troubled
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by troubled
-
-
So far as I can tell, there are no issues. I uninstalled firefox on the computer (since we never used it) and I have adblock on Chrome and it seems to work very well. I will review those links you provided. Once again, thank you very much.
-
OK Thank you .
Here is the check log:
Results of screen317's Security Check version 0.99.90Windows 7 Service Pack 1 x64 (UAC is enabled)Internet Explorer 10 Out of date!``````````````Antivirus/Firewall Check:``````````````Windows Firewall Enabled!McAfee Anti-Virus and Anti-SpywareWMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:`````````Java 8 Update 25Java version out of Date!Adobe Flash Player 15.0.0.223Adobe Reader XIGoogle Chrome (39.0.2171.65)Google Chrome (39.0.2171.71)Google Chrome (chrome.exe..)Google Chrome (Dictionaries...)Google Chrome (master_preferences...)Google Chrome (old_chrome.exe..)````````Process Check: objlist.exe by Laurent````````Norton ccSvcHst.exe`````````````````System Health check`````````````````Total Fragmentation on Drive C: 3%````````````````````End of Log``````````````````````I think it's running fine. IE updated to version 10; I thought the windows update was hanging but it eventually got done. I'm assuming I had some sort of adware trojan? What does Java do, why do I want to turn it off, but keep it updated to the latest version? Thanks for being patient with me. -
Thank you again. Here we go:
RK LOG:
RogueKiller V10.0.8.0 (x64) [Nov 20 2014] by Adlice SoftwareFeedback : http://forum.adlice.comBlog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Brodehl [Administrator]Mode : Scan -- Date : 11/24/2014 15:21:28¤¤¤ Processes : 0 ¤¤¤¤¤¤ Registry : 11 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\0105571416814822mcinstcleanup (C:\windows\TEMP\010557~1.EXE -cleanup -nolog) -> Found[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0105571416814822mcinstcleanup (C:\windows\TEMP\010557~1.EXE -cleanup -nolog) -> Found[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3584365809-3299102769-2135897548-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://xfinity.comcast.net/?cid=cgps08222011 -> Found[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3584365809-3299102769-2135897548-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://xfinity.comcast.net/?cid=cgps08222011 -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC69C4CC-D7F6-4DC3-ADBE-3A373E7EB9A2} | NameServer : 172.26.38.1 172.26.38.2 [(Private Address) (XX)][(Private Address) (XX)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CC69C4CC-D7F6-4DC3-ADBE-3A373E7EB9A2} | NameServer : 172.26.38.1 172.26.38.2 [(Private Address) (XX)][(Private Address) (XX)] -> Found[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{CC69C4CC-D7F6-4DC3-ADBE-3A373E7EB9A2} | NameServer : 172.26.38.1 172.26.38.2 [(Private Address) (XX)][(Private Address) (XX)] -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found¤¤¤ Tasks : 0 ¤¤¤¤¤¤ Files : 0 ¤¤¤¤¤¤ Hosts File : 0 ¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST9320325AS ATA Device +++++--- User ---[MBR] b7c99f337f12d9e06f3d7a18f57b971e[bSP] f857a2e22280eb00b8488b0844a16fb0 : HP MBR CodePartition table:0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 294532 MB2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 606275584 | Size: 9212 MBUser = LL1 ... OKUser = LL2 ... OKESET LOG:C:\FRST\Quarantine\C\a\47726135.zip MSIL/TrojanClicker.Agent.NGY trojanC:\FRST\Quarantine\C\a\frqDqL7O9k.exe MSIL/TrojanClicker.Agent.NGY trojanC:\FRST\Quarantine\C\a\internetport3.exe MSIL/TrojanClicker.Agent.NGY trojanC:\FRST\Quarantine\C\a\VLC_Media_Player_Setup.exe Win32/DownloadAdmin.G potentially unwanted applicationUpdate on computer:I went to the same websites where I had the video ads, none appeared.I don't have the C: sysWOW64 command prompt when I start the computer.I still have the multiple svchost.exe processes, but I'm assuming that's normal now.
The computer seems much faster opening programs, etc, but I don't do much with it other than browse the web. It's not a workhorse or anything. I hope that's descriptive enough.
