Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015 Ran by TonyO (administrator) on TONYO-PC (03-01-2016 12:33:05) Running from C:\Users\TonyO\Desktop Loaded Profiles: TonyO (Available Profiles: TonyO & test) Platform: Windows 10 Home (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe () C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe () C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [520760 2010-03-10] (Conexant Systems, Inc.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] () HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566184 2010-09-28] (TOSHIBA Corporation) HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation) HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation) HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated) HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [USB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] () Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-664253536-2428268681-3679085427-1001\...\Run: [Sidebar] => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-21-664253536-2428268681-3679085427-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1445648 2015-12-22] (Lavasoft) HKU\S-1-5-21-664253536-2428268681-3679085427-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe HKU\S-1-5-21-664253536-2428268681-3679085427-1001\...\MountPoints2: {86091af8-78ae-11e5-9bcc-f065dd647e32} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-664253536-2428268681-3679085427-1001\...\MountPoints2: {86091f36-78ae-11e5-9bcc-f065dd647e32} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-664253536-2428268681-3679085427-1001\...\MountPoints2: {d4a72161-07fa-11e5-9886-f065dd647e32} - "E:\VZW_Software_upgrade_assistant.exe" HKU\S-1-5-21-664253536-2428268681-3679085427-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [232960 2015-07-10] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\TonyO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\TonyO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\TonyO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-20] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\TonyO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-20] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\TonyO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-20] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\TonyO\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-20] (Microsoft Corporation) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-01-21] ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2015-01-21] ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-02] (Lavasoft Limited) Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-02] (Lavasoft Limited) Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-02] (Lavasoft Limited) Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-02] (Lavasoft Limited) Winsock: Catalog9 17 C:\WINDOWS\SysWOW64\LavasoftTcpService.dll [345360 2015-10-02] (Lavasoft Limited) Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-02] (Lavasoft Limited) Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-02] (Lavasoft Limited) Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-02] (Lavasoft Limited) Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-02] (Lavasoft Limited) Winsock: Catalog9-x64 17 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-02] (Lavasoft Limited) Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2 Tcpip\..\Interfaces\{ea7e3472-0e00-4e87-90a2-6a39a276a2b7}: [DhcpNameServer] 75.114.81.1 75.114.81.2 Internet Explorer: ================== HKU\S-1-5-21-664253536-2428268681-3679085427-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/ HKU\S-1-5-21-664253536-2428268681-3679085427-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.toshiba.com/g/ SearchScopes: HKLM -> DefaultScope {788E019F-D148-40E3-9203-885FC0044DC2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKLM -> {788E019F-D148-40E3-9203-885FC0044DC2} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF SearchScopes: HKLM-x32 -> DefaultScope {A1ABB554-EED7-4C94-A891-5D622B2A1F61} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF SearchScopes: HKLM-x32 -> {A1ABB554-EED7-4C94-A891-5D622B2A1F61} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF SearchScopes: HKU\S-1-5-21-664253536-2428268681-3679085427-1001 -> DefaultScope {FC9E205A-0FE1-49AC-A7C3-026D8877239F} URL = SearchScopes: HKU\S-1-5-21-664253536-2428268681-3679085427-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS624 SearchScopes: HKU\S-1-5-21-664253536-2428268681-3679085427-1001 -> {A1ABB554-EED7-4C94-A891-5D622B2A1F61} URL = BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19] (Adobe Systems Incorporated) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-10-14] (Sun Microsystems, Inc.) BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-02] () Toolbar: HKU\S-1-5-21-664253536-2428268681-3679085427-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default FF DefaultSearchEngine: Default FF SelectedSearchEngine: Bing® FF Homepage: hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghHJlwBBwhEGBgSdAsLTA1CGQAOeQEAVRQQQgUVJggJUl9BGQUFIk0FA18DB0VXfWFoKB8fHHdPIUNdE30UQFlQ FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-01] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-01] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF user.js: detected! => C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\user.js [2015-10-02] FF SearchPlugin: C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\searchplugins\bing-lavasoft.xml [2015-10-02] FF SearchPlugin: C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\searchplugins\default.xml [2016-01-03] FF Extension: ADB Helper - C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\Extensions\adbhelper@mozilla.org [2015-11-13] FF Extension: Yahoo! Toolbar - C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2016-01-03] FF Extension: Blazer Deals - C:\Users\TonyO\AppData\Roaming\Mozilla\Firefox\Profiles\1aduwhcj.default\Extensions\{79641bb2-aadb-4a4c-bb66-863556c04fa9}.xpi [2015-10-02] [not signed] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed] S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-12-22] (Lavasoft Limited) S2 SearchProtectionService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.WinService.exe [17168 2015-12-22] () R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [252928 2010-02-25] (TOSHIBA Corporation) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-17] (Malwarebytes) R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-07-10] (Realtek Semiconductor Corporation ) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-09-08] (Toshiba Corporation) S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation) U3 idsvc; no ImagePath S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-03 12:33 - 2016-01-03 12:33 - 00020536 _____ C:\Users\TonyO\Desktop\FRST.txt 2016-01-03 12:27 - 2016-01-03 12:28 - 01745920 _____ C:\Users\TonyO\Desktop\AdwCleaner.exe 2016-01-03 12:14 - 2016-01-03 12:33 - 00000000 ____D C:\FRST 2016-01-03 12:13 - 2016-01-03 12:14 - 02370560 _____ (Farbar) C:\Users\TonyO\Desktop\FRST64.exe 2016-01-03 11:58 - 2016-01-03 11:58 - 00016148 _____ C:\WINDOWS\system32\TONYO-PC_TonyO_HistoryPrediction.bin 2015-12-09 02:13 - 2015-12-01 02:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2015-12-09 02:13 - 2015-12-01 00:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2015-12-09 02:13 - 2015-11-30 23:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2015-12-09 02:13 - 2015-11-25 00:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-12-09 02:13 - 2015-11-25 00:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe 2015-12-09 02:13 - 2015-11-25 00:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2015-12-09 02:13 - 2015-11-25 00:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2015-12-09 02:13 - 2015-11-25 00:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll 2015-12-09 02:13 - 2015-11-25 00:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2015-12-09 02:13 - 2015-11-25 00:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2015-12-09 02:13 - 2015-11-25 00:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2015-12-09 02:13 - 2015-11-25 00:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2015-12-09 02:13 - 2015-11-25 00:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2015-12-09 02:13 - 2015-11-24 23:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2015-12-09 02:13 - 2015-11-24 23:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll 2015-12-09 02:13 - 2015-11-24 23:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll 2015-12-09 02:13 - 2015-11-24 23:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2015-12-09 02:13 - 2015-11-24 23:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll 2015-12-09 02:13 - 2015-11-24 23:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll 2015-12-09 02:13 - 2015-11-24 23:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2015-12-09 02:13 - 2015-11-24 23:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2015-12-09 02:13 - 2015-11-24 23:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2015-12-09 02:13 - 2015-11-24 23:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2015-12-09 02:13 - 2015-11-24 23:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2015-12-09 02:13 - 2015-11-24 23:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2015-12-09 02:13 - 2015-11-24 23:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2015-12-09 02:13 - 2015-11-24 23:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll 2015-12-09 02:13 - 2015-11-24 23:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll 2015-12-09 02:13 - 2015-11-24 23:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2015-12-09 02:13 - 2015-11-24 23:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys 2015-12-09 02:13 - 2015-11-24 23:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2015-12-09 02:13 - 2015-11-24 23:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll 2015-12-09 02:13 - 2015-11-24 23:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2015-12-09 02:13 - 2015-11-24 23:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2015-12-09 02:13 - 2015-11-24 23:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2015-12-09 02:13 - 2015-11-24 23:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2015-12-09 02:13 - 2015-11-24 23:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2015-12-09 02:13 - 2015-11-24 23:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2015-12-09 02:13 - 2015-11-24 23:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2015-12-09 02:13 - 2015-11-24 23:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2015-12-09 02:13 - 2015-11-24 23:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2015-12-09 02:13 - 2015-11-24 23:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2015-12-09 02:13 - 2015-11-24 23:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll 2015-12-09 02:13 - 2015-11-24 23:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2015-12-09 02:13 - 2015-11-24 23:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2015-12-09 02:13 - 