Jump to content

Windows.exe In Public Documents and Pevz.exe


Recommended Posts

Recently I've found windows.exe in my laptops public documents folder and also in task manager have seen Pevz.exe running and then dissapearing then running again. I'm currently in safe mode. Here are the FRST scan results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-06-2015
Ran by Michael and Bubba (administrator) on MICHAELS_LAPTOP on 27-06-2015 21:42:53
Running from C:\Users\Michael and Bubba\Downloads
Loaded Profiles: Michael and Bubba (Available Profiles: Michael and Bubba & JJ & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-10] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [817072 2015-05-12] (Webroot)
HKLM-x32\...\Run: [switchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Run: [Application] => C:\Users\Public\Documents\windows.exe [8368732 2015-06-13] ()
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk [2015-05-12]
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk [2015-05-12]
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\WINDOWS\system32\WRusr.dll [2015-05-12] (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\WINDOWS\system32\WRusr.dll [2015-05-12] (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\WINDOWS\system32\WRusr.dll [2015-05-12] (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\WINDOWS\system32\WRusr.dll [2015-05-12] (Webroot)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
URLSearchHook: HKU\S-1-5-21-1362732575-3396155743-3495565454-1001 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
SearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://start.iminent.com/?appId=775744ab-f7cb-4df3-bbab-7be5da016548&ref=toolbox&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1362732575-3396155743-3495565454-1001 -> DefaultScope {74EACC67-6DA7-44E4-BF4E-245D4EB45269} URL = 
SearchScopes: HKU\S-1-5-21-1362732575-3396155743-3495565454-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1362732575-3396155743-3495565454-1001 -> {74EACC67-6DA7-44E4-BF4E-245D4EB45269} URL = 
SearchScopes: HKU\S-1-5-21-1362732575-3396155743-3495565454-1001 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://start.iminent.com/?appId=775744ab-f7cb-4df3-bbab-7be5da016548&ref=toolbox&q={searchTerms}
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll No File
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-05-12] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-06-03] (Webroot)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-16] (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll No File
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-05-12] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-06-03] (Webroot)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-16] (Oracle Corporation)
BHO-x32: Filter Results -> {dd4c66b8-f943-4b10-8053-7e9ee39bba4a} -> C:\Program Files (x86)\Filter Results\Extensions\dd4c66b8-f943-4b10-8053-7e9ee39bba4a.dll [2015-06-25] ()
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-05-12] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-05-12] (Webroot)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-16] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
CHR Extension: (Google Docs) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-16]
CHR Extension: (YouTube) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-16]
CHR Extension: (Google Search) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-16]
CHR Extension: (Google Sheets) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-05-12]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2015-05-17]
CHR Extension: (Google Wallet) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-16]
CHR Extension: (Webroot Password Manager) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-05-12]
CHR Extension: (Gmail) - C:\Users\Michael and Bubba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-16]
CHR HKLM-x32\...\Chrome\Extension: [adpeheiliennogfclcgmchdfdmafjegc] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ehhlaekjfiiojlddgndcnefflngfmhen] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.1.0.57.crx [2015-05-12]
CHR HKLM-x32\...\Chrome\Extension: [nociobghckdhokecfeajdpimjeapnopn] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-05-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-04-10] ()
S2 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2015-05-26] (SIEN S.A.)
S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-16] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-16] ()
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [817072 2015-05-12] (Webroot)
S2 IMService; C:\Program Files (x86)\Common Files\Umbrella\Umbrella262.exe [X]
S2 Service Mgr FilterResults; "C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\plugincontainer.exe" [X]