-
FIXLOG:
Content of fixlist:*****************start() C:\a\internetport3.exeHKLM\...\Run: [] => [X]HKLM-x32\...\Run: [autoauto] => 58580087.batHKU\S-1-5-21-3584365809-3299102769-2135897548-1001\...\Run: [AVG-Secure-Search-Update_0913a] => C:\Users\Brodehl\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 6dfcad3ef61547d398ebd16f2a931082-2f4fe1a25dcbb94c1302d18043d89a3202eb665e --CMPID 0913aC:\Users\Brodehl\AppData\Roaming\AVG 0913a CampaignHKU\S-1-5-21-3584365809-3299102769-2135897548-1001\...\MountPoints2: {afdde07b-fcd2-11e0-8d88-00266c77f971} - E:\AutoRun.exeProxyEnable: [s-1-5-21-3584365809-3299102769-2135897548-1001] => Internet Explorer proxy is enabled.ProxyServer: [s-1-5-21-3584365809-3299102769-2135897548-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001 -> {717B3818-AFC1-42B2-96C8-98CD33A2B499} URL =BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File2014-11-22 11:13 - 2014-11-22 11:13 - 05008056 _____ (Adobe Systems Inc.) C:\Users\Brodehl\Downloads\Shockwave_Installer_Slim (1).exe2014-11-22 22:17 - 2014-05-03 19:20 - 00000000 ___HD () C:\aC:\Users\Brodehl\AppData\Local\Temp\DataCard_Setup64.exeC:\Users\Brodehl\AppData\Local\Temp\DefaultAssets.exeC:\Users\Brodehl\AppData\Local\Temp\DefaultOfflineContent.exeC:\Users\Brodehl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpussn3t.dllC:\Users\Brodehl\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Brodehl\AppData\Local\Temp\PCCU_Installer.exeC:\Users\Brodehl\AppData\Local\Temp\ResetDevice.exeCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end*****************C:\a\internetport3.exe => No running process foundHKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\autoauto => Value not found.HKU\S-1-5-21-3584365809-3299102769-2135897548-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913a => Value not found."C:\Users\Brodehl\AppData\Roaming\AVG 0913a Campaign" => File/Directory not found."HKU\S-1-5-21-3584365809-3299102769-2135897548-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afdde07b-fcd2-11e0-8d88-00266c77f971}" => Key not found."HKCR\CLSID\{afdde07b-fcd2-11e0-8d88-00266c77f971}" => Key not found.HKU\S-1-5-21-3584365809-3299102769-2135897548-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.HKU\S-1-5-21-3584365809-3299102769-2135897548-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found."HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found."HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found."HKU\S-1-5-21-3584365809-3299102769-2135897548-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{717B3818-AFC1-42B2-96C8-98CD33A2B499}" => Key not found."HKCR\CLSID\{717B3818-AFC1-42B2-96C8-98CD33A2B499}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found."HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found."C:\Users\Brodehl\Downloads\Shockwave_Installer_Slim (1).exe" => File/Directory not found."C:\a" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\DataCard_Setup64.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\DefaultAssets.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\DefaultOfflineContent.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpussn3t.dll" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\PCCU_Installer.exe" => File/Directory not found."C:\Users\Brodehl\AppData\Local\Temp\ResetDevice.exe" => File/Directory not found.========= ipconfig /flushdns =========Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.========= End of CMD: ================== netsh winsock reset all =========Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset.========= End of CMD: ================== netsh int ipv4 reset =========There's no user specified settings to be reset.========= End of CMD: ================== netsh int ipv6 reset =========There's no user specified settings to be reset.========= End of CMD: =========EmptyTemp: => Removed 498 byte temporary data.The system needed a reboot.==== End of Fixlog ====MBAM log:Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 11/23/2014Scan Time: 10:36:19 PMLogfile:Administrator: YesVersion: 2.00.3.1025Malware Database: v2014.11.24.03Rootkit Database: v2014.11.22.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: BrodehlScan Type: Threat ScanResult: CompletedObjects Scanned: 323509Time Elapsed: 24 min, 22 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end)ADWCLEANER LOG:# AdwCleaner v4.102 - Report created 23/11/2014 at 23:08:55# Updated 23/11/2014 by Xplode# Database : 2014-11-23.7 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Brodehl - BRODEHL-PC# Running from : C:\Users\Brodehl\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\PartnerFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WondershareFolder Deleted : C:\Program Files (x86)\SearchProtectFolder Deleted : C:\Program Files (x86)\WondershareFolder Deleted : C:\Users\Brodehl\AppData\Roaming\pccustubinstallerFile Deleted : C:\END***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKCU\Software\AVG SafeGuard toolbarKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKLM\SOFTWARE\AVG Secure SearchKey Deleted : HKLM\SOFTWARE\AVG Security Toolbar***** [ Browsers ] *****-\\ Internet Explorer v9.0.8112.16490-\\ Mozilla Firefox v-\\ Google Chrome v39.0.2171.65[C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}[C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}-\\ Chromium v[C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}[C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}*************************AdwCleaner[R0].txt - [1911 octets] - [23/11/2014 23:06:14]AdwCleaner[s0].txt - [2052 octets] - [23/11/2014 23:08:55]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2112 octets] ##########JRT log:~~~ Services~~~ Registry Values~~~ Registry Keys~~~ Files~~~ Folders~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 11/23/2014 at 23:23:57.20End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~FRST log:Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01Ran by Brodehl (administrator) on BRODEHL-PC on 23-11-2014 23:25:41Running from C:\Users\Brodehl\DownloadsLoaded Profile: Brodehl (Available profiles: Brodehl)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 9Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE(Dropbox, Inc.) C:\Users\Brodehl\AppData\Roaming\Dropbox\bin\Dropbox.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-09] (Toshiba)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)HKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-3584365809-3299102769-2135897548-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-04] (Google Inc.)HKU\S-1-5-21-3584365809-3299102769-2135897548-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)HKU\S-1-5-21-3584365809-3299102769-2135897548-1001\...\Run: [attcm.exe] => C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm.exeHKU\S-1-5-21-3584365809-3299102769-2135897548-1001\...\Run: [Google Update] => C:\Users\Brodehl\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-15] (Google Inc.)Startup: C:\Users\Brodehl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Brodehl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Brodehl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnkShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\S-1-5-21-3584365809-3299102769-2135897548-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=cgps08222011HKU\S-1-5-21-3584365809-3299102769-2135897548-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM -> DefaultScope {717B3818-AFC1-42B2-96C8-98CD33A2B499} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKLM -> {717B3818-AFC1-42B2-96C8-98CD33A2B499} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKLM-x32 -> DefaultScope {4E9860C6-13A2-4A1F-8C74-991D8A57ECB1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKLM-x32 -> {4E9860C6-13A2-4A1F-8C74-991D8A57ECB1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNASearchScopes: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001 -> DefaultScope {04801841-A6C6-4FCF-B396-7479295644F8} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS397SearchScopes: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001 -> {04801841-A6C6-4FCF-B396-7479295644F8} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS397SearchScopes: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001 -> {4E9860C6-13A2-4A1F-8C74-991D8A57ECB1} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNABHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocxHandler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{CC69C4CC-D7F6-4DC3-ADBE-3A373E7EB9A2}: [NameServer] 172.26.38.1 172.26.38.2FireFox:========FF ProfilePath: C:\Users\Brodehl\AppData\Roaming\Mozilla\Firefox\Profiles\s2ann6vk.default-1387037791536FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()FF Plugin: @java.com/DTPlugin,version=10.21.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-3584365809-3299102769-2135897548-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Brodehl\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-3584365809-3299102769-2135897548-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Brodehl\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Extension: Firefox Old Version Update Hotfix - C:\Users\Brodehl\AppData\Roaming\Mozilla\Firefox\Profiles\s2ann6vk.default-1387037791536\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-25]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-12]FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-12]Chrome:=======CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\internal-nacl-plugin No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll ()CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Java Deployment Toolkit 7.0.710.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Java Platform SE 7 U71) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Users\Brodehl\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)CHR Profile: C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-22]CHR Extension: (Google Docs) - C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-22]CHR Extension: (Google Drive) - C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-22]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-22]CHR Extension: (YouTube) - C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-22]CHR Extension: (Google Cast) - C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-11-22]CHR Extension: (Google Search) - C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-22]CHR Extension: (Google Sheets) - C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-22]CHR Extension: (AdBlock) - C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-22]CHR Extension: (Google Wallet) - C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-22]CHR Extension: (Gmail) - C:\Users\Brodehl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-22]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-06-12] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-07-24] (McAfee, Inc.)R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)R2 