Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

continuous loop [Solved]


  • This topic is locked This topic is locked

#46
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

No I didn't expect it to still be flashing so it doesn't appear that it's the video drivers.

 

Let's validate if it's malware or not causing the issue. If not I can direct you to the hardware/software experts.

 

OK, get back in to a stable state (Safe Mode With Networking). Then do the following.

 

Step#1 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop. If you still have the one on your desktop from previously running it you can use that one.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.


  • 0

Advertisements


#47
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
Running out for a bit. Be back soon. Thanks again for your help.
  • 0

#48
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
I'll run your last directions first
  • 0

#49
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by Justin (administrator) on JGAMINGCOMPUTER on 19-04-2015 11:02:17
Running from C:\Users\Justin\Desktop
Loaded Profiles: Justin (Available profiles: Justin)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2818800 2014-06-16] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [506680 2014-06-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3619160 2015-02-25] (Electronic Arts)
HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\...\MountPoints2: {b703932e-92c3-11e4-8262-3863bbaab60d} - "F:\VerizonSWUpgradeAssistantLauncher.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1B537232-A5A2-4F4B-A112-81B10AAB3412} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKU\S-1-5-21-3181081214-4100868398-1530923957-1001 -> {1B537232-A5A2-4F4B-A112-81B10AAB3412} URL = http://www.amazon.co...ds={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-17] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-17] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-25] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-04-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-25] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-03-17] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-04-07]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3326235&octid=EB_ORIGINAL_CTID&ISID=M827513AD-36FB-4E0E-B612-8033715FA33A&SearchSource=55&CUI=&UM=5&UP=SP75EBC046-5559-455F-B819-4C60170D0E36&SSPV=
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3326235&octid=EB_ORIGINAL_CTID&ISID=M827513AD-36FB-4E0E-B612-8033715FA33A&SearchSource=55&CUI=&UM=5&UP=SP75EBC046-5559-455F-B819-4C60170D0E36&SSPV="
CHR Profile: C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-19]
CHR Extension: (Google Docs) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-19]
CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-19]
CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-19]
CHR Extension: (Google Search) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-19]
CHR Extension: (Google Sheets) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-19]
CHR Extension: (Stylesheet Count) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak [2015-04-19]
CHR Extension: (Norton Identity Safe) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19]
CHR Extension: (Page Structure) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgacjdfplhakjfljpbbagagjcbccpmnl [2015-04-19]
CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-19]
CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-08]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\Exts\Chrome.crx [2015-04-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 CLKMSVC10_99E320F5; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\kmsvc.exe [243464 2014-06-23] (CyberLink)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [182304 2015-01-10] (EasyAntiCheat Ltd)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed]
S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-16] (NVIDIA Corporation)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-06-03] (Hewlett-Packard Company) [File not signed]
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [475960 2014-06-19] (Hewlett-Packard Development Company, L.P.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-14] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
S2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\N360.exe [265000 2015-03-26] (Symantec Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-16] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-16] (NVIDIA Corporation)
S2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-02-28] (Electronic Arts)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-06-16] (Synaptics Incorporated)