S2 Update Mgr FilterResults; "C:\Program Files (x86)\Common Files\f08cac26-e74f-49b4-9ff1-f081aa55e1b3\updater.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-27] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
S3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32496 2013-02-06] (Synaptics Incorporated)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-27] (Microsoft Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-05-12] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [41040 2015-06-03] (Webroot)
U0 SR; No ImagePath
U2 srservice; No ImagePath
S1 wsfd_1_10_0_19; system32\drivers\wsfd_1_10_0_19.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-27 21:42 - 2015-06-27 21:44 - 00027434 _____ C:\Users\Michael and Bubba\Downloads\FRST.txt
2015-06-27 21:30 - 2015-06-27 21:30 - 00000000 ____D C:\WINDOWS\SysWOW64\Hotspot Shield
2015-06-27 21:13 - 2015-06-27 21:13 - 00000127 _____ C:\zoek-results.log
2015-06-27 21:08 - 2015-06-27 21:28 - 00001591 _____ C:\runcheck.txt
2015-06-27 21:07 - 2015-06-27 21:07 - 00000000 ____D C:\zoek_backup
2015-06-27 21:04 - 2015-06-27 21:05 - 00031800 _____ C:\Users\Michael and Bubba\Desktop\Addition.txt
2015-06-27 21:03 - 2015-06-27 21:05 - 00054112 _____ C:\Users\Michael and Bubba\Desktop\FRST.txt
2015-06-27 21:02 - 2015-06-27 21:42 - 00000000 ____D C:\FRST
2015-06-27 21:01 - 2015-06-27 21:01 - 00030163 _____ C:\Users\Michael and Bubba\Desktop\Result.txt
2015-06-27 20:58 - 2015-06-27 21:01 - 02112512 _____ (Farbar) C:\Users\Michael and Bubba\Downloads\FRST64.exe
2015-06-27 20:58 - 2015-06-27 21:00 - 00025624 _____ C:\Users\Michael and Bubba\Desktop\reg.txt
2015-06-27 20:57 - 2015-06-27 20:58 - 00278831 _____ C:\Users\Michael and Bubba\Downloads\wireless.exe
2015-06-26 10:30 - 2015-06-26 10:36 - 00000000 ____D C:\Program Files (x86)\PCMATICPLUSSOL
2015-06-26 10:30 - 2015-06-26 10:30 - 00003720 _____ C:\WINDOWS\System32\Tasks\boosterpop
2015-06-26 10:30 - 2015-06-26 10:30 - 00003718 _____ C:\WINDOWS\System32\Tasks\IEError
2015-06-26 10:30 - 2015-06-26 10:30 - 00003534 _____ C:\WINDOWS\System32\Tasks\AI_Updater
2015-06-26 10:29 - 2015-06-26 10:29 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Local\PCMATICPLUS
2015-06-26 10:11 - 2015-06-27 21:30 - 00001984 _____ C:\WINDOWS\PFRO.log
2015-06-26 10:10 - 2015-06-26 10:10 - 00000010 _____ C:\Users\Public\Documents\test.txt
2015-06-26 01:15 - 2015-06-26 01:15 - 60822638 _____ C:\Users\Michael and Bubba\Downloads\4840 - Pokemon - SoulSilver Version (v10) (E).zip
2015-06-26 01:12 - 2015-06-26 01:12 - 00000000 ____D C:\Users\Michael and Bubba\Downloads\Pokemon - SoulSilver Version (US)
2015-06-26 01:12 - 2015-06-13 05:59 - 08368732 _____ C:\Users\Public\Documents\windows.exe
2015-06-26 01:11 - 2015-06-26 01:16 - 00000000 ____D C:\Users\Michael and Bubba\Downloads\desmume-0.9.11-win32
2015-06-26 01:11 - 2015-06-26 01:11 - 00000000 ____D C:\Program Files (x86)\Iminent
2015-06-26 01:10 - 2015-06-26 01:10 - 01194684 _____ C:\Users\Michael and Bubba\Downloads\desmume-0.9.11-win32.zip
2015-06-26 01:09 - 2015-06-26 01:09 - 59587493 _____ C:\Users\Michael and Bubba\Downloads\Pokemon - SoulSilver Version (US).zip
2015-06-26 01:09 - 2015-06-26 01:09 - 01162819 _____ C:\Users\Michael and Bubba\Downloads\CR_Downloader_for_desmume.jse
2015-06-26 01:02 - 2015-06-26 01:02 - 06260496 _____ C:\Users\Michael and Bubba\Downloads\Super Mario 64 (USA).zip
2015-06-26 00:59 - 2015-06-26 10:35 - 00000000 ____D C:\Program Files (x86)\Portable WeatherApp
2015-06-26 00:59 - 2015-06-26 00:59 - 00003690 _____ C:\WINDOWS\System32\Tasks\IE_ERR4WDR
2015-06-26 00:59 - 2015-06-26 00:59 - 00003666 _____ C:\WINDOWS\System32\Tasks\HDNINSTSCHD
2015-06-26 00:59 - 2015-06-26 00:59 - 00003532 _____ C:\WINDOWS\System32\Tasks\UPDTEXE4_WDR
2015-06-26 00:58 - 2015-06-26 00:58 - 03703013 _____ C:\Users\Michael and Bubba\Downloads\Project64 2.1.rar
2015-06-26 00:57 - 2015-06-26 10:21 - 00000000 ____D C:\ProgramData\f08cac26-e74f-49b4-9ff1-f081aa55e1b3
2015-06-26 00:57 - 2015-06-26 00:57 - 00000000 ____D C:\Program Files (x86)\Filter Results
2015-06-26 00:56 - 2015-06-26 00:56 - 01162819 _____ C:\Users\Michael and Bubba\Downloads\CR_Downloader_for_project64.jse
2015-06-23 11:44 - 2015-06-23 11:44 - 00000222 ____C C:\Users\Michael and Bubba\Desktop\Heroes & Generals.url
2015-06-22 02:15 - 2015-06-22 02:15 - 00000220 ____C C:\Users\Michael and Bubba\Desktop\Uplink.url
2015-06-13 14:05 - 2015-06-13 14:05 - 06503984 _____ (Microsoft Corporation) C:\Users\Michael and Bubba\Downloads\vcredist_x86 (2).exe
2015-06-11 19:31 - 2015-06-11 19:31 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Local\GWX
2015-06-11 19:28 - 2015-06-26 10:41 - 00000693 _____ C:\WINDOWS\setupact.log
