 - 2014-08-30 15:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll 2014-11-12 06:46 - 2014-08-30 14:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll 2014-11-12 06:46 - 2014-08-30 14:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2014-11-12 06:46 - 2014-08-30 13:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll 2014-11-12 06:46 - 2014-08-30 13:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2014-11-12 06:46 - 2014-08-27 19:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2014-11-12 06:46 - 2014-08-27 17:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2014-11-12 06:46 - 2014-08-27 17:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll 2014-11-12 06:46 - 2014-08-22 22:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-11-12 06:46 - 2014-08-22 22:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-11-12 06:46 - 2014-08-22 21:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll 2014-11-12 06:46 - 2014-08-01 17:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2014-11-12 06:46 - 2014-08-01 17:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2014-11-11 05:56 - 2014-11-11 05:56 - 00528352 _____ () C:\WINDOWS\Minidump\111114-32796-01.dmp 2014-11-09 21:38 - 2014-12-04 12:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-09 15:23 - 2014-11-09 15:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Western Digital 2014-11-09 15:21 - 2014-11-09 15:21 - 00000000 ____D () C:\Users\Shad\AppData\Local\Western Digital 2014-11-09 15:20 - 2014-11-09 15:20 - 00000000 ____D () C:\Users\Shad\AppData\Local\Western_Digital_Technolog 2014-11-09 15:18 - 2014-11-26 06:31 - 00008192 _____ () C:\WINDOWS\SysWOW64\WDPABKP.dat 2014-11-09 15:17 - 2014-11-09 15:17 - 00001171 _____ () C:\Users\Public\Desktop\WD SmartWare.lnk 2014-11-09 15:16 - 2014-11-09 15:16 - 00000000 ____D () C:\Program Files\Western Digital 2014-11-09 15:16 - 2014-11-09 15:16 - 00000000 ____D () C:\Program Files\Common Files\Western Digital 2014-11-09 15:15 - 2014-11-09 15:17 - 00014582 _____ () C:\WINDOWS\DPINST.LOG 2014-11-09 15:15 - 2014-11-09 15:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2014-11-09 15:15 - 2014-11-09 15:15 - 00001224 _____ () C:\Users\Public\Desktop\WD Security.lnk 2014-11-09 15:15 - 2014-11-09 15:15 - 00001144 _____ () C:\Users\Public\Desktop\WD Drive Utilities.lnk 2014-11-09 15:14 - 2014-11-09 15:16 - 00000000 ____D () C:\Program Files (x86)\Western Digital 2014-11-09 15:13 - 2014-11-09 15:20 - 00000000 ____D () C:\ProgramData\Western Digital 2014-11-06 13:09 - 2014-11-06 13:09 - 00000165 ____H () C:\Users\Shad\Desktop\~$Attendance SOC 1200 Fall 2014.xlsx 2014-11-06 13:01 - 2014-11-20 11:37 - 00012102 _____ () C:\Users\Shad\Desktop\Attendance SOC 1200 Fall 2014.xlsx 2014-11-06 12:56 - 2014-11-06 12:56 - 00013453 _____ () C:\Users\Shad\Downloads\Grades-SOC-1200-151-V31-Hammond-FALL_2014-XLIST (1).csv ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-05 12:10 - 2014-10-05 12:06 - 01831907 _____ () C:\WINDOWS\WindowsUpdate.log 2014-12-05 12:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-12-05 11:35 - 2013-09-05 17:44 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-12-05 11:31 - 2013-09-05 17:05 - 00003592 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1595739235-987919694-39041242-1001 2014-12-05 11:29 - 2014-09-26 19:07 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-12-05 11:26 - 2014-09-26 19:07 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-12-05 11:26 - 2014-09-26 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-12-05 11:26 - 2014-09-26 19:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-12-05 08:49 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-12-02 21:36 - 2013-09-05 15:35 - 00000000 ____D () C:\Users\Shad\AppData\Local\Packages 2014-12-02 21:35 - 2013-09-05 17:44 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-12-02 12:02 - 2013-10-06 17:22 - 01069056 ___SH () C:\Users\Shad\Downloads\Thumbs.db 2014-12-01 12:17 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-11-29 08:57 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-11-26 06:38 - 2014-03-18 03:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-11-26 06:33 - 2014-07-19 13:40 - 00000000 ___DO () C:\Users\Shad\OneDrive 2014-11-26 06:32 - 2014-07-19 10:26 - 00000000 ____D () C:\Users\Shad 2014-11-26 06:31 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-11-26 06:30 - 2014-10-23 19:53 - 00006498 _____ () C:\WINDOWS\PFRO.log 2014-11-26 06:30 - 2013-09-18 08:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-26 06:18 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-11-25 20:40 - 2013-09-05 17:46 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-11-25 20:38 - 2013-09-05 21:40 - 01238528 ___SH () C:\Users\Shad\Desktop\Thumbs.db 2014-11-25 09:44 - 2013-09-12 12:20 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-11-25 01:45 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports 2014-11-22 17:54 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI 2014-11-22 17:53 