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3897856 2014-05-15] (Qualcomm Atheros Communications, Inc.)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150321.001\BHDrvx64.sys [1622744 2015-02-03] (Symantec Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1507000.00B\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-02-24] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150410.001\IDSvia64.sys [671448 2015-03-27] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150412.002\ENG64.SYS [129752 2015-03-25] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150412.002\EX64.SYS [2137304 2015-03-25] (Symantec Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-16] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [476888 2014-03-21] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-06-16] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1507000.00B\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-02-24] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-04-19] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 10:43 - 2015-04-19 10:47 - 00109628 _____ () C:\Windows\WindowsUpdate.log
2015-04-19 10:39 - 2015-04-19 10:58 - 00000721 _____ () C:\Windows\setupact.log
2015-04-19 10:39 - 2015-04-19 10:39 - 00000320 _____ () C:\Windows\PFRO.log
2015-04-19 10:39 - 2015-04-19 10:39 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-19 10:18 - 2015-04-19 10:18 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-19 10:18 - 2015-04-19 10:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-19 10:17 - 2015-04-19 10:17 - 20589656 _____ () C:\Users\Justin\Desktop\RogueKillerX64.exe
2015-04-18 20:06 - 2015-04-19 10:14 - 00000000 ____D () C:\Windows\Minidump
2015-04-16 21:03 - 2015-04-16 21:03 - 00003184 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJustin
2015-04-16 19:47 - 2015-04-16 19:47 - 00000000 ____D () C:\Users\Justin\Desktop\FRST-OlderVersion
2015-04-16 19:38 - 2015-04-16 19:38 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Foxit Software
2015-04-16 18:06 - 2015-04-19 10:59 - 00000000 ____D () C:\Windows\pss
2015-04-16 18:00 - 2015-03-22 18:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 18:00 - 2015-03-22 18:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 18:00 - 2015-03-22 18:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 18:00 - 2015-03-22 18:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 18:00 - 2015-03-22 18:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 18:00 - 2015-03-22 18:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 18:00 - 2015-03-22 18:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 17:59 - 2015-03-14 04:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-04-16 17:59 - 2015-03-14 04:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-04-16 06:38 - 2015-03-23 17:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 06:38 - 2015-03-23 17:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 06:38 - 2015-03-23 17:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-04-16 06:38 - 2015-03-23 17:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 06:38 - 2015-03-23 17:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-04-16 06:38 - 2015-03-20 00:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-04-16 06:38 - 2015-03-20 00:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 06:38 - 2015-03-20 00:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 06:38 - 2015-03-19 23:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-04-16 06:38 - 2015-03-19 22:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-04-16 06:38 - 2015-03-19 22:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-04-16 06:38 - 2015-03-19 22:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-04-16 06:38 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 06:38 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 06:38 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 06:38 - 2015-03-12 23:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-04-16 06:38 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 06:38 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-16 06:38 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-16 06:38 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 06:38 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-16 06:38 - 2015-03-12 23:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-04-16 06:38 - 2015-03-12 23:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-04-16 06:38 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 06:38 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 06:38 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 06:38 - 2015-03-12 22:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-04-16 06:38 - 2015-03-12 22:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-04-16 06:38 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-16 06:38 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 06:38 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-16 06:38 - 2015-03-12 22:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-04-16 06:38 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-16 06:38 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 06:38 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-16 06:38 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-16 06:38 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-16 06:38 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-16 06:38 - 2015-02-24 04:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 06:38 - 2015-02-20 19:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-04-16 06:38 - 2014-10-28 22:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2015-04-16 06:38 - 2014-10-28 22:43 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-04-16 06:38 - 2014-10-28 22:17 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-04-16 06:38 - 2014-10-28 21:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-04-16 06:38 - 2014-10-28 21:38 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-04-16 06:38 - 2014-10-28 21:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-04-16 06:38 - 2014-10-28 21:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-04-16 06:38 - 2014-10-28 21:04 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-04-16 06:38 - 2014-10-28 21:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-04-16 06:37 - 2015-03-14 04:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-16 06:37 - 2015-03-13 21:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-16 06:37 - 2015-03-13 21:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-16 06:37 - 2015-03-13 21:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-16 06:37 - 2015-03-13 21:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-16 06:37 - 2015-03-13 21:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-16 06:37 - 2015-03-13 20:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-16 06:37 - 2015-03-13 20:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-16 06:37 - 2015-03-13 20:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-16 06:37 - 2015-03-13 20:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-04-16 06:37 - 2015-03-13 20:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-04-16 06:37 - 2015-03-13 20:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-16 06:37 - 2015-03-13 20:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-16 06:37 - 2015-03-13 20:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-16 06:37 - 2015-03-13 20:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-16 06:37 - 2015-03-13 20:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-16 06:37 - 2015-03-13 19:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-16 06:37 - 2015-03-13 19:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-16 06:37 - 2015-03-04 06:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-04-16 06:37 - 2015-03-03 23:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 06:37 - 2015-03-03 22:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 06:37 - 2014-10-18 02:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-04-14 21:32 - 2015-04-14 21:34 - 00036580 _____ () C:\Users\Justin\Desktop\Addition.txt
2015-04-14 21:26 - 2015-04-19 11:02 - 00020594 _____ () C:\Users\Justin\Desktop\FRST.txt
2015-04-14 21:23 - 2015-04-19 11:02 - 00000000 ____D () C:\FRST
2015-04-14 21:21 - 2015-04-16 19:47 - 02097664 _____ (Farbar) C:\Users\Justin\Desktop\FRST64.exe
2015-04-14 17:52 - 2015-04-14 17:52 - 00007605 _____ () C:\Users\Justin\AppData\Local\Resmon.ResmonCfg
2015-04-14 05:54 - 2015-04-14 05:56 - 00000080 _____ () C:\Users\Justin\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-13 06:08 - 2015-04-13 20:12 - 00000000 ____D () C:\Users\Justin\AppData\Local\GrowHome
2015-04-12 17:25 - 2015-04-12 17:25 - 62649363 _____ () C:\Users\Justin\Desktop\MOds.zip
2015-04-12 16:16 - 2015-04-12 16:16 - 28627034 _____ () C:\Users\Justin\Downloads\Lift 9 by CDFDMAN.zip
2015-04-12 15:51 - 2015-04-12 15:51 - 16878946 _____ () C:\Users\Justin\Downloads\GazzaIsland[1.7.4].zip
2015-04-12 15:28 - 2015-04-12 15:28 - 03091838 _____ () C:\Users\Justin\Downloads\Cops and Robbers 4.5 - High Security [By Podcrash].zip
2015-04-11 17:20 - 2015-04-14 21:09 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Notepad++
2015-04-11 17:20 - 2015-04-14 21:09 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2015-04-11 16:44 - 2015-04-11 17:09 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\.mcRPW
2015-04-11 16:44 - 2015-04-11 16:44 - 03597399 _____ () C:\Users\Justin\Downloads\RPW-LATEST.jar
2015-04-11 14:28 - 2015-04-11 14:29 - 51064840 _____ () C:\Users\Justin\Downloads\D2 PACKAGE - UNZIP THIS FIRST (1).zip
2015-04-11 14:24 - 2015-04-11 14:24 - 00000000 ____D () C:\Users\Justin\Downloads\D2 PACKAGE - UNZIP THIS FIRST
2015-04-11 14:23 - 2015-04-11 14:24 - 51064840 _____ () C:\Users\Justin\Downloads\D2 PACKAGE - UNZIP THIS FIRST.zip