mfevtp; C:\windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [227184 2011-08-10] ()R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.) [File not signed]S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2010-07-27] (Huawei Technologies Co., Ltd.) [File not signed]S3 ew_usbenumfilter; C:\Windows\System32\DRIVERS\ew_usbenumfilter.sys [13952 2010-03-20] (Huawei Technologies Co., Ltd.) [File not signed]S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2010-08-07] (Huawei Technologies Co., Ltd.) [File not signed]R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [444720 2014-07-24] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-07-24] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 ViaUsbModemDriver; C:\Windows\System32\DRIVERS\VIA_USB_MODEM.sys [28160 2011-10-04] ()S3 VIA_USB_ETS; C:\Windows\System32\DRIVERS\VIA_USB_ETS.sys [21760 2011-10-04] (Via Telecom, Inc.)==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-23 23:23 - 2014-11-23 23:23 - 00000635 _____ () C:\Users\Brodehl\Desktop\JRT.txt2014-11-23 23:16 - 2014-11-23 23:16 - 00000000 ____D () C:\windows\ERUNT2014-11-23 23:15 - 2014-11-23 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-11-23 23:13 - 2014-11-23 23:13 - 01707532 _____ (Thisisu) C:\Users\Brodehl\Desktop\JRT.exe2014-11-23 23:06 - 2014-11-23 23:08 - 00000000 ____D () C:\AdwCleaner2014-11-23 23:05 - 2014-11-23 23:05 - 02148864 _____ () C:\Users\Brodehl\Desktop\AdwCleaner.exe2014-11-23 21:32 - 2014-11-23 21:32 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Brodehl\Desktop\tdsskiller.exe2014-11-23 19:19 - 2014-11-23 19:19 - 00041187 _____ () C:\Users\Brodehl\Downloads\FRST (2).txt2014-11-23 17:47 - 2014-11-23 17:47 - 00041187 _____ () C:\Users\Brodehl\Downloads\FRST (1).txt2014-11-23 17:26 - 2014-11-23 17:26 - 00041187 _____ () C:\Users\Brodehl\Desktop\FRST.txt2014-11-23 17:26 - 2014-11-23 17:26 - 00033608 _____ () C:\Users\Brodehl\Desktop\Addition.txt2014-11-23 17:25 - 2014-11-23 17:25 - 00033608 _____ () C:\Users\Brodehl\Downloads\Addition.txt2014-11-23 17:23 - 2014-11-23 23:26 - 00025516 _____ () C:\Users\Brodehl\Downloads\FRST.txt2014-11-23 17:23 - 2014-11-23 17:23 - 00001304 _____ () C:\Users\Brodehl\Desktop\Notepad.lnk2014-11-23 17:21 - 2014-11-23 23:25 - 00000000 ____D () C:\FRST2014-11-23 17:20 - 2014-11-23 17:20 - 02118144 _____ (Farbar) C:\Users\Brodehl\Downloads\FRST64.exe2014-11-22 22:16 - 2014-11-22 22:16 - 00001424 _____ () C:\Users\Brodehl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk2014-11-22 11:04 - 2014-11-22 11:04 - 00002230 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-11-22 11:04 - 2014-11-22 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2014-11-22 11:01 - 2014-11-22 11:01 - 00042425 _____ () C:\Users\Brodehl\Documents\bookmarks_11_22_14.html2014-11-22 08:47 - 2014-11-23 22:35 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-11-22 08:46 - 2014-11-22 08:46 - 00001077 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-11-22 08:46 - 2014-11-22 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-11-22 08:46 - 2014-11-22 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-11-22 08:46 - 2014-11-22 08:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-11-22 08:46 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-11-22 08:46 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-11-22 08:46 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-11-22 08:45 - 2014-11-22 08:46 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Brodehl\Downloads\mbam-setup-2.0.3.1025.exe2014-11-21 18:03 - 2014-11-21 18:03 - 00000000 ____D () C:\Users\Brodehl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast2014-11-19 17:47 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll2014-11-19 17:47 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll2014-11-19 17:47 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll2014-11-19 17:47 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll2014-11-15 19:49 - 2014-11-23 22:54 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3584365809-3299102769-2135897548-1001UA.job2014-11-15 19:49 - 2014-11-23 21:37 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3584365809-3299102769-2135897548-1001Core.job2014-11-15 19:49 - 2014-11-21 18:03 - 00001230 _____ () C:\Users\Brodehl\Desktop\Chromecast.lnk2014-11-15 19:49 - 2014-11-15 19:49 - 00880784 _____ (Google Inc.) C:\Users\Brodehl\Downloads\chromecastinstaller.exe2014-11-15 19:49 - 2014-11-15 19:49 - 00003890 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3584365809-3299102769-2135897548-1001UA2014-11-15 19:49 - 2014-11-15 19:49 - 00003494 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3584365809-3299102769-2135897548-1001Core2014-11-11 20:15 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll2014-11-11 20:15 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-11-11 20:15 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-11-11 20:14 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll2014-11-11 20:14 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll2014-11-11 20:14 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll2014-11-11 20:14 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll2014-11-11 20:14 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys2014-11-11 20:14 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll2014-11-11 