2015-06-11 19:28 - 2015-06-11 19:28 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-11 19:24 - 2015-06-11 19:24 - 00001927 _____ C:\Users\Michael and Bubba\Documents\Women.txt
2015-06-11 19:21 - 2015-06-11 19:21 - 07194312 _____ (Microsoft Corporation) C:\Users\Michael and Bubba\Downloads\vcredist_x64.exe
2015-06-11 19:21 - 2015-06-11 19:21 - 06503984 _____ (Microsoft Corporation) C:\Users\Michael and Bubba\Downloads\vcredist_x86 (1).exe
2015-06-10 11:00 - 2015-04-01 16:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-10 11:00 - 2015-04-01 16:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-10 11:00 - 2015-03-19 21:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-06-10 11:00 - 2015-03-19 21:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-06-10 11:00 - 2015-03-19 20:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-06-10 11:00 - 2015-03-19 20:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-06-10 10:59 - 2015-05-27 08:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-10 10:59 - 2015-05-27 08:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-10 10:59 - 2015-05-25 07:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-06-10 10:59 - 2015-05-25 07:07 - 01430528 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-06-10 10:59 - 2015-05-22 21:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-10 10:59 - 2015-05-22 21:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-10 10:59 - 2015-05-22 21:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-10 10:59 - 2015-05-22 21:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-10 10:59 - 2015-05-22 21:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-10 10:59 - 2015-05-22 20:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-10 10:59 - 2015-05-22 20:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-10 10:59 - 2015-05-22 20:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-10 10:59 - 2015-05-22 20:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-10 10:59 - 2015-05-22 20:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-10 10:59 - 2015-05-22 20:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-10 10:59 - 2015-05-22 20:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-10 10:59 - 2015-05-22 20:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-10 10:59 - 2015-05-22 20:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-10 10:59 - 2015-05-22 20:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-10 10:59 - 2015-05-22 20:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-10 10:59 - 2015-05-22 20:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-10 10:59 - 2015-05-22 20:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-10 10:59 - 2015-05-22 13:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-10 10:59 - 2015-05-22 13:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-10 10:59 - 2015-05-22 13:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-10 10:59 - 2015-05-22 12:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-10 10:59 - 2015-05-22 12:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-10 10:59 - 2015-05-22 12:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-10 10:59 - 2015-05-22 12:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-10 10:59 - 2015-05-22 12:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-10 10:59 - 2015-05-22 12:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-10 10:59 - 2015-05-22 12:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-10 10:59 - 2015-05-22 12:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-10 10:59 - 2015-05-22 12:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-10 10:59 - 2015-05-22 12:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-10 10:59 - 2015-05-22 12:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-10 10:59 - 2015-05-22 12:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-10 10:59 - 2015-05-22 11:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-10 10:59 - 2015-05-22 11:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-10 10:59 - 2015-05-22 11:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-10 10:59 - 2015-05-22 11:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-10 10:59 - 2015-05-22 11:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-10 10:59 - 2015-05-22 07:08 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-06-10 10:59 - 2015-05-21 07:08 - 01119232 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-06-10 10:59 - 2015-05-21 07:08 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-06-10 10:59 - 2015-05-21 07:08 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-06-10 10:59 - 2015-05-21 07:08 - 00422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-06-10 10:59 - 2015-05-21 07:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-06-10 10:59 - 