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-22 17:53 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-11-22 17:53 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender 2014-11-22 17:53 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-11-21 21:25 - 2014-10-05 12:06 - 00003774 _____ () C:\WINDOWS\setupact.log 2014-11-21 06:14 - 2014-09-26 19:06 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-11-21 06:14 - 2014-09-26 19:06 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-11-21 06:14 - 2014-09-26 19:06 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-11-14 21:30 - 2013-09-05 17:44 - 00003898 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-14 21:30 - 2013-09-05 17:44 - 00003662 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-12 12:56 - 2013-08-22 07:44 - 00509384 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-11-12 12:52 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-11-12 12:52 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel 2014-11-12 12:51 - 2013-09-05 18:26 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-11-12 12:40 - 2013-09-05 18:26 - 103374192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-11-11 05:56 - 2014-10-05 16:39 - 681876316 _____ () C:\WINDOWS\MEMORY.DMP 2014-11-11 05:56 - 2014-10-05 16:39 - 00000000 ____D () C:\WINDOWS\Minidump ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-28 11:03 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-12-2014 Ran by Shad at 2014-12-05 12:32:56 Running from C:\Users\Shad\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Amazon Kindle (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Kindle) (Version: - Amazon) Amazon Music (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC) AMD Catalyst Install Manager (HKLM\...\{83DEB2E3-26DC-26BE-2445-A3CA29203ABF}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD VISION Engine Control Center (HKLM-x32\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - ) Anki (HKLM-x32\...\Anki) (Version: - ) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Bradford Persistent Agent (HKLM-x32\...\{892A1EE8-85D1-4487-A519-707AF9E94A80}) (Version: 3.1.4.16 - Bradford Networks) Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.) Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated) TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation) TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation) Toshiba Start (HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Vizzed Retro Game Room (HKLM-x32\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed) WD Drive Utilities (HKLM-x32\...\{F9784E1D-4455-4BFF-A97A-1B1355A4FFDB}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.) WD Security (HKLM-x32\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.) WD SmartWare (HKLM\...\{232EB8E6-9B8C-4785-A994-B1E5E2376CDC}) (Version: 2.2.0.8 - Western Digital Technologies, Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1595739235-987919694-39041242-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Shad\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 12-11-2014 19:39:18 Windows Update 19-11-2014 18:47:55 Windows Update 26-11-2014 13:17:12 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2495C376-D061-43C0-B98B-7E4775380404} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated) Task: {31CE3ABA-E870-47AA-A465-8E3CF829BF39} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd) Task: {31F8A95D-495C-483F-A632-35776759CE15} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe Task: {37A37FA2-B7AB-4EF2-BC05-00422A703DD8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {3D06A8F7-733A-424F-922A-45E185B3EEE0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation) Task: {45F84DE2-D4D1-457E-B986-6169785F1790} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {493AD2A9-D6FB-48AD-A46D-C2BCBFA48A57} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation) Task: {973234F8-3685-4436-84FA-D15B6F743846} - System32\Tasks\Norton PCCU OOBE Mode => C:\Program Files (x86)\PC Checkup\OOBEHelper.exe [2013-01-31] (Symantec Corporation) Task: {AAC316C6-645B-494B-BAC7-8641E520C345} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.5.0.38\SymErr.exe Task: {D5E3A5EB-85BA-460D-BE4D-E005C6F780C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.) Task: {D9A2DAA0-8C20-44F4-A0D8-A4E6F67A9896} - System32\Tasks\TOSHIBA\TODDMain => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [2012-08-04] () Task: {DD5716F6-3B73-49B8-94D6-6B8A8C9CA072} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation) Task: {E1DF46C9-BD79-4EF3-B370-86898D86E70D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-12] (Microsoft Corporation) Task: {E64D4507-D4C7-46AC-8C60-4F4FCEB13A1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.) Task: {F3A1A976-2F64-4D91-BE10-03CC2560E9C3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-04-23 03:51 - 2014-04-23 03:51 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2014-03-21 09:23 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe 2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2014-09-17 05:20 - 2014-10-14 22:35 - 06281024 _____ () C:\Users\Shad\AppData\Local\Amazon Music\Amazon Music Helper.exe 2013-08-22 00:19 - 2013-08-21 23:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd 2013-08-22 00:19 - 2013-08-21 23:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd 2013-08-22 00:19 - 2013-08-21 23:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd 2014-11-22 18:30 - 2014-09-23 06:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-11-25 21:06 - 2014-11-25 21:06 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2014-03-21 11:54 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-03-21 11:54 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-03-21 11:54 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-03-21 11:54 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-03-21 11:54 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-11-22 18:26 - 2014-11-22 18:26 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2014-11-25 20:40 - 2014-11-24 23:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll 2014-11-25 20:40 - 2014-11-24 23:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll 2014-11-25 20:40 - 2014-11-24 23:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll 2014-11-25 20:40 - 2014-11-24 23:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Shad\OneDrive:ms-properties AlternateDataStreams: C:\Users\Shad\Downloads\noname.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "StartCCC" HKLM\...\StartupApproved\Run32: => "bncsaui.exe" HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace" HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Pokki" HKU\S-1-5-21-1595739235-987919694-39041242-1001\...\StartupApproved\Run: => "Spotify Web Helper" ========================= Accounts: ========================== Administrator (S-1-5-21-1595739235-987919694-39041242-500 - Administrator - Disabled) Guest (S-1-5-21-1595739235-987919694-39041242-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1595739235-987919694-39041242-1005 - Limited - Enabled) Shad (S-1-5-21-1595739235-987919694-39041242-1001 - Administrator - Enabled) => C:\Users\Shad ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/05/2014 11:22:29 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2815735 Error: (12/05/2014 11:22:29 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2815735 Error: (12/05/2014 11:22:29 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/05/2014 10:38:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 154578 Error: (12/05/2014 10:38:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 154578 Error: (12/05/2014 10:38:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/05/2014 10:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 139047 Error: (12/05/2014 10:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 139047 Error: (12/05/2014 10:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/05/2014 10:37:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 123469 System errors: ============= Error: (12/05/2014 10:36:25 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: 1053gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (12/05/2014 10:36:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: %%1053 Error: (12/05/2014 10:36:25 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. Error: (12/01/2014 00:40:37 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume TI10664800G. A corruption was found in a file system index structure. The file reference number is 0x19000000025c55. The name of the file is "\Windows\WinSxS". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION". Error: (12/01/2014 00:40:36 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume TI10664800G. The Master File Table (MFT) contains a corrupted file record. The file reference number is 0x400000003d93b. The name of the file is "<unable to determine file name>". Error: (12/01/2014 00:39:57 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a171\??\Volume{5a798c4d-b36f-11e2-893d-c40d5bdd36a4}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{C73C61A7-A954-4221-81AD-22CF391CD343} Error: (12/01/2014 00:39:35 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY) Description: A corruption was discovered in the file system structure on volume TI10664800G. A corruption was found in a file system index structure. The file reference number is 0x1000000002400f. The name of the file is "\Windows\System32". The corrupted index attribute is ":$I30:$INDEX_ALLOCATION". Error: (11/30/2014 03:50:55 PM) (Source: DCOM) (EventID: 10001) (User: SJBENNETT) Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server31Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable Error: (11/26/2014 06:31:14 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 6:17:08 AM on ‎11/‎26/‎2014 was unexpected. Error: (11/24/2014 03:07:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BNPagent service. Microsoft Office Sessions: ========================= Error: (12/05/2014 11:22:29 