Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-08-2015 Ran by Shane (administrator) on SHANE (29-08-2015 12:44:16) Running from C:\Users\Shane\Downloads Loaded Profiles: Shane (Available Profiles: Shane & shane_000) Platform: Windows 8.1 (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe (Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Spotify Ltd) C:\Users\Shane\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\main.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Shane\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation) HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-03-30] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.) HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [383768 2002-04-12] (Alcor Micro Corp.) HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA) HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA) HKLM-x32\...\Run: [RazerGameBooster] => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.) HKLM-x32\...\Run: [Denzi] => C:\Program Files (x86)\Denzi\Launcher.bat --wait HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2584240 2015-05-08] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\S-1-5-21-1123048913-3374069775-792900894-1001\...\Run: [Spotify Web Helper] => C:\Users\Shane\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-14] (Spotify Ltd) HKU\S-1-5-21-1123048913-3374069775-792900894-1001\...\Run: [Google Update] => C:\Users\Shane\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.) HKU\S-1-5-21-1123048913-3374069775-792900894-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-1123048913-3374069775-792900894-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.) HKU\S-1-5-21-1123048913-3374069775-792900894-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.) HKU\S-1-5-21-1123048913-3374069775-792900894-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.) HKU\S-1-5-21-1123048913-3374069775-792900894-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Shane\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.) HKU\S-1-5-21-1123048913-3374069775-792900894-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd) HKU\S-1-5-21-1123048913-3374069775-792900894-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2013-08-22] (Microsoft Corporation) HKU\S-1-5-21-1123048913-3374069775-792900894-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [456576 2015-06-10] (Sony) HKU\S-1-5-21-1123048913-3374069775-792900894-1001\...\Run: [Plex Media Server] => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" Startup: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon Professional 13 Keygen.lnk [2015-03-21] ShortcutTarget: Dragon Professional 13 Keygen.lnk -> C:\ProgramData\{ebf8c84c-1536-a473-ebf8-8c84c1532130}\Dragon Professional 13 Keygen.exe (No File) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-04-16] () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1123048913-3374069775-792900894-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1 HKU\S-1-5-21-1123048913-3374069775-792900894-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/symbaloo_c SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1123048913-3374069775-792900894-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1123048913-3374069775-792900894-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{54967E39-D566-46A7-AE68-B19BAFAFA4E7}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{FD8CEE9E-1DA7-495E-BAAB-95F19190A71C}: [DhcpNameServer] 192.168.0.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-14] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-05-08] (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-18] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-18] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-20] (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2014-01-05] () FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-05-08] (Adobe Systems) FF Plugin HKU\S-1-5-21-1123048913-3374069775-792900894-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Shane\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-1123048913-3374069775-792900894-1001: @talk.google.com/O1DPlugin -> C:\Users\Shane\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google) FF Plugin HKU\S-1-5-21-1123048913-3374069775-792900894-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Shane\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.) FF Plugin HKU\S-1-5-21-1123048913-3374069775-792900894-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Shane\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.) FF Plugin