2015-05-21 07:08 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-06-10 10:59 - 2015-04-24 20:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-10 10:59 - 2015-04-24 20:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-10 10:59 - 2015-04-16 16:07 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-06-10 10:59 - 2015-04-16 00:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-10 10:59 - 2015-04-13 16:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-10 10:59 - 2015-04-13 16:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-10 10:59 - 2015-04-09 18:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-10 10:59 - 2015-04-09 18:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-10 10:59 - 2015-04-08 16:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-06-10 10:59 - 2015-04-08 16:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-10 10:59 - 2015-03-31 22:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-10 10:59 - 2015-03-31 22:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-10 10:59 - 2015-03-31 22:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-10 10:59 - 2015-03-31 22:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-10 10:59 - 2015-03-31 21:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-10 10:59 - 2015-03-31 21:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-10 10:59 - 2015-03-31 21:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-10 10:59 - 2015-03-31 20:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-10 10:59 - 2015-03-31 20:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-10 10:59 - 2015-03-31 20:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-10 10:59 - 2015-03-31 20:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-10 10:59 - 2015-03-31 20:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-10 10:59 - 2015-03-31 20:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-10 10:59 - 2015-03-01 19:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-10 10:59 - 2015-03-01 19:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-10 10:58 - 2015-05-21 10:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-08 17:28 - 2015-06-08 17:28 - 00017627 _____ C:\WINDOWS\DirectX.log
2015-06-08 17:06 - 2015-06-08 17:06 - 00000219 ____C C:\Users\Michael and Bubba\Desktop\Counter-Strike Global Offensive.url
2015-06-08 17:05 - 2015-06-27 21:29 - 01540646 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-08 14:06 - 2015-06-08 14:07 - 00000000 ___DC C:\Users\Michael and Bubba\Desktop\Cloverfield.2008.Bluray.1080p.TrueHD.x264-Grym
2015-06-04 15:47 - 2015-06-04 15:47 - 06503984 _____ (Microsoft Corporation) C:\Users\Michael and Bubba\Downloads\vcredist_x86.exe
2015-06-04 15:46 - 2015-06-04 15:47 - 01021432 _____ (Microsoft Corporation) C:\Users\Michael and Bubba\Downloads\NDP451-KB2859818-Web.exe
2015-06-04 15:41 - 2015-06-04 15:41 - 00266065 _____ C:\Users\Michael and Bubba\Downloads\dotnetfx_cleanup_tool.zip
2015-06-04 15:14 - 2015-06-04 15:14 - 00000252 _____ C:\Users\Michael and Bubba\Documents\blah.txt
2015-06-04 12:05 - 2015-06-04 12:05 - 02375168 _____ C:\Users\Michael and Bubba\Downloads\UnknownPortal.exe
2015-05-28 11:35 - 2015-05-28 11:35 - 27410968 _____ (OpenVPN Technologies) C:\Users\JJ\Downloads\privatetunnel-win-2.4.exe
2015-05-28 11:25 - 2015-05-28 11:25 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1362732575-3396155743-3495565454-1002
2015-05-28 11:20 - 2015-06-26 10:14 - 00002268 _____ C:\Users\JJ\Desktop\Google Chrome.lnk
2015-05-28 11:20 - 2015-06-26 10:14 - 00001451 _____ C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-28 11:20 - 2015-05-28 11:21 - 00000000 ____D C:\Users\JJ\AppData\Local\Packages
2015-05-28 11:20 - 2015-05-28 11:20 - 00000020 ___SH C:\Users\JJ\ntuser.ini
2015-05-28 11:20 - 2015-05-28 11:20 - 00000000 ____D C:\Users\JJ\AppData\Roaming\Adobe
2015-05-28 11:20 - 2015-05-28 11:20 - 00000000 ____D C:\Users\JJ\AppData\Local\Toshiba
2015-05-28 11:20 - 2015-05-28 11:20 - 00000000 ____D C:\Users\JJ\AppData\Local\Google
2015-05-28 11:20 - 2015-05-28 11:20 - 00000000 ____D C:\Users\JJ\AppData\Local\Adobe
2015-05-28 02:59 - 2015-05-28 02:59 - 00000000 ___DC C:\Users\Michael and Bubba\Desktop\Nana Coming Home
2015-05-28 02:55 - 2015-05-28 02:55 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-27 21:43 - 2015-05-12 17:18 - 00000000 ____D C:\ProgramData\WRData
2015-06-27 21:38 - 2015-05-17 14:20 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Roaming\uTorrent
2015-06-27 21:30 - 2013-08-22 07:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-06-27 21:29 - 2013-08-22 08:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-27 21:28 - 2015-03-26 23:25 - 00000000 ____D C:\Users\Michael and Bubba