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2815735 Error: (12/05/2014 11:22:29 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2815735 Error: (12/05/2014 11:22:29 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/05/2014 10:38:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 154578 Error: (12/05/2014 10:38:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 154578 Error: (12/05/2014 10:38:07 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/05/2014 10:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 139047 Error: (12/05/2014 10:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 139047 Error: (12/05/2014 10:37:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (12/05/2014 10:37:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 123469 CodeIntegrity Errors: =================================== Date: 2014-10-24 13:49:09.053 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-24 13:49:08.647 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-24 13:49:07.615 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-24 13:49:07.068 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-24 13:17:11.590 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-24 13:17:11.133 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-24 13:17:10.492 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-24 13:17:09.833 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-24 13:16:38.958 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-10-24 13:16:38.314 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD E1-1200 APU with Radeon HD Graphics Percentage of memory in use: 56% Total physical RAM: 3658.26 MB Available physical RAM: 1595.39 MB Total Pagefile: 7370.26 MB Available Pagefile: 4696.39 MB Total Virtual: 131072 MB Available Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (TI10664800G) (Fixed) (Total:452.82 GB) (Free:391.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================
  13. This may be an overreaction, but I am concerned as I have had some serious problems in the past with other computers. The PUP found was in this file: C:\Users\Shad\AppData\Local\ChomeHitoryDB Do I need to do further scanning and cleaning of my computer again? Thanks for your time.
  14. Hi, I do see the sticky and followed the initial suggestions. I understand that the fix for this issue is to uninstall and reinstall the program. Having said that, this issue is happened to me a numerous times in the short time I have been a premium user of malwarebytes and as such I feel like it is a major flaw. I don't want to have to go through the uninstall process everytime it decides to not moniter my internet usage. Help?
  15. So now that all of that has been done do you think I am ok to put something like credit card information into my computer? I am wondering if I may have done something wrong along the way as since I finished I have been trying to run a windows defender full scan and it is literally taking forever. It doesn't look like it has completed more than 1/10th of it and it has been on for several hours. It is very slowly ticking through files. I seem to remember it going faster than this, is that a possibility? Thanks! Sbennett3348
  16. I couldn't seem to get combofix to pull up anything and I made sure it was typed in (copied and pasted it, the spaces are accurate.) I deleted the links and will just make sure not to click on it for the future. I did notice that you had said this "Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups." and then there was a decent sized gap there. Was there steps that were supposed to be posted? I would like to get those potential harmful programs completely off my computer before truly using it. Once I have the clear from you I will be purchasing Malwarebytes pro and I would like to leave a donation. Thanks for all your help!
  17. I did remove those 4 programs. This is the result of the scan, as directed I made sure that to uncheck remove found threats. Thanks, sbennett3348 ESET SCAN.txt
  18. This hijackthis was run as an admin, I'm not sure if I clicked run as admin on the previous one. hijackthis-admin.txt
  19. Hijack gave me an error while running, it said "For some reason your system denied access to the hosts file. If any hijacked domains are in this file HijackThis may NOT be able to fix this. If that happens, you need to edit the file yourself. To do this, click start, run and type. notepadC :\\windows\system32\drivers\etc\hosts and press enter. Find the line(s) Hijackthis reports and delete them. Save the file as 'hosts'(with quotes) and reboot." The computer itself seems to be running smoothly and I haven't noticed any problems while running it. There was no PUP's found with this scan. Thanks! hijackthis.log MBAM log.txt
  20. So I tried to fix it this time and it says that there is no fixlist text found and that it needs to be in the same folder, but I have it in the same folder. Is there something I am missing?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.