HKU\S-1-5-21-1123048913-3374069775-792900894-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shane\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-06] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Users\Shane\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Shane\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google) Chrome: ======= CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-20] CHR Extension: (Google Docs) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-20] CHR Extension: (Google Drive) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-20] CHR Extension: (YouTube) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-20] CHR Extension: (Google Search) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-20] CHR Extension: (Google Sheets) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-20] CHR Extension: (AdBlock) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-20] CHR Extension: (Youtube MP3 Converter) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\hglljpndoeopcpehilglkbnincooinnb [2015-07-20] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-25] CHR Extension: (Skype Click to Call) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-07-20] CHR Extension: (Chrome Web Store Payments) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-20] CHR Extension: (Gmail) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-20] CHR HKLM-x32\...\Chrome\Extension: [hglljpndoeopcpehilglkbnincooinnb] - C:\Users\Shane\AppData\Local\Flvto Plugin for Google Chrome\the_extension.crx [2013-08-30] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-08-22] (Windows (R) Win 7 DDK provider) [File not signed] R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation) R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] () R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-17] (WildTangent) R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] () R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-01-27] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-01-27] (McAfee, Inc.) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed] R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [116088 2013-07-18] (Toshiba Europe GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation) S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-15] (Qualcomm Atheros Communications, Inc.) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-01-27] (McAfee, Inc.) R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-03-14] (Disc Soft Ltd) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-27] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation) S2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-01-27] (McAfee, Inc.) R2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-01-27] (McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69352 2014-01-27] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520696 2014-01-27] (McAfee, Inc.) R2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-01-27] (McAfee, Inc.) R2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344688 2014-01-27] (McAfee, Inc.) R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON) S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation ) S3 STIrUsb; C:\Windows\system32\DRIVERS\irstusb.sys [33792 2008-01-19] (SigmaTel, Inc.) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows (R) Win 7 DDK provider) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation) S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation) S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [X] S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-29 12:44 - 2015-08-29 12:44 - 00023969 _____ C:\Users\Shane\Downloads\FRST.txt 2015-08-29 12:42 - 2015-08-29 12:44 - 00000000 ____D C:\FRST 2015-08-29 12:41 - 2015-08-29 12:42 - 02186752 _____ (Farbar) C:\Users\Shane\Downloads\FRST64.exe 2015-08-28 21:46 - 2015-08-28 21:46 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123048913-3374069775-792900894-1001Core1d0e1d29d43e507.job 2015-08-24 23:34 - 2015-08-24 23:34 - 00000000 ____D C:\ProgramData\TOSHIBA Tempro 2015-08-24 23:34 - 2015-08-24 23:34 - 00000000 ____D C:\ProgramData\IsolatedStorage 2015-08-24 23:25 - 2015-08-24 23:25 - 00000000 ____D C:\Users\Shane\Tracing 2015-08-24 20:50 - 2015-08-24 20:50 - 00000000 ____D C:\Windows\system32\nn-NO 2015-08-24 20:50 - 2013-08-13 01:52 - 00440320 ____N (Atheros) C:\Windows\system32\athihvs.dll 2015-08-24 20:50 - 2013-08-13 01:52 - 00060416 ____N (Atheros) C:\Windows\system32\athihvui.dll 2015-08-19 20:02 - 2015-08-27 20:10 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-19 20:02 - 2015-08-19 20:10 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-08-19 20:02 - 2015-08-19 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-19 20:02 - 2015-08-19 20:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-08-19 20:02 