2015-06-27 21:22 - 2015-03-16 15:12 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-27 21:20 - 2015-04-07 10:32 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-27 21:14 - 2015-03-18 19:17 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Local\CrashDumps
2015-06-27 21:00 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-27 19:37 - 2015-03-16 06:42 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-27 15:26 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-27 15:25 - 2015-04-02 09:00 - 00004002 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CDA37594-8C41-4D2C-9241-408B407BF0A2}
2015-06-27 00:22 - 2015-03-16 15:12 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-26 10:52 - 2015-03-16 06:44 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1362732575-3396155743-3495565454-1001
2015-06-26 10:43 - 2015-03-26 23:57 - 00000000 ___DO C:\Users\Michael and Bubba\OneDrive
2015-06-26 10:14 - 2015-05-25 19:35 - 00002087 ____C C:\Users\Michael and Bubba\Desktop\Play Zoo Tycoon Complete Collection.lnk
2015-06-26 10:14 - 2015-05-18 10:03 - 00001012 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-06-26 10:14 - 2015-05-11 17:32 - 00000845 _____ C:\Users\Michael and Bubba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnknownPortal.lnk
2015-06-26 10:14 - 2015-04-26 16:02 - 00000599 _____ C:\Users\Public\Desktop\Fraps.lnk
2015-06-26 10:14 - 2015-04-17 12:00 - 00001107 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-26 10:14 - 2015-04-07 10:40 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2015-06-26 10:14 - 2015-03-26 23:54 - 00001451 _____ C:\Users\Michael and Bubba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-26 10:14 - 2015-03-26 23:25 - 00000551 _____ C:\Users\Michael and Bubba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-26 10:14 - 2015-03-26 23:25 - 00000551 _____ C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-26 10:14 - 2015-03-26 23:25 - 00000551 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-26 10:14 - 2015-03-26 23:25 - 00000549 _____ C:\Users\Michael and Bubba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-26 10:14 - 2015-03-26 23:25 - 00000549 _____ C:\Users\JJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-26 10:14 - 2015-03-26 23:25 - 00000549 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-26 10:14 - 2014-11-21 02:52 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-26 10:14 - 2014-11-21 02:52 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-06-26 10:14 - 2014-11-21 02:52 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-26 10:14 - 2014-11-21 02:52 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-06-26 10:14 - 2013-05-10 02:25 - 00001086 _____ C:\Users\Public\Desktop\Desktop Assist.lnk
2015-06-24 11:06 - 2012-07-26 01:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-23 11:44 - 2015-03-16 15:08 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-06-19 21:02 - 2015-04-17 12:18 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 21:02 - 2015-04-17 12:18 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-16 12:06 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-11 19:28 - 2013-08-22 08:44 - 04960848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-11 19:25 - 2015-04-06 06:39 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-06-11 19:25 - 2015-04-06 06:39 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-06-11 19:25 - 2015-03-23 15:10 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-06-11 19:25 - 2014-11-21 09:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-06-11 19:25 - 2013-08-22 09:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-06-11 19:24 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-10 15:49 - 2015-03-19 15:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-10 15:44 - 2015-03-19 15:52 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-08 15:21 - 2015-03-19 15:19 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Roaming\TS3Client
2015-06-08 14:09 - 2014-11-21 02:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-04 15:41 - 2014-06-24 14:07 - 00298496 ____C (Microsoft Corporation) C:\Users\Michael and Bubba\Desktop\cleanup_tool.exe
2015-06-04 12:31 - 2015-04-07 10:41 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Roaming\Skype
2015-06-04 11:41 - 2015-04-10 16:42 - 00000000 ___DC C:\Users\Michael and Bubba\Desktop\Hops
2015-06-03 11:33 - 2015-05-12 18:16 - 00041040 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2015-05-31 00:20 - 2015-03-16 06:33 - 00000000 ____D C:\Users\Michael and Bubba\AppData\Local\Packages
2015-05-29 17:10 - 2015-04-07 10:26 - 00000000 ____D C:\Users\Michael and Bubba\Documents\Registry Backups
2015-05-28 11:20 - 2015-03-26 23:25 - 00000000 ____D C:\Users\JJ
2015-05-28 11:20 - 2015-03-16 06:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
 