2015-04-10 19:28 - 2015-04-11 17:41 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Audacity
2015-04-10 17:30 - 2015-04-10 17:30 - 10802262 _____ () C:\Users\Justin\Downloads\Breakable 2 by CDFDMAN.zip
2015-04-10 17:19 - 2015-04-10 17:19 - 01195992 _____ () C:\Users\Justin\Downloads\The Day Before Christmas.zip
2015-04-10 17:10 - 2015-04-10 17:10 - 03464973 _____ () C:\Users\Justin\Downloads\Sleepless Nights, by GoC.rar
2015-04-10 17:00 - 2015-04-10 17:00 - 00262601 _____ () C:\Users\Justin\Downloads\One Way Prison Escape 2.zip
2015-04-10 16:49 - 2015-04-10 16:49 - 00333921 _____ () C:\Users\Justin\Downloads\Test _11232.zip
2015-04-08 16:32 - 2015-04-08 16:32 - 00000222 _____ () C:\Users\Justin\Desktop\Grand Theft Auto V.url
2015-04-08 16:32 - 2015-04-08 16:32 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-04-06 20:02 - 2015-04-19 10:15 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-06 20:02 - 2015-04-19 10:03 - 00000000 ____D () C:\Users\Justin\AppData\Local\Google
2015-04-06 20:01 - 2015-04-19 10:03 - 00000000 ____D () C:\Users\Justin\AppData\Local\Deployment
2015-04-06 20:01 - 2015-04-06 20:01 - 00000000 ____D () C:\Users\Justin\AppData\Local\Apps\2.0
2015-04-05 12:40 - 2015-04-12 17:22 - 00000000 ____D () C:\Users\Justin\Desktop\MOds
2015-04-05 10:44 - 2015-04-05 10:44 - 36914207 _____ (Igor Pavlov) C:\Users\Justin\Downloads\mcedit2-2.0.0-alpha1-win-amd64.exe
2015-04-05 10:44 - 2015-04-05 10:44 - 00000000 ____D () C:\Users\Justin\Downloads\mcedit2-2.0.0-alpha1-win-amd64
2015-04-05 10:44 - 2015-04-05 10:44 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Python-Eggs
2015-04-04 19:28 - 2015-04-04 19:28 - 03401621 _____ () C:\Users\Justin\Downloads\forge-1.8-11.14.1.1333-installer.jar
2015-04-04 19:19 - 2015-04-04 19:19 - 03443226 _____ () C:\Users\Justin\Downloads\forge-1.8-11.14.1.1354-installer.jar
2015-04-04 18:42 - 2015-04-04 18:42 - 37151149 _____ () C:\Users\Justin\Downloads\MC1.7.10_mcheli_0.9.3.zip
2015-04-04 17:21 - 2015-04-04 17:21 - 03047295 _____ () C:\Users\Justin\Downloads\forge-1.7.10-10.13.1.1216-new-installer (1).jar
2015-04-04 17:20 - 2015-04-04 17:20 - 03047295 _____ () C:\Users\Justin\Downloads\forge-1.7.10-10.13.1.1216-new-installer.jar
2015-04-04 17:14 - 2015-04-04 17:14 - 01769757 _____ () C:\Users\Justin\Downloads\fml-1.8-8.0.20.1023-1.8-installer.jar
2015-04-04 17:01 - 2015-04-04 17:04 - 468940286 _____ () C:\Users\Justin\Downloads\Greenfield v0.4.6.zip
2015-04-04 16:37 - 2013-08-13 11:42 - 00000000 ____D () C:\Users\Justin\Downloads\Minecraft_Server - Avalon Port
2015-03-24 06:16 - 2015-03-24 06:17 - 00000000 ____D () C:\Users\Justin\Desktop\New folder
2015-03-23 19:38 - 2015-03-23 19:40 - 00779759 _____ () C:\Users\Justin\Downloads\Swimwear_set_v1.0.zip
2015-03-23 19:25 - 2015-01-24 22:19 - 00000000 ____D () C:\Users\Justin\Downloads\7
2015-03-23 19:25 - 2015-01-24 22:19 - 00000000 ____D () C:\Users\Justin\Downloads\6
2015-03-23 19:25 - 2015-01-24 22:19 - 00000000 ____D () C:\Users\Justin\Downloads\5
2015-03-23 19:25 - 2015-01-24 22:18 - 00000000 ____D () C:\Users\Justin\Downloads\4
2015-03-23 19:25 - 2015-01-24 22:18 - 00000000 ____D () C:\Users\Justin\Downloads\3
2015-03-23 19:25 - 2015-01-24 22:18 - 00000000 ____D () C:\Users\Justin\Downloads\2
2015-03-23 19:25 - 2015-01-24 22:18 - 00000000 ____D () C:\Users\Justin\Downloads\1
2015-03-23 19:24 - 2015-03-23 19:26 - 00000000 ____D () C:\Users\Justin\Downloads\Odejda
2015-03-23 19:24 - 2015-01-29 21:43 - 05403096 _____ () C:\Users\Justin\Downloads\Balmain.rar
2015-03-23 19:21 - 2015-03-23 19:21 - 20320320 _____ () C:\Users\Justin\Downloads\Set_of_Clothes_v1.0.rar
2015-03-23 18:28 - 2015-03-23 18:28 - 00000000 ____D () C:\Users\Justin\Downloads\Big_Clothing_Pack_v1.0
2015-03-23 17:52 - 2015-03-23 17:52 - 50144315 _____ () C:\Users\Justin\Downloads\Big_Clothing_Pack_v1.0.rar
2015-03-23 17:39 - 2015-03-23 17:39 - 09285759 _____ () C:\Users\Justin\Downloads\Clothing_Pack_for_Female_v1.0.rar
2015-03-22 16:18 - 2015-03-22 16:18 - 00426081 _____ () C:\Users\Justin\Downloads\NRaas_Career_V86.zip
2015-03-22 16:04 - 2015-03-22 16:04 - 00005297 _____ () C:\Users\Justin\Downloads\MTS_nesleyswipes_1482840_StringsProWrestlingEnglish.rar
2015-03-22 13:57 - 2015-03-22 13:57 - 00000000 ____D () C:\Users\Justin\AppData\Local\Microsoft Help
2015-03-22 10:27 - 2015-03-22 11:50 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Tropico 5
2015-03-22 10:25 - 2015-03-22 10:25 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Kalypso Media
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\WinRAR
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-22 08:57 - 2015-03-22 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-03-22 08:56 - 2015-03-22 08:57 - 00000000 ____D () C:\Program Files\WinRAR
2015-03-20 16:41 - 2015-03-20 16:41 - 00000000 ____D () C:\ProgramData\EA Core