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-08-19 20:02 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-08-19 20:02 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-08-19 20:00 - 2015-08-19 20:00 - 00011426 _____ C:\Users\Shane\Downloads\[kickasstorrents.pw]malwarebytes.anti.malware.premium.198.41.205.792.final.keys.atom.torrent 2015-08-19 19:22 - 2015-08-19 19:22 - 00011886 _____ C:\Users\Shane\Downloads\[[demonoid.pw]]-Volume_[MULTi5]_NEW_Cracked.TORRENT 2015-08-14 00:29 - 2015-08-14 00:29 - 00000000 ____D C:\Users\Shane\AppData\Local\CEF 2015-08-09 19:24 - 2015-08-09 19:24 - 00679936 _____ C:\Users\Shane\Downloads\Detection (4).msi 2015-08-09 19:21 - 2015-08-09 19:21 - 00679936 _____ C:\Users\Shane\Downloads\Detection (3).msi 2015-08-09 18:28 - 2015-08-09 18:28 - 00000000 _____ C:\Users\Shane\Desktop\8YNW37P9CU6U.txt 2015-08-09 11:32 - 2015-08-09 11:32 - 00014025 _____ C:\Users\Shane\Downloads\[kickasstorrents.pw]dr.dre.compton.explicit.2015.mp3.album.vbuc.torrent 2015-08-01 00:46 - 2015-08-01 00:46 - 00000000 ____D C:\$WINDOWS.~BT 2015-08-01 00:45 - 2015-08-01 00:45 - 00000000 ___HD C:\$Windows.~WS 2015-08-01 00:43 - 2015-08-01 00:45 - 19646888 _____ (Microsoft Corporation) C:\Users\Shane\Downloads\MediaCreationToolx64.exe 2015-08-01 00:42 - 2015-08-01 00:42 - 00679936 _____ C:\Users\Shane\Downloads\Detection (2).msi 2015-07-31 23:27 - 2015-07-31 23:29 - 00000000 ____D C:\AdwCleaner 2015-07-31 23:27 - 2015-07-31 23:27 - 02248704 _____ C:\Users\Shane\Downloads\adwcleaner_4.208.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-29 12:22 - 2013-12-27 23:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-08-29 12:02 - 2013-10-15 19:30 - 01383768 _____ C:\Windows\WindowsUpdate.log 2015-08-29 12:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\sru 2015-08-29 11:51 - 2015-07-20 20:40 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-08-29 09:53 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness 2015-08-28 21:51 - 2015-07-20 20:40 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-28 21:46 - 2015-07-27 18:30 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123048913-3374069775-792900894-1001Core1d0c891fb30beb2.job 2015-08-28 16:50 - 2013-12-27 17:31 - 00000000 ____D C:\Users\Shane\AppData\Local\Spotify 2015-08-28 16:10 - 2013-12-27 17:31 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Spotify 2015-08-27 20:37 - 2013-12-25 08:37 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1123048913-3374069775-792900894-1001 2015-08-27 20:13 - 2013-09-09 17:17 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI 2015-08-27 20:12 - 2014-10-30 23:54 - 00000000 ___RD C:\Users\Shane\iCloudDrive 2015-08-27 20:11 - 2014-06-21 09:06 - 00000000 __RDO C:\Users\Shane\SkyDrive 2015-08-27 20:09 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-08-27 20:08 - 2013-09-09 18:02 - 00112020 _____ C:\Windows\PFRO.log 2015-08-25 21:17 - 2015-05-15 19:01 - 00000024 _____ C:\Users\Shane\AppData\Roaming\appdataFr25.bin 2015-08-25 00:15 - 2014-10-10 22:08 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Skype 2015-08-24 23:25 - 2013-12-25 08:29 - 00000000 ____D C:\Users\Shane 2015-08-24 22:55 - 2015-04-13 20:29 - 00000000 ____D C:\Users\Shane\Documents\Electronic Arts 2015-08-24 22:53 - 2014-12-20 14:20 - 00000000 ____D C:\Program Files (x86)\Origin Games 2015-08-24 20:50 - 2013-10-15 19:18 - 00000000 ____D C:\Program Files (x86)\Atheros 2015-08-24 20:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\tr-TR 2015-08-24 20:46 - 2014-11-11 10:40 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Mozilla 2015-08-22 09:53 - 2015-07-20 20:46 - 00002214 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-22 01:01 - 2013-08-22 15:46 - 00069393 _____ C:\Windows\setupact.log 2015-08-19 21:22 - 2014-12-26 02:24 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Azureus 2015-08-19 20:44 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\LiveKernelReports 2015-08-18 21:16 - 2013-12-26 17:17 - 00000000 ____D C:\Program Files (x86)\Steam 2015-08-17 23:06 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF 2015-08-11 18:22 - 2013-12-27 23:44 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-08-09 19:24 - 2014-01-18 16:58 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab 2015-08-09 18:49 - 2014-03-01 22:56 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1123048913-3374069775-792900894-1004 2015-08-09 18:44 - 2015-06-14 22:32 - 00000024 _____ C:\Users\shane_000\AppData\Roaming\appdataFr25.bin 2015-08-09 18:43 - 2014-03-01 22:52 - 00000000 __RDO C:\Users\shane_000\SkyDrive 2015-08-06 19:02 - 2013-12-25 08:31 - 00000000 ____D C:\Users\Shane\AppData\Local\Packages 2015-08-05 22:53 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\L2Schemas 