20:14 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll2014-11-11 20:14 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll2014-11-11 20:14 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll2014-11-11 20:14 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll2014-11-11 20:14 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll2014-11-11 20:14 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll2014-11-11 20:14 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll2014-11-11 20:14 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-11-11 20:14 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll2014-11-11 20:14 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll2014-11-11 20:14 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll2014-11-11 20:14 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll2014-11-11 20:14 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll2014-11-11 20:14 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll2014-11-11 20:14 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll2014-11-11 20:14 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll2014-11-11 20:14 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll2014-11-11 20:14 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll2014-11-11 20:14 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll2014-11-11 20:14 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll2014-11-11 20:14 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2014-11-11 20:14 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2014-11-11 20:14 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll2014-11-11 20:14 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll2014-11-11 20:14 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll2014-11-11 20:14 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll2014-11-11 20:14 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2014-11-11 20:14 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2014-11-11 20:14 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2014-11-11 20:14 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll2014-11-11 20:14 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2014-11-11 20:14 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll2014-11-11 20:14 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL2014-11-11 20:14 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL2014-11-11 20:12 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll2014-11-11 20:12 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2014-11-23 23:18 - 2009-07-13 21:13 - 00782494 _____ () C:\windows\system32\PerfStringBackup.INI2014-11-23 23:18 - 2009-07-13 20:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-23 23:18 - 2009-07-13 20:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-23 23:17 - 2010-08-16 06:55 - 01875058 _____ () C:\windows\WindowsUpdate.log2014-11-23 23:10 - 2014-03-25 18:07 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf48981ede5f3c.job2014-11-23 23:10 - 2012-11-27 20:31 - 00000000 ___RD () C:\Users\Brodehl\Dropbox2014-11-23 23:10 - 2012-11-27 20:28 - 00000000 ____D () C:\Users\Brodehl\AppData\Roaming\Dropbox2014-11-23 23:10 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-11-23 23:10 - 2009-07-13 20:51 - 00070952 _____ () C:\windows\setupact.log2014-11-23 23:09 - 2010-04-04 13:07 - 00801458 _____ () C:\windows\PFRO.log2014-11-23 22:42 - 2012-09-16 08:04 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-11-23 22:36 - 2010-09-13 12:49 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-23 10:35 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\rescache2014-11-23 08:18 - 2014-05-14 08:24 - 00000000 ____D () C:\Temp2014-11-22 22:16 - 2010-09-13 12:41 - 00001418 _____ () C:\Users\Brodehl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-11-22 22:11 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\PolicyDefinitions2014-11-22 15:07 - 2014-03-12 07:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-11-22 11:04 - 2010-09-13 12:46 - 00000000 ____D () C:\Users\Brodehl\AppData\Local\Google2014-11-22 11:04 - 2010-04-04 12:57 - 00000000 ____D () C:\Program Files (x86)\Google2014-11-22 09:43 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\Speech2014-11-22 08:24 - 2013-01-05 22:53 - 00000000 ____D () C:\Users\Brodehl\AppData\Local\CrashDumps2014-11-19 18:50 - 2012-11-27 20:31 - 00001037 _____ () C:\Users\Brodehl\Desktop\Dropbox.lnk2014-11-19 18:50 - 2012-11-27 20:29 - 00000000 ____D () C:\Users\Brodehl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-11-13 23:31 - 2014-03-25 18:07 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1cf48981ede5f3c2014-11-13 23:31 - 2010-09-13 12:49 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-11-11 20:42 - 2009-07-13 20:45 - 00418328 _____ () C:\windows\system32\FNTCACHE.DAT2014-11-11 20:39 - 2014-04-29 18:06 - 00000000 ___SD () C:\windows\system32\CompatTel2014-11-11 20:34 - 2010-08-16 07:00 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-11-11 20:28 - 2013-08-16 18:06 - 00000000 ____D () C:\windows\system32\MRT2014-11-11 20:20 - 2010-10-12 12:35 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-11-11 17:42 - 2012-09-16 08:04 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2014-11-11 17:42 - 2012-04-07 22:00 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-11-11 17:42 - 2011-05-22 21:18 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-10-27 14:17 - 2014-01-09 22:07 - 00000000 ____D () C:\Program Files (x86)\McAfeeSome content of TEMP:====================C:\Users\Brodehl\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkekghm.dllC:\Users\Brodehl\AppData\Local\Temp\Quarantine.exeC:\Users\Brodehl\AppData\Local\Temp\sqlite3.