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-19 11:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-19 11:00 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-19 10:59 - 2014-12-27 16:32 - 00000000 ____D () C:\Users\Justin\AppData\Local\CrashDumps
2015-04-19 10:58 - 2015-03-10 19:11 - 00005006 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for JGAMINGCOMPUTER-Justin JGamingcomputer
2015-04-19 10:58 - 2014-12-25 17:33 - 00000000 ___RD () C:\Users\Justin\OneDrive
2015-04-19 10:52 - 2014-12-25 17:32 - 00000000 ____D () C:\Users\Justin\Documents\Youcam
2015-04-19 10:45 - 2014-12-25 20:01 - 00003958 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{34E2BEC5-97D6-40F4-9C46-8BC4012CDAB7}
2015-04-19 10:14 - 2014-12-25 20:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-18 15:33 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2015-04-18 15:29 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppCompat
2015-04-18 15:04 - 2014-12-28 04:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-18 15:01 - 2014-12-28 04:57 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-18 06:42 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-04-18 06:39 - 2014-12-28 22:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-18 06:39 - 2014-12-28 22:20 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-17 05:59 - 2015-03-13 07:22 - 00000368 _____ () C:\Windows\Tasks\HPCeeScheduleForJustin.job
2015-04-16 17:44 - 2015-01-16 12:13 - 00003232 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJGAMINGCOMPUTER$
2015-04-16 17:44 - 2015-01-16 12:13 - 00000396 _____ () C:\Windows\Tasks\HPCeeScheduleForJGAMINGCOMPUTER$.job
2015-04-16 06:32 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-04-14 21:14 - 2014-12-25 17:29 - 00000000 ____D () C:\Users\Justin
2015-04-14 21:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-14 05:52 - 2014-12-25 17:36 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3181081214-4100868398-1530923957-1001
2015-04-13 19:24 - 2013-08-22 11:38 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-13 19:24 - 2013-08-22 11:38 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-13 05:58 - 2015-02-24 17:47 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2015-04-13 05:58 - 2015-02-24 17:47 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2015-04-13 05:57 - 2015-02-24 17:47 - 00002467 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2015-04-13 05:57 - 2015-02-24 17:47 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-04-12 18:16 - 2014-12-25 20:12 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\.minecraft
2015-04-11 22:29 - 2015-02-25 20:56 - 00000000 ____D () C:\ProgramData\Origin
2015-04-10 16:55 - 2014-12-26 18:59 - 00000000 ____D () C:\Fraps
2015-04-10 16:49 - 2014-12-26 12:25 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-09 14:59 - 2015-02-25 20:56 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-04-07 21:04 - 2014-08-26 05:56 - 00000000 ____D () C:\ProgramData\CyberLink
2015-04-05 09:51 - 2015-01-10 15:59 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\.mono
2015-04-04 17:53 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-28 17:32 - 2015-02-28 17:37 - 00000000 ____D () C:\Users\Justin\Documents\Electronic Arts
2015-03-28 17:32 - 2015-02-28 17:37 - 00000000 ____D () C:\Users\Justin\Desktop\The Sims 3
2015-03-22 14:00 - 2014-12-25 17:30 - 00000000 ____D () C:\Users\Justin\AppData\Local\Packages
2015-03-20 16:44 - 2015-03-16 16:31 - 00000000 ____D () C:\Users\Justin\AppData\Roaming\SPORE