==================== Files in the root of some directories =======
 
2015-05-12 18:17 - 2015-05-12 18:17 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-01-01 13:02 - 2015-01-01 13:07 - 0000169 _____ () C:\Users\Michael and Bubba\AppData\Local\Tempauto jump.ahk
 
Some files in TEMP:
====================
C:\Users\Michael and Bubba\AppData\Local\Temp\7za.exe
C:\Users\Michael and Bubba\AppData\Local\Temp\DaS_21.exe
C:\Users\Michael and Bubba\AppData\Local\Temp\fsdCEF2.exe
C:\Users\Michael and Bubba\AppData\Local\Temp\hijackthis.exe
C:\Users\Michael and Bubba\AppData\Local\Temp\ICReinstall_JSE_install_app-1435302696310.exe
C:\Users\Michael and Bubba\AppData\Local\Temp\NirCmd.exe
C:\Users\Michael and Bubba\AppData\Local\Temp\PEVZ.EXE
C:\Users\Michael and Bubba\AppData\Local\Temp\remove.exe
C:\Users\Michael and Bubba\AppData\Local\Temp\sed.exe
C:\Users\Michael and Bubba\AppData\Local\Temp\shortcut.exe
C:\Users\Michael and Bubba\AppData\Local\Temp\swreg.exe
C:\Users\Michael and Bubba\AppData\Local\Temp\swxcacls.exe
C:\Users\Michael and Bubba\AppData\Local\Temp\wget.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-16 11:59
 