2015-08-02 13:47 - 2014-02-16 14:12 - 00000000 ____D C:\Users\Shane\AppData\Roaming\.minecraft 2015-08-01 00:46 - 2013-09-10 18:50 - 00000000 ____D C:\Windows\Panther 2015-07-31 23:30 - 2013-08-22 14:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2015-07-31 23:29 - 2013-12-25 08:31 - 00001010 _____ C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ==================== Files in the root of some directories ======= 2014-02-16 14:05 - 2014-02-16 14:05 - 0005039 _____ () C:\Users\Shane\AppData\Roaming\.minecraft - Shortcut.lnk 2014-12-01 17:57 - 2014-12-11 20:58 - 0000004 _____ () C:\Users\Shane\AppData\Roaming\appdataFr2.bin 2015-05-15 19:01 - 2015-08-25 21:17 - 0000024 _____ () C:\Users\Shane\AppData\Roaming\appdataFr25.bin 2015-03-26 02:26 - 2015-05-14 17:27 - 0000020 _____ () C:\Users\Shane\AppData\Roaming\appdataFr3.bin 2014-04-05 17:33 - 2014-04-05 17:33 - 0041472 ___SH () C:\Users\Shane\AppData\Roaming\Thumbs.db 2014-11-04 23:16 - 2015-06-30 00:16 - 0000290 _____ () C:\Users\Shane\AppData\Roaming\WB.CFG 2015-05-31 16:50 - 2015-05-31 17:00 - 182572124 _____ () C:\Users\Shane\AppData\Local\ACCCx3_0_1_88.zip 2014-11-06 21:16 - 2014-12-17 18:16 - 0000001 _____ () C:\Users\Shane\AppData\Local\DSI.DAT 2015-05-08 23:20 - 2015-06-21 17:45 - 0007600 _____ () C:\Users\Shane\AppData\Local\Resmon.ResmonCfg 2015-04-02 10:54 - 2015-04-30 17:34 - 0000800 _____ () C:\Users\Shane\AppData\Local\Temp-log.txt 2015-03-21 21:53 - 2015-03-21 21:53 - 0001064 _____ () C:\ProgramData\kldaeibkebmnbigjjddgbbljifklchlp - Shortcut.lnk Some files in TEMP: ==================== C:\Users\Shane\AppData\Local\Temp\10E0.exe C:\Users\Shane\AppData\Local\Temp\140.exe C:\Users\Shane\AppData\Local\Temp\1580.exe C:\Users\Shane\AppData\Local\Temp\2564.exe C:\Users\Shane\AppData\Local\Temp\2900.exe C:\Users\Shane\AppData\Local\Temp\2D30.exe C:\Users\Shane\AppData\Local\Temp\2F40.exe C:\Users\Shane\AppData\Local\Temp\38B0.exe C:\Users\Shane\AppData\Local\Temp\3AA0.exe C:\Users\Shane\AppData\Local\Temp\460.exe C:\Users\Shane\AppData\Local\Temp\4AB4.exe C:\Users\Shane\AppData\Local\Temp\5138.exe C:\Users\Shane\AppData\Local\Temp\58B0.exe C:\Users\Shane\AppData\Local\Temp\5C70.exe C:\Users\Shane\AppData\Local\Temp\6D60.exe C:\Users\Shane\AppData\Local\Temp\6E10.exe C:\Users\Shane\AppData\Local\Temp\7000.exe C:\Users\Shane\AppData\Local\Temp\70C0.exe C:\Users\Shane\AppData\Local\Temp\70C8.exe C:\Users\Shane\AppData\Local\Temp\7480.exe C:\Users\Shane\AppData\Local\Temp\8400.exe C:\Users\Shane\AppData\Local\Temp\8730.exe C:\Users\Shane\AppData\Local\Temp\8A40.exe C:\Users\Shane\AppData\Local\Temp\92B0.exe C:\Users\Shane\AppData\Local\Temp\AAMHelper.exe C:\Users\Shane\AppData\Local\Temp\AdobeApplicationManager.exe C:\Users\Shane\AppData\Local\Temp\B104.exe C:\Users\Shane\AppData\Local\Temp\B3D0.exe C:\Users\Shane\AppData\Local\Temp\B3E8.exe C:\Users\Shane\AppData\Local\Temp\B6B0.exe C:\Users\Shane\AppData\Local\Temp\BFE0.exe C:\Users\Shane\AppData\Local\Temp\BlackBerryDeviceManager.exe C:\Users\Shane\AppData\Local\Temp\C20.exe C:\Users\Shane\AppData\Local\Temp\C984.exe C:\Users\Shane\AppData\Local\Temp\D490.exe C:\Users\Shane\AppData\Local\Temp\D960.exe C:\Users\Shane\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpry3ccl.dll C:\Users\Shane\AppData\Local\Temp\E208.exe C:\Users\Shane\AppData\Local\Temp\EE00.exe C:\Users\Shane\AppData\Local\Temp\F160.exe C:\Users\Shane\AppData\Local\Temp\F2C0.exe C:\Users\Shane\AppData\Local\Temp\F8D8.exe C:\Users\Shane\AppData\Local\Temp\FCEC.exe C:\Users\Shane\AppData\Local\Temp\GLB1A2B.EXE C:\Users\Shane\AppData\Local\Temp\i4jdel0.exe C:\Users\Shane\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe C:\Users\Shane\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Shane\AppData\Local\Temp\ochelper.dll C:\Users\Shane\AppData\Local\Temp\ochelper.exe C:\Users\Shane\AppData\Local\Temp\Quarantine.exe C:\Users\Shane\AppData\Local\Temp\RegAsm.exe C:\Users\Shane\AppData\Local\Temp\setacl.exe C:\Users\Shane\AppData\Local\Temp\skype_x864183035908214779793.dll C:\Users\Shane\AppData\Local\Temp\sqlite3.dll C:\Users\Shane\AppData\Local\Temp\SRLDetectionLibrary8136834592822713884.dll C:\Users\Shane\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Shane\AppData\Local\Temp\System.Data.SQLite.dll C:\Users\Shane\AppData\Local\Temp\System.Data.SQLitea475afea-e860-4f30-9dee-294e64bd511a.dll C:\Users\Shane\AppData\Local\Temp\UpdaterCopy.exe C:\Users\Shane\AppData\Local\Temp\vcredist_x64.exe C:\Users\Shane\AppData\Local\Temp\vlc-2.1.5-win32.exe C:\Users\Shane\AppData\Local\Temp\_is3E9B.exe C:\Users\Shane\AppData\Local\Temp\_isD419.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-24 16:47 ==================== End of FRST.txt ============================