==================== Files in the root of some directories =======

2015-04-14 17:52 - 2015-04-14 17:52 - 0007605 _____ () C:\Users\Justin\AppData\Local\Resmon.ResmonCfg
2015-02-24 17:46 - 2015-02-24 17:46 - 0274187 _____ () C:\ProgramData\1424814279.bdinstall.bin

Some content of TEMP:
====================
C:\Users\Justin\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-08 17:33

 

==================== End Of Log ============================


  • 0

#50
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Looks like you forgot to post the Addition.txt file. Please do so when you are back. Thanks.


  • 0

#51
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-04-2015 04
Ran by Justin at 2015-04-19 11:03:16
Running from C:\Users\Justin\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop Lightroom 5 64-bit (HKLM\...\{6C1A010F-9108-4162-A26F-9FEC4AC0F0F0}) (Version: 5.0.1 - Adobe)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
APB Reloaded (HKLM-x32\...\Steam App 113400) (Version:  - Reloaded Productions)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bad Rats (HKLM-x32\...\Steam App 34900) (Version:  - Invent4 Entertainment)
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Call of Duty: Advanced Warfare - Multiplayer (HKLM-x32\...\Steam App 209660) (Version:  - Sledgehammer Games)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.2.5308 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.1.5406 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3121 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3121 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Bits (HKLM-x32\...\Steam App 303390) (Version:  - Microblast Games)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version:  - 800 North and Digital Ranch)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version:  - Klei Entertainment)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GEARCRACK Arena (HKLM-x32\...\Steam App 301480) (Version:  - Walter Machado)
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version:  - Rockstar Games)
Grow Home (HKLM-x32\...\Steam App 323320) (Version:  - Reflections, a Ubisoft Studio)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{4BBA238C-9E5D-40F9-8AC6-FACB736752B9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{E20B0C89-ACCF-4EBB-909D-2E5BD4A9C024}) (Version: 1.1.11 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
Jo's Dream Organic Coffee 2 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - Avalanche Studios)
Kerbal Space Program Demo (HKLM-x32\...\Steam App 231410) (Version:  - Squad)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 3.0.2.59 - WildTangent) Hidden
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 333.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.11 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 3.0.2.59 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2013 Multiplayer (HKLM-x32\...\Steam App 243750) (Version:  - )
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Elder Scrolls Online (HKLM-x32\...\Steam App 306130) (Version:  - Zenimax Online Studios)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\Steam App 47890) (Version:  - The Sims Studio)
Tom Clancy's Ghost Recon Phantoms - NA (HKLM-x32\...\Steam App 243870) (Version:  - Ubisoft Singapore)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version:  - Haemimont Games)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
Watch_Dogs (HKLM-x32\...\Steam App 243470) (Version:  - Ubisoft)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3181081214-4100868398-1530923957-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3181081214-4100868398-1530923957-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Justin\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

25-03-2015 20:51:32 Windows Update
04-04-2015 15:35:13 Scheduled Checkpoint
11-04-2015 19:44:49 Scheduled Checkpoint
18-04-2015 06:38:13 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {055399A7-F3D3-46DE-A604-7F19101719BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
Task: {11BE686D-E88B-4C70-87D8-0CEF2F385DA4} - System32\Tasks\Microsoft Office 15 Sync Maintenance for JGAMINGCOMPUTER-Justin JGamingcomputer => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-17] (Microsoft Corporation)
Task: {1269411D-EE22-4939-AD6D-9C02E4C24635} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3181081214-4100868398-1530923957-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {12E5BABF-57C8-4202-B178-6823D06A2B19} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {16AB29F4-976B-4EF4-B544-6C73645CE5F3} - System32\Tasks\HPCeeScheduleForJGAMINGCOMPUTER$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {2F2529B5-5C89-4BB6-917B-93019715B9F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {3A563BB0-0A67-4269-8106-F0B55182CBF7} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
Task: {5BCF1049-C4CB-4F0E-AC20-FBC8478749A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {70AE73FE-FB99-4855-BE5C-C181496A700E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-18] (Microsoft Corporation)
Task: {B125E57F-05EE-4CE6-A79A-3F5F011CCD5B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {C1316268-9F5C-4BCD-913A-923B781D9C68} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {CA1EBB60-9E81-431D-8788-DEB3CA909918} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-03-30] (Hewlett-Packard)
Task: {D3660812-203A-4BA5-952E-5433E0B3312B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-04] (Hewlett-Packard Company)
Task: {D99C2C7E-123E-4F53-A2D0-D8EA227059A9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {DB0BD124-EBE0-4DF0-8328-D4912E265A61} - System32\Tasks\HPCeeScheduleForJustin => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {E3A1B7F9-3D8D-4900-98F7-55F5066AEF69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\HPCeeScheduleForJGAMINGCOMPUTER$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJustin.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-17 06:48 - 2015-03-17 06:48 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Justin\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Justin\Pictures\background_hd_01.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_4F1741AA94B53D7A1E654D7E62AB0815"
HKU\S-1-5-21-3181081214-4100868398-1530923957-1001\...\StartupApproved\Run: => "EADM"