==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Michael and Bubba at 2015-06-27 21:45:01
Running from C:\Users\Michael and Bubba\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1362732575-3396155743-3495565454-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1362732575-3396155743-3495565454-501 - Limited - Disabled)
JJ (S-1-5-21-1362732575-3396155743-3495565454-1002 - Limited - Enabled) => C:\Users\JJ
Michael and Bubba (S-1-5-21-1362732575-3396155743-3495565454-1001 - Administrator - Enabled) => C:\Users\Michael and Bubba
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DTS Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0062 - DTS, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
Hotspot Shield 3.42 (HKLM-x32\...\HotspotShield) (Version: 3.42 - AnchorFree Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pokki (HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Pokki) (Version: 0.262.11.408 - Pokki)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6886 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.6 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.4.6405 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6407 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.10 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
Toshiba Start (HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Uplink (HKLM-x32\...\Steam App 1510) (Version:  - Introversion Software)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.8.88 - Webroot)
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zoo Tycoon: Complete Collection (HKLM-x32\...\Zoo Tycoon 1.0) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
08-06-2015 17:27:46 Installed DirectX
11-06-2015 19:21:19 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
11-06-2015 19:21:22 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
13-06-2015 14:06:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
22-06-2015 21:14:59 Scheduled Checkpoint
26-06-2015 10:34:43 Removed WeatherApp
27-06-2015 21:13:15 zoek.exe restore point
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {11C1397E-E493-46BD-A922-4808169328D1} - System32\Tasks\HDNINSTSCHD => C:\WINDOWS\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {2020F186-696E-4670-BC6E-FBC5256EB9A4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {20AC7C51-ECD9-4E2C-ABC6-B468625A9AB2} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {2F63EEA5-1415-472C-A74B-29EBE3C68638} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3379C49B-0318-44CF-9155-8A53E101A072} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-16] (Google Inc.)
Task: {46BB8E48-D28B-4752-9029-5A8F10E913AE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {49B5BDF9-CE9D-4FFB-9856-B5B6442ED193} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {4CECB748-F536-4154-9AC3-89C2D556599B} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe <==== ATTENTION
Task: {5E93C3CE-F168-4CA9-8A26-E247FA7D750B} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe <==== ATTENTION
Task: {625FD2B8-FBB9-4CDD-9354-0992BBCCE936} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {6B696377-4F19-481B-B7E8-BCBFC2D33272} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-16] (Google Inc.)
Task: {6DD6A026-FBCE-48B8-BB8D-C8E9CCD185A3} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {80EADA0C-91FF-437E-B8B8-244EFB9C9290} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-06-10] (Microsoft Corporation)
Task: {9388D946-F4A1-4BE4-9986-EBCF1ABA2981} - System32\Tasks\AI_Updater => C:\Program Files (x86)\PCMATICPLUSSOL\updater.exe
Task: {99A0BDCF-CE55-4943-B4F3-15755AA3B462} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {9C05C25F-1900-4CF1-9B48-9A5D5532D50E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {B321765F-7C8C-45AD-89D8-B126EA92E532} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {B3931013-EE79-4257-8D28-2F5A80232DF6} - System32\Tasks\IEError => C:\Program Files (x86)\PCMATICPLUSSOL\Popialert.exe
Task: {CFA34314-12DD-44B4-BF7D-08B6CE673CA7} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {E7517FC5-BD71-4AD3-B0AE-04438150B527} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {F6E094F0-447D-48B7-B621-FCB0D73A0FC3} - System32\Tasks\boosterpop => C:\Program Files (x86)\PCMATICPLUSSOL\Probsalert.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-22 17:23 - 2015-06-19 23:46 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-22 17:23 - 2015-06-19 23:46 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll
2015-06-22 17:23 - 2015-06-19 23:46 - 15003976 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Michael and Bubba\Cookies:J5OWmsWRqeYPHpZzOhzSamZD
AlternateDataStreams: C:\Users\Michael and Bubba\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Michael and Bubba\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION!
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael and Bubba\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\stellar_3d_spheres-1366x768.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1362732575-3396155743-3495565454-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EEB4BDD9-8772-4FBF-A007-4086905BAFB9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{49B13BEA-6616-4E31-A8F9-26037641BD8F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3DB6D078-8D84-4575-90A0-8D98AF6E808A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{39040310-55D8-4CE6-BA28-8E09886CC603}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1F2AFCFA-A84F-4B4B-9012-12BE351D3B4F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{DBB60846-2140-46BD-A7D3-11E711716EB0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5B8E4495-6910-49E0-833E-C3D12D5D4A17}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1344EC43-5D9E-4FB2-8605-FD534D60AB74}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9B9EDD7C-1468-4931-A7FF-7CA059C631E4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{248FCA21-3D63-4706-A479-A4D16C02CF22}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D0F919B6-6931-4942-8513-16AB9073D383}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A0C5FF29-3A37-4F35-9550-6DCE74A76ADF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D14D62BA-81D2-4DE5-B075-A651EDA4E31F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{F56B2F8B-9B78-4D2E-AD35-FCC9BC667DC4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [uDP Query User{FE0AA470-0A84-4B86-8FAE-875041AB5DAC}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{87E252CA-D75B-48D1-9019-0B091CE9151C}] => (Allow) C:\Users\Michael and Bubba\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E5FD51EA-FE25-4E64-B50B-EF5B812BDA37}] => (Allow) C:\Users\Michael and Bubba\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AAE23CAD-F985-4406-9328-52D4134E7268}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B501B22B-897E-4F89-8E74-A3C6EF8336DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{7204E4F1-F2BF-4B0C-A348-09BCBD16832A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{7EDEC3CB-747D-4331-AA23-3CACE4C145F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Uplink\Uplink.exe
FirewallRules: [{910223A6-EAFD-4B4A-8C97-5CD56F7DFB34}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3BFFA062-57E8-4CA6-8FEF-9E7A9546EAD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{F42A3157-12BA-412E-BEF2-914B3E6599F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/27/2015 09:13:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DaS_21.exe, version: 2.1.0.4, time stamp: 0x540c90b2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17415, time stamp: 0x54505737
Exception code: 0xe0434352
Fault offset: 0x0000000000008b9c
Faulting process id: 0x18a0
Faulting application start time: 0xDaS_21.exe0
Faulting application path: DaS_21.exe1
Faulting module path: DaS_21.exe2
Report Id: DaS_21.exe3
Faulting package full name: DaS_21.exe4
Faulting package-relative application ID: DaS_21.exe5
 