2015-11-24 23:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2015-12-09 02:13 - 2015-11-24 23:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2015-12-09 02:13 - 2015-11-24 23:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2015-12-09 02:13 - 2015-11-24 23:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2015-12-09 02:13 - 2015-11-24 23:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll 2015-12-09 02:13 - 2015-11-24 23:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2015-12-09 02:13 - 2015-11-24 23:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2015-12-09 02:13 - 2015-11-24 23:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2015-12-09 02:13 - 2015-11-24 23:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2015-12-09 02:13 - 2015-11-24 23:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2015-12-09 02:13 - 2015-11-24 23:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2015-12-09 02:13 - 2015-11-24 23:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2015-12-09 02:13 - 2015-11-24 23:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll 2015-12-09 02:13 - 2015-11-24 23:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2015-12-09 02:13 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls 2015-12-09 02:13 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls 2015-12-09 02:12 - 2015-12-01 01:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys 2015-12-09 02:12 - 2015-12-01 00:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2015-12-09 02:12 - 2015-12-01 00:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2015-12-09 02:12 - 2015-12-01 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2015-12-09 02:12 - 2015-11-25 00:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2015-12-09 02:12 - 2015-11-24 23:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll 2015-12-09 02:12 - 2015-11-24 23:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys 2015-12-09 02:12 - 2015-11-24 23:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2015-12-09 02:12 - 2015-11-24 23:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll 2015-12-09 02:12 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll 2015-12-09 02:12 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL 2015-12-09 02:12 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL 2015-12-09 02:12 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL 2015-12-09 02:12 - 2015-11-24 23:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2015-12-09 02:12 - 2015-11-24 23:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll 2015-12-09 02:12 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll 2015-12-09 02:12 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL 2015-12-09 02:12 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL 2015-12-09 02:12 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-03 12:16 - 2015-07-10 04:05 - 00000000 ____D C:\Windows 2016-01-03 12:04 - 2015-01-21 21:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-01-03 11:59 - 2015-02-17 20:06 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-01-03 11:58 - 2015-09-08 06:29 - 00000000 ____D C:\Users\TonyO 2016-01-03 11:57 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-01-03 11:57 - 2015-07-10 07:20 - 00198352 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-01-03 11:39 - 2015-02-17 20:06 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-01-03 09:05 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-01-03 09:00 - 2015-09-08 10:20 - 00000000 ___DC C:\WINDOWS\Panther 2016-01-03 08:56 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT 2016-01-01 12:04 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache 2016-01-01 11:03 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-01-01 10:57 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps 2016-01-01 10:55 - 2015-01-21 22:44 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-01-01 10:40 - 2015-09-08 06:28 - 01006528 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-01-01 10:40 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF 2016-01-01 10:32 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-01-01 10:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-01-01 10:27 - 2015-01-21 22:47 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-01-01 10:27 - 2015-01-21 22:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2015-12-26 03:58 - 2015-10-02 17:30 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2015-12-26 03:58 - 2015-10-02 17:30 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-22 19:05 - 2015-01-21 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-22 14:31 - 2015-01-22 16:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-12-20 17:48 - 2015-05-03 19:37 - 00000000 ____D C:\Users\TonyO\AppData\Roaming\SoftGrid Client 2015-12-20 17:43 - 2015-09-08 16:36 - 00002413 _____ C:\Users\TonyO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2015-12-20 17:43 - 2015-05-24 13:29 - 00000000 ___RD C:\Users\TonyO\OneDrive 2015-12-11 04:55 - 2015-09-08 15:44 - 00000000 ____D C:\Users\TonyO\AppData\Local\Packages 2015-12-08 22:39 - 2015-01-21 21:35 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2015-08-03 04:46 - 2015-08-03 04:46 - 0003584 _____ () C:\Users\TonyO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-19 19:34 - 2015-03-19 19:34 - 0000057 _____ () C:\ProgramData\Ament.ini Some files in TEMP: ==================== C:\Users\TonyO\AppData\Local\Temp\IPCameraViewer.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-02 11:42 ==================== End of FRST.txt ============================