==================== Accounts: =============================

Administrator (S-1-5-21-3181081214-4100868398-1530923957-500 - Administrator - Disabled)
Guest (S-1-5-21-3181081214-4100868398-1530923957-501 - Limited - Disabled)
Justin (S-1-5-21-3181081214-4100868398-1530923957-1001 - Administrator - Enabled) => C:\Users\Justin

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/19/2015 10:59:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xc06d007e
Fault offset: 0x000000000000606c
Faulting process id: 0xd3c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (04/19/2015 10:59:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xc06d007e
Fault offset: 0x000000000000606c
Faulting process id: 0x140c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (04/19/2015 10:59:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xc06d007e
Fault offset: 0x000000000000606c
Faulting process id: 0x34c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (04/19/2015 10:59:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xc06d007e
Fault offset: 0x000000000000606c
Faulting process id: 0x17d8
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (04/19/2015 10:59:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xc06d007e
Fault offset: 0x000000000000606c
Faulting process id: 0x84c
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (04/19/2015 10:59:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xc06d007e
Fault offset: 0x000000000000606c
Faulting process id: 0xffc
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (04/19/2015 10:59:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xc06d007e
Fault offset: 0x000000000000606c
Faulting process id: 0x518
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (04/19/2015 10:59:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xc06d007e
Fault offset: 0x000000000000606c
Faulting process id: 0x17d0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (04/19/2015 10:59:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xc06d007e
Fault offset: 0x000000000000606c
Faulting process id: 0x15a0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

Error: (04/19/2015 10:59:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eebf2e
Exception code: 0xc06d007e
Fault offset: 0x000000000000606c
Faulting process id: 0xc84
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
Faulting package full name: explorer.exe4
Faulting package-relative application ID: explorer.exe5

System errors:
=============
Error: (04/19/2015 11:03:24 AM) (Source: DCOM) (EventID: 10005) (User: JGAMINGCOMPUTER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/19/2015 11:03:24 AM) (Source: DCOM) (EventID: 10005) (User: JGAMINGCOMPUTER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/19/2015 11:03:22 AM) (Source: DCOM) (EventID: 10005) (User: JGAMINGCOMPUTER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/19/2015 11:03:22 AM) (Source: DCOM) (EventID: 10005) (User: JGAMINGCOMPUTER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/19/2015 11:03:17 AM) (Source: DCOM) (EventID: 10005) (User: JGAMINGCOMPUTER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/19/2015 11:03:17 AM) (Source: DCOM) (EventID: 10005) (User: JGAMINGCOMPUTER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/19/2015 11:03:10 AM) (Source: DCOM) (EventID: 10005) (User: JGAMINGCOMPUTER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/19/2015 11:03:10 AM) (Source: DCOM) (EventID: 10005) (User: JGAMINGCOMPUTER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/19/2015 11:02:18 AM) (Source: DCOM) (EventID: 10005) (User: JGAMINGCOMPUTER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/19/2015 11:02:18 AM) (Source: DCOM) (EventID: 10005) (User: JGAMINGCOMPUTER)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Microsoft Office Sessions:
=========================
Error: (04/19/2015 10:59:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2KERNELBASE.dll6.3.9600.1727853eebf2ec06d007e000000000000606cd3c01d07ab17ee88360C:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dllbcf46ce5-e6a4-11e4-82a7-3863bbaab60d

Error: (04/19/2015 10:59:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2KERNELBASE.dll6.3.9600.1727853eebf2ec06d007e000000000000606c140c01d07ab17dd90958C:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dllbc5bd5e3-e6a4-11e4-82a7-3863bbaab60d

Error: (04/19/2015 10:59:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2KERNELBASE.dll6.3.9600.1727853eebf2ec06d007e000000000000606c34c01d07ab17d21745eC:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dllbb5383c7-e6a4-11e4-82a7-3863bbaab60d

Error: (04/19/2015 10:59:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2KERNELBASE.dll6.3.9600.1727853eebf2ec06d007e000000000000606c17d801d07ab17c43b834C:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dllba9e5049-e6a4-11e4-82a7-3863bbaab60d