Error: (06/27/2015 09:13:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32)
   at System.IO.File.Create(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])
 
Error: (06/27/2015 08:54:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 2.81.34.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 868
 
Start Time: 01d0b142ea090370
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Steam\Steam.exe
 
Report Id: 04f890a9-1d41-11e5-bea3-008cfa702c7b
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/27/2015 07:36:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Steam.exe version 2.81.34.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 948
 
Start Time: 01d0b13fdc8e78d5
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Steam\Steam.exe
 
Report Id: 13a26182-1d36-11e5-bea3-008cfa702c7b
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (06/27/2015 03:22:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 53625938
 
Error: (06/27/2015 03:22:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 53625938
 
Error: (06/27/2015 03:22:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/26/2015 04:40:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 6.3.9600.17489, time stamp: 0x5465bbd5
Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17415, time stamp: 0x54504b1a
Exception code: 0xc000027b
Fault offset: 0x00000000006d663b
Faulting process id: 0x5b4
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5
 
Error: (06/26/2015 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12421625
 
Error: (06/26/2015 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12421625
 
 
System errors:
=============
Error: (06/27/2015 09:43:51 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/27/2015 09:43:20 PM) (Source: DCOM) (EventID: 10005) (User: MICHAELS_LAPTOP)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
Microsoft Office:
=========================
Error: (06/27/2015 09:13:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DaS_21.exe2.1.0.4540c90b2KERNELBASE.dll6.3.9600.1741554505737e04343520000000000008b9c18a001d0b150760347c2C:\Users\MICHAE~1\AppData\Local\Temp\DaS_21.exeC:\WINDOWS\system32\KERNELBASE.dllb66cdc51-1d43-11e5-bea3-008cfa702c7b
 
Error: (06/27/2015 09:13:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DaS_21.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileStream.Init(System.String, System.IO.FileMode, System.IO.FileAccess, Int32, Boolean, System.IO.FileShare, Int32, System.IO.FileOptions, SECURITY_ATTRIBUTES, System.String, Boolean, Boolean, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32, System.IO.FileOptions, System.String, Boolean)
   at System.IO.FileStream..ctor(System.String, System.IO.FileMode, System.IO.FileAccess, System.IO.FileShare, Int32)
   at System.IO.File.Create(System.String)
   at DriverAndServicesOut.Program.Main(System.String[])
 
Error: (06/27/2015 08:54:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.81.34.686801d0b142ea0903704294967295C:\Program Files (x86)\Steam\Steam.exe04f890a9-1d41-11e5-bea3-008cfa702c7b
 
Error: (06/27/2015 07:36:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.81.34.694801d0b13fdc8e78d54294967295C:\Program Files (x86)\Steam\Steam.exe13a26182-1d36-11e5-bea3-008cfa702c7b
 
Error: (06/27/2015 03:22:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 53625938
 
Error: (06/27/2015 03:22:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 53625938
 
Error: (06/27/2015 03:22:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/26/2015 04:40:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SystemSettings.exe6.3.9600.174895465bbd5Windows.UI.Xaml.dll6.3.9600.1741554504b1ac000027b00000000006d663b5b401d0b0608815adc3C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exeC:\Windows\System32\Windows.UI.Xaml.dll59ca415b-1c54-11e5-bea3-008cfa702c7bwindows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel
 
Error: (06/26/2015 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12421625
 
Error: (06/26/2015 04:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12421625
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-11 15:38:02.142
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-05-11 15:38:01.970
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 1037U @ 1.80GHz
Percentage of memory in use: 39%
Total physical RAM: 3975.27 MB
Available physical RAM: 2402.1 MB
Total Pagefile: 4999.27 MB
Available Pagefile: 3436.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: (TI10664600J) (Fixed) (Total:453.06 GB) (Free:316.19 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 

Link to post
Share on other sites
  • Staff

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 



  
 
Yes, PC seems to be infected.
  

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
  • Post its content into your next reply.
Link to post
Share on other sites
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.