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2014-11-15 10:55==================== End Of Log ============================ADDITION LOG:Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01Ran by Brodehl at 2014-11-23 23:27:36Running from C:\Users\Brodehl\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.3.13070 - Adobe Systems Inc.)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)ATI Catalyst Install Manager (HKLM\...\{5792CD64-61B4-C448-0D22-3C51DD73AB2A}) (Version: 3.0.765.0 - ATI Technologies, Inc.)Belarc Advisor 8.2 (HKLM-x32\...\Belarc Advisor) (Version: 8.2.7.9 - Belarc Inc.)ccc-core-static (x32 Version: 2010.0315.1050.17562 - ATI) HiddenChromecastApp (HKU\S-1-5-21-3584365809-3299102769-2135897548-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.111.0.64 - Conexant)Dropbox (HKU\S-1-5-21-3584365809-3299102769-2135897548-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.65 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenImage Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) HiddenImage Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)inSSIDer (HKLM-x32\...\{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}) (Version: 2.1.5 - MetaGeek)Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) HiddenLabel@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)Lexia Reading (HKLM-x32\...\Lexia Reading 8.0.2) (Version: 8.0.2 - Lexia Learning Systems, Inc.)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.988 - McAfee, Inc.)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)MotoHelper 2.0.53 Driver 5.2.0 (HKLM-x32\...\MotoHelper) (Version: 2.0.53 - Motorola)MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) HiddenMotorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0 - Motorola Inc.) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)Process Hacker 2.33 (r5590) (HKLM\...\Process_Hacker2_is1) (Version: 2.33.0.5590 - wj32)Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.6.0 - SAMSUNG Electronics Co., Ltd.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 4.0.0.0 - Stellar Information Systems Ltd)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)Tether (HKLM-x32\...\{C5C67EA4-16FA-473C-B274-904A71162DE4}) (Version: 1.0.2 - ClockworkMod)TOPO! 4 (HKLM-x32\...\{5B3FB6D4-1B88-413D-8DE7-A7E2D58DE5B2}) (Version: 4.5.0 - National Geographic Maps)TOPO! Explorer (HKLM-x32\...\{5E57F669-AD92-4A0C-95D6-96DCEBC49BCA}) (Version: 1.2.0 - National Geographic Maps)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.3.198 - Symantec Corporation)TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)Wondershare Photo Recovery (build 3.0.3) (HKLM-x32\...\Wondershare Photo Recovery_is1) (Version: - Wondershare Software Co., Ltd.)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Brodehl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Brodehl\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Brodehl\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brodehl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brodehl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brodehl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brodehl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brodehl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brodehl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brodehl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3584365809-3299102769-2135897548-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Brodehl\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)==================== Restore Points =========================21-10-2014 19:24:34 Installed Java 7 Update 7123-10-2014 04:53:15 Windows Update01-11-2014 19:14:43 Scheduled Checkpoint10-11-2014 23:03:17 Scheduled Checkpoint12-11-2014 04:15:27 Windows Update19-11-2014 05:12:31 Scheduled Checkpoint20-11-2014 01:47:15 Windows Update22-11-2014 23:13:44 Windows Modules Installer==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {15B9A154-FA98-4659-A4A4-39A290D25D8C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)Task: {267D4661-3A83-4B19-82D1-BECABF77030D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)Task: {3A517241-E3D9-4D93-A661-E60F822C4E82} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()Task: {461E42B8-5957-43A6-9A80-E82644069C8D} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()Task: {6E2901CF-6DE9-447E-B5DB-7E125BD91A26} - System32\Tasks\GoogleUpdateTaskMachineCore1cf48981ede5f3c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-16] (Google Inc.)Task: {91A45828-973A-43AC-8C05-1AB1054C1F7E} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()Task: {944C8EE0-C5A2-463D-8A02-7D1A2CF5361C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3584365809-3299102769-2135897548-1001UA => C:\Users\Brodehl\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)Task: {9EE08F09-67C9-4FC1-89EB-75B809D74AC8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3584365809-3299102769-2135897548-1001Core => C:\Users\Brodehl\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)Task: {A4D087E0-F17E-406B-8DA5-82A7E5550904} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {A8FB0B85-6B19-4AEC-BC61-5CC57FC9797A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {F8CE302B-2942-40B0-A426-CBD3B21436CD} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf48981ede5f3c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3584365809-3299102769-2135897548-1001Core.job => C:\Users\Brodehl\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3584365809-3299102769-2135897548-1001UA.job => C:\Users\Brodehl\AppData\Local\Google\Update\GoogleUpdate.exe==================== Loaded Modules (whitelisted) =============2011-08-10 11:35 - 2011-08-10 11:35 - 00227184 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe2011-08-08 14:11 - 2011-08-08 14:11 - 00681840 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe2010-03-03 13:15 - 2010-03-03 13:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll2009-11-03 12:26 - 2009-11-03 12:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll2010-03-03 13:15 - 2010-03-03 13:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll2010-04-04 12:48 - 2009-06-22 14:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll2009-03-12 18:08 - 2009-03-12 18:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll2009-07-25 16:38 - 2009-07-25 16:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll2009-10-13 09:00 - 2009-10-13 09:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll2010-08-16 07:10 - 2010-08-16 07:10 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2010-02-05 16:44 - 2010-02-05 16:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2014-11-23 23:10 - 2014-11-23 23:10 - 00043008 _____ () c:\users\brodehl\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkekghm.dll2013-08-23 11:01 - 2013-08-23 11:01 - 25100288 _____ () C:\Users\Brodehl\AppData\Roaming\Dropbox\bin\libcef.dll2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)========================= Accounts: ==========================Administrator (S-1-5-21-3584365809-3299102769-2135897548-500 - Administrator - Disabled)Brodehl (S-1-5-21-3584365809-3299102769-2135897548-1001 - Administrator - Enabled) => C:\Users\BrodehlGuest (S-1-5-21-3584365809-3299102769-2135897548-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3584365809-3299102769-2135897548-1002 - Limited - Enabled)==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================System errors:=============Microsoft Office Sessions:=========================CodeIntegrity Errors:===================================Date: 2014-08-16 17:11:19.628Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCB599.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.Date: 2014-08-16 17:11:19.612Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCB599.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.Date: 2014-08-16 17:11:19.612Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCB599.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.Date: 2014-08-16 17:11:19.597Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCB599.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-23 18:47:55.940Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC8811.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-23 18:47:55.901Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC8811.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-23 18:47:55.851Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC8811.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-23 18:47:55.808Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSC8811.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-23 16:58:54.665Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCA7BF.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.Date: 2014-05-23 16:58:54.661Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore_3_8\VSCA7BF.tmp\vscore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Processor: AMD V120 ProcessorPercentage of memory in use: 24%Total physical RAM: 7930.9 MBAvailable physical RAM: 6005.72 MBTotal Pagefile: 15859.98 MBAvailable Pagefile: 13938.98 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB==================== Drives ================================Drive c: (TI105846W0F) (Fixed) (Total:287.63 GB) (Free:200.25 GB) NTFS ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 95EA1705)Partition 1: (Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Not Active) - (Size=287.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=9 GB) - (Type=17)==================== End Of Log ============================ -
And here is the TDSS log. Thanks for any assistance.
-
Also, I always have multiple svchost.exe running. Computer is sometimes very slow.
-
Hello, my laptop has been running slowly for a while. A couple of days ago, a got annoying popup videos in the lower right corner of Chrome. Adblock blocked the video, but the popup still comes up. I have very few plug ins and only a couple extensions, none of them related to anything that normal internet searching turned up. I uninstalled/reinstalled browser, still there. When I start the computer, a DOS command prompt window appears with the syswow64 extension. My McAfee finds nothing and Malwarebytes found nothing as well. I'm not really a computer geek, but I think I can make it though any instructions.
I need your help. I read some other threads and I've started by running the FRST tools... attached are the FRST and additon logs.
Help with popup videos and syswow64... please. Thanks.
in Resolved Malware Removal Logs
Posted
I also bought you a beer. If you were here I'd do it in person.