Error: (04/19/2015 10:59:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2KERNELBASE.dll6.3.9600.1727853eebf2ec06d007e000000000000606c84c01d07ab1790f741fC:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dllb7595b0a-e6a4-11e4-82a7-3863bbaab60d

Error: (04/19/2015 10:59:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2KERNELBASE.dll6.3.9600.1727853eebf2ec06d007e000000000000606cffc01d07ab178806685C:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dllb68528f7-e6a4-11e4-82a7-3863bbaab60d

Error: (04/19/2015 10:59:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2KERNELBASE.dll6.3.9600.1727853eebf2ec06d007e000000000000606c51801d07ab1775b2406C:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dllb6020749-e6a4-11e4-82a7-3863bbaab60d

Error: (04/19/2015 10:59:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2KERNELBASE.dll6.3.9600.1727853eebf2ec06d007e000000000000606c17d001d07ab176206c23C:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dllb41e083b-e6a4-11e4-82a7-3863bbaab60d

Error: (04/19/2015 10:59:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2KERNELBASE.dll6.3.9600.1727853eebf2ec06d007e000000000000606c15a001d07ab17530fa91C:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dllb36a30f1-e6a4-11e4-82a7-3863bbaab60d

Error: (04/19/2015 10:59:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1766754c6f7c2KERNELBASE.dll6.3.9600.1727853eebf2ec06d007e000000000000606cc8401d07ab173f17d9dC:\Windows\explorer.exeC:\Windows\system32\KERNELBASE.dllb26190ab-e6a4-11e4-82a7-3863bbaab60d

==================== Memory info ===========================

Processor: Intel® Core™ i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 6%
Total physical RAM: 16314.15 MB
Available physical RAM: 15238.11 MB
Total Pagefile: 32698.15 MB
Available Pagefile: 31679.92 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:1371.59 GB) (Free:706.85 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:24.65 GB) (Free:2.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 2559E7EB)

Partition: GPT Partition Type.

==================== End Of Log ============================


  • 0

#52
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

sorry - it didn't post.


  • 0

#53
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Thanks. Please do the following.

 

Step#1 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#2 - Malwarebytes Scan


  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#3 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 

 

 

 

Items for your next post

1. AdwCleaner log

2. Malwarebytes log


  • 0

#54
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
This is in safe mode, right?
  • 0

#55
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Safe Mode with Networking...correct.


  • 0

Advertisements


#56
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

After you run and post both scans please do the following (I'm stepping out for a bike ride with the kids).

 

1. Right-click the Start button and select Device Manager.

2. Expand Display adapters and let me know what is listed under here.

 

Thanks.


  • 0

#57
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
I ran adware cleaner no log file came up, should I do it again?
  • 0

#58
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts
Have fun with kids... No worries
  • 0

#59
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Locate the log file within C:\AdwCleaner and post the contents.

 

Thanks.


  • 0

#60
jbcteacher

jbcteacher

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 197 posts

[ro] log

 

# AdwCleaner v4.201 - Logfile created 19/04/2015 at 13:21:31
# Updated 08/04/2015 by Xplode
# Database : 2015-04-19.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Justin - JGAMINGCOMPUTER
# Running from : C:\Users\Justin\Desktop\adwcleaner_4.201.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Google Chrome v

[C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3326235&octid=EB_ORIGINAL_CTID&ISID=M827513AD-36FB-4E0E-B612-8033715FA33A&SearchSource=58&CUI=&UM=5&UP=SP75EBC046-5559-455F-B819-4C60170D0E36&q={searchTerms}&SSPV=
[C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Extension] : gngfnjclpjflgomhidfecidndbfaniak
[C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://search.conduit.com/?gd=&ctid=CT3326235&octid=EB_ORIGINAL_CTID&ISID=M827513AD-36FB-4E0E-B612-8033715FA33A&SearchSource=55&CUI=&UM=5&UP=SP75EBC046-5559-455F-B819-4C60170D0E36&SSPV=
[C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : hxxp://search.conduit.com/?gd=&ctid=CT3326235&octid=EB_ORIGINAL_CTID&ISID=M827513AD-36FB-4E0E-B612-8033715FA33A&SearchSource=55&CUI=&UM=5&UP=SP75EBC046-5559-455F-B819-4C60170D0E36&SSPV=

*************************

AdwCleaner[R0].txt - [2042 bytes] - [19/04/2015 13:21:31]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2101 bytes] ##########


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP