Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

possible google chrome related malware infection? [Solved]

maleware google chrome virus infection windows 8.1

  • This topic is locked This topic is locked

#1
phoebe_s78

phoebe_s78

    Member

  • Member
  • PipPip
  • 50 posts

Hi! So I got a new laptop just the other day, and I may be over cautious here, but I want to make sure nothing is wrong with my laptop. 

 

So far, everything has been fine. But earlier today google chrome crashed and then when I tried to open it several more times, it kept crashing. Then, google chrome wouldn't open at all. I thought it was my home internet connection, but my phone's wifi was working just fine. I turned off my laptop and went out for a few hours and when I came home, the problem was the same. 

 

For about 20 minutes or so, my google chrome kept crashing after less than a minute of having it open. Then, it wouldn't open at all. I also tried opening the internet explorer, and the browser also wouldn't load. And while my laptop would show that at times it would be/wouldn't be connected to the internet, my phone was connected the entire time. 

 

Also at one point my start bar wouldn't even load. And the CPU usage seems to be going high, and then back down (to about 15% and then back down, even when google chrome was closed), but I don't think there's anything out of the ordinary in the processes from what I can tell.

 

Again, this laptop is brand new and the other day I had a couple of websites that were blocked by my malware protection programs, but I'm thinking that if my laptop did catch something, it must have been from there. 

 

Google chrome finally started working again and hopefully there's nothing wrong with my laptop, but I want to be sure. 

 

FRST TXT:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Phoebe (administrator) on CANDY on 31-05-2015 00:51:51
Running from C:\Users\Phoebe\Downloads
Loaded Profiles: Phoebe (Available Profiles: Phoebe)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfefire.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Pokki) C:\Users\Phoebe\AppData\Local\Pokki\Engine\HostAppService.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Pokki) C:\Users\Phoebe\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(Apple Inc.) C:\Users\Phoebe\Music\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Pokki) C:\Users\Phoebe\AppData\Local\Pokki\Engine\HostAppService.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Pokki) C:\Users\Phoebe\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Toshiba America Information Systems.) C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1043_x64__8wekyb3d8bbwe\onenoteim.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [914648 2014-03-05] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830104 2014-01-14] (Conexant Systems, Inc.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Users\Phoebe\Music\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-28] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-998093710-3193632456-2710228237-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-998093710-3193632456-2710228237-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2015-01-19] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-05-23] (Amazon Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~3.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE.dll [106304 2014-05-23] (Amazon Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-05-28]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-28] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-29] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-998093710-3193632456-2710228237-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.c...q={searchTerms}
HKU\S-1-5-21-998093710-3193632456-2710228237-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-998093710-3193632456-2710228237-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKU\S-1-5-21-998093710-3193632456-2710228237-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-998093710-3193632456-2710228237-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKU\S-1-5-21-998093710-3193632456-2710228237-1001 -> {890CE8C5-062C-11E5-8261-2C600C1E4B03} URL = http://search.homepa...q={searchTerms}
SearchScopes: HKU\S-1-5-21-998093710-3193632456-2710228237-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.c...q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-29] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-28] (Avast Software s.r.o.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-29] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-29] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-28] (Avast Software s.r.o.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-05-29] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-29] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-04-17] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-01-13] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-01-13] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll [2014-12-10] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll [2014-12-10] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-06] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-01-13] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-05-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-12-10]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-28]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-12-10]
 
Chrome: 
=======
CHR Profile: C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-28]
CHR Extension: (Google Docs) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-28]
CHR Extension: (Google Drive) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-28]
CHR Extension: (YouTube) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-28]
CHR Extension: (Adblock Plus) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-28]
CHR Extension: (Google Search) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-28]
CHR Extension: (Google Sheets) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-28]
CHR Extension: (SiteAdvisor) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-05-28]
CHR Extension: (Bookmark Manager) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]
CHR Extension: (Avast Online Security) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-29]
CHR Extension: (Lord of the Rings) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbjlpffkkkndaegmljeiheebaedgdiab [2015-05-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28]
CHR Extension: (Google Wallet) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]
CHR Extension: (Gmail) - C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-28]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-28]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-05-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-28]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-28] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-28] (Avast Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-21] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154856 2015-05-04] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2015-01-13] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [332528 2014-03-12] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [601864 2015-01-07] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 taisregispinger; C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [2196120 2012-08-03] (Toshiba America Information Systems.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-28] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-28] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-28] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-28] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70608 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-10-10] (Windows ® Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-28] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-31 00:51 - 2015-05-31 00:52 - 00025618 _____ () C:\Users\Phoebe\Downloads\FRST.txt
2015-05-31 00:50 - 2015-05-31 00:51 - 00000000 ____D () C:\FRST
2015-05-31 00:50 - 2015-05-31 00:50 - 02108928 _____ (Farbar) C:\Users\Phoebe\Downloads\FRST64.exe
2015-05-31 00:45 - 2015-05-31 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-05-31 00:34 - 2015-05-31 00:34 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\TempTaskUpdateDetection410944C2-E014-42B7-B746-F4550972E9FE
2015-05-29 23:58 - 2015-05-29 23:58 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Microsoft Help
2015-05-29 20:53 - 2015-05-29 21:25 - 90032387 _____ () C:\Users\Phoebe\Downloads\www.NewAlbumReleases.net_Bad_Suns_-_Language_and_Perspective_(2014).rar
2015-05-29 16:16 - 2015-05-29 16:44 - 83808916 _____ () C:\Users\Phoebe\Downloads\www.NewAlbumReleases.net_Andrew_McMahon_in_the_Wilderness_-_Andrew_McMahon_in_the_Wilderness_(2014).rar
2015-05-29 14:53 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2015-05-29 14:53 - 2011-12-12 00:00 - 00135824 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2015-05-29 14:52 - 2015-05-29 14:52 - 00000000 ____D () C:\Program Files (x86)\epson
2015-05-29 14:48 - 2015-05-29 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-05-29 14:48 - 2015-05-29 14:48 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2015-05-28 22:29 - 2015-05-28 22:29 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Dropbox
2015-05-28 22:29 - 2015-05-28 22:29 - 00000000 ____D () C:\ProgramData\Dropbox
2015-05-28 22:29 - 2015-05-28 22:29 - 00000000 ____D () C:\Program Files (x86)\Dropbox
2015-05-28 22:28 - 2015-05-28 22:28 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-05-28 22:28 - 2015-05-28 22:28 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-28 22:28 - 2015-05-28 22:28 - 00000000 ____D () C:\Users\Phoebe\AppData\Roaming\AVAST Software
2015-05-28 22:28 - 2015-05-28 22:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-05-28 22:27 - 2015-05-31 00:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-28 22:27 - 2015-05-28 22:27 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-28 22:27 - 2015-05-28 22:27 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-28 22:27 - 2015-05-28 22:27 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-28 22:27 - 2015-05-28 22:27 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-28 22:27 - 2015-05-28 22:27 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-28 22:27 - 2015-05-28 22:27 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-28 22:27 - 2015-05-28 22:27 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-28 22:27 - 2015-05-28 22:27 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-28 22:27 - 2015-05-28 22:27 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-28 22:27 - 2015-05-28 22:27 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-28 22:25 - 2015-05-28 22:25 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Phoebe\Downloads\avast_free_antivirus_setup_online_cnet.exe
2015-05-28 22:25 - 2015-05-28 22:25 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-05-28 22:25 - 2015-05-28 22:25 - 00000000 ____D () C:\Program Files\AVAST Software
2015-05-28 22:17 - 2015-05-28 22:17 - 00000000 ____D () C:\Users\Phoebe\AppData\Roaming\WinRAR
2015-05-28 22:16 - 2015-05-28 22:16 - 00000000 ____D () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-28 22:16 - 2015-05-28 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-28 22:16 - 2015-05-28 22:16 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2015-05-28 22:15 - 2015-05-28 22:15 - 01760040 _____ () C:\Users\Phoebe\Downloads\wrar521.exe
2015-05-28 21:08 - 2015-05-28 21:08 - 00002432 _____ () C:\Users\Phoebe\Desktop\Word 2013.lnk
2015-05-28 21:05 - 2015-05-28 21:05 - 00000000 __RHD () C:\MSOCache
2015-05-28 21:00 - 2015-05-29 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-28 21:00 - 2015-05-29 11:19 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-28 20:59 - 2015-05-28 20:59 - 01082040 _____ (Microsoft Corporation) C:\Users\Phoebe\Downloads\Setup.X86.en-US_O365ProPlusRetail_566d29d3-10f0-4a99-858b-18efa278eb34_TX_PR_b_0_.exe
2015-05-28 20:43 - 2015-05-28 20:43 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Cyberlink
2015-05-28 20:24 - 2015-05-28 20:24 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-28 20:24 - 2015-05-28 20:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-05-28 20:24 - 2015-05-28 20:24 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-05-28 20:24 - 2015-05-28 20:24 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2015-05-28 20:23 - 2015-05-28 20:23 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-28 20:23 - 2015-05-28 20:23 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-28 20:21 - 2015-05-28 20:43 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Adobe
2015-05-28 20:03 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-05-28 19:17 - 2015-05-28 19:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-05-28 19:10 - 2015-05-28 19:10 - 00000000 __SHD () C:\Users\Phoebe\AppData\Local\EmieUserList
2015-05-28 19:10 - 2015-05-28 19:10 - 00000000 __SHD () C:\Users\Phoebe\AppData\Local\EmieSiteList
2015-05-28 18:34 - 2015-05-28 18:35 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Flixster
2015-05-28 18:34 - 2015-05-28 18:34 - 00000354 _____ () C:\Users\Phoebe\Desktop\Flixster.appref-ms
2015-05-28 18:34 - 2015-05-28 18:34 - 00000000 ____D () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flixster
2015-05-28 18:33 - 2015-05-28 18:33 - 00433016 _____ () C:\Users\Phoebe\Downloads\setup.exe
2015-05-28 18:29 - 2015-05-28 18:29 - 00000871 _____ () C:\Users\Phoebe\Desktop\µTorrent.lnk
2015-05-28 18:29 - 2015-05-28 18:29 - 00000851 _____ () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-05-28 18:28 - 2015-05-30 01:27 - 00000000 ____D () C:\Users\Phoebe\AppData\Roaming\uTorrent
2015-05-28 18:28 - 2015-05-28 18:28 - 01742928 _____ (BitTorrent Inc.) C:\Users\Phoebe\Downloads\uTorrent_3-4-2-build-38913.exe
2015-05-28 18:27 - 2015-05-29 16:30 - 00000000 ____D () C:\Users\Phoebe\AppData\Roaming\vlc
2015-05-28 18:27 - 2015-05-28 18:27 - 00001093 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2015-05-28 18:27 - 2015-05-28 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-28 18:27 - 2015-05-28 18:27 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-05-28 18:25 - 2015-05-28 18:25 - 00001067 _____ () C:\Users\Phoebe\Desktop\Writing Pieces.lnk
2015-05-28 18:25 - 2015-05-28 18:25 - 00001036 _____ () C:\Users\Phoebe\Desktop\School Work.lnk
2015-05-28 18:22 - 2015-05-28 18:22 - 28849904 _____ () C:\Users\Phoebe\Downloads\vlc-2-2-1-win32.exe
2015-05-28 18:19 - 2015-05-29 14:59 - 00000000 ____D () C:\Users\Phoebe\Documents\Writing Pieces
2015-05-28 18:19 - 2015-05-28 18:19 - 00000000 ____D () C:\Users\Phoebe\Documents\School Work
2015-05-28 18:19 - 2015-05-25 18:54 - 00381674 _____ () C:\Users\Phoebe\Documents\bookmarks_5_25_15.html
2015-05-28 18:17 - 2015-05-28 18:18 - 00000000 ____D () C:\Users\Phoebe\AppData\Roaming\Apple Computer
2015-05-28 18:17 - 2015-05-28 18:17 - 00001852 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-28 18:17 - 2015-05-28 18:17 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Apple Computer
2015-05-28 18:17 - 2015-05-28 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-28 18:16 - 2015-05-28 18:16 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-05-28 18:16 - 2015-05-28 18:16 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-05-28 18:16 - 2015-05-28 18:16 - 00000000 ____D () C:\Program Files\iPod
2015-05-28 18:16 - 2015-05-28 18:16 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-05-28 18:16 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-05-28 18:15 - 2015-05-28 18:16 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-28 18:15 - 2015-05-28 18:15 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-05-28 18:15 - 2015-05-28 18:15 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-05-28 18:15 - 2015-05-28 18:15 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Apple
2015-05-28 18:15 - 2015-05-28 18:15 - 00000000 ____D () C:\Program Files\Bonjour
2015-05-28 18:15 - 2015-05-28 18:15 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-05-28 18:15 - 2015-05-28 18:15 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-05-28 18:14 - 2015-05-28 18:15 - 00000000 ____D () C:\ProgramData\Apple
2015-05-28 18:12 - 2015-05-28 18:13 - 152362800 _____ (Apple Inc.) C:\Users\Phoebe\Downloads\iTunes6464Setup.exe
2015-05-28 18:11 - 2015-05-28 18:11 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-05-28 18:09 - 2015-05-28 18:09 - 00000882 _____ () C:\Users\Phoebe\Desktop\Documents.lnk
2015-05-28 18:09 - 2015-05-28 18:09 - 00000879 _____ () C:\Users\Phoebe\Desktop\Pictures.lnk
2015-05-28 18:09 - 2015-05-28 18:09 - 00000865 _____ () C:\Users\Phoebe\Desktop\Videos.lnk
2015-05-28 18:07 - 2015-05-29 14:56 - 00000000 ____D () C:\Users\Phoebe\Desktop\Random
2015-05-28 15:32 - 2015-05-28 15:32 - 00000013 __RSH () C:\Windows\system32\Drivers\fbd.sys
2015-05-28 14:49 - 2015-05-28 14:49 - 00002286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-28 14:49 - 2015-05-28 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-28 14:48 - 2015-05-31 00:41 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-28 14:48 - 2015-05-30 19:58 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-28 14:48 - 2015-05-28 14:53 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-28 14:48 - 2015-05-28 14:53 - 00003654 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-28 14:48 - 2015-05-28 14:49 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Google
2015-05-28 14:48 - 2015-05-28 14:49 - 00000000 ____D () C:\Program Files (x86)\Google
2015-05-28 14:47 - 2015-05-28 18:36 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Deployment
2015-05-28 14:47 - 2015-05-28 14:47 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Apps\2.0
2015-05-28 14:45 - 2015-05-31 00:45 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{851B5046-C95B-40D0-AC8C-009962973C8A}
2015-05-28 14:45 - 2015-05-28 14:45 - 00000000 ____D () C:\Users\Phoebe\AppData\Roaming\Macromedia
2015-05-28 14:43 - 2015-05-31 00:50 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-998093710-3193632456-2710228237-1001
2015-05-28 14:43 - 2015-05-29 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-05-28 14:43 - 2015-05-28 14:43 - 00000000 ____D () C:\Program Files\Common Files\EPSON
2015-05-28 14:42 - 2015-05-31 00:45 - 00000000 ___RD () C:\Users\Phoebe\OneDrive
2015-05-28 14:42 - 2015-05-29 14:45 - 00000000 ____D () C:\ProgramData\EPSON
2015-05-28 14:42 - 2015-05-28 14:44 - 00002349 _____ () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire.lnk
2015-05-28 14:42 - 2015-05-28 14:44 - 00002341 _____ () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragons of Atlantis.lnk
2015-05-28 14:42 - 2015-05-28 14:43 - 00002335 _____ () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Godfather.lnk
2015-05-28 14:42 - 2015-05-28 14:43 - 00002321 _____ () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Edgeworld.lnk
2015-05-28 14:42 - 2015-05-28 14:42 - 00002334 _____ () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pirate Storm.lnk
2015-05-28 14:42 - 2015-05-28 14:42 - 00002131 _____ () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2015-05-28 14:42 - 2015-01-19 07:29 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YLMJJE.DLL
2015-05-28 14:42 - 2015-01-19 07:29 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BJJE.DLL
2015-05-28 14:42 - 2015-01-19 07:29 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2015-05-28 14:41 - 2015-05-30 01:55 - 00002285 _____ () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-05-28 14:40 - 2015-05-28 14:40 - 00000000 ____D () C:\Users\Public\Pokki
2015-05-28 14:39 - 2015-05-28 14:40 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\TOSHIBA
2015-05-28 14:38 - 2015-05-28 14:39 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-28 14:37 - 2015-05-28 21:00 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\VirtualStore
2015-05-28 14:37 - 2015-05-28 20:43 - 00000000 ____D () C:\Users\Phoebe\AppData\Roaming\Adobe
2015-05-28 14:37 - 2015-05-28 14:44 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Packages
2015-05-28 14:37 - 2015-05-28 14:37 - 00001453 _____ () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-28 14:35 - 2015-05-28 14:35 - 00000020 ___SH () C:\Users\Phoebe\ntuser.ini
2015-05-28 14:34 - 2015-05-31 00:46 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Pokki
2015-05-28 14:34 - 2015-05-31 00:39 - 00000000 ____D () C:\Users\Phoebe
2015-05-28 14:34 - 2014-11-17 20:19 - 00000000 ___RD () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-28 14:34 - 2014-11-17 20:01 - 00000000 ___RD () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-28 14:34 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-28 14:34 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-28 14:34 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-28 14:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-28 14:25 - 2015-03-14 01:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-28 14:25 - 2015-03-13 18:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-28 14:25 - 2015-03-13 18:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-28 14:25 - 2015-03-13 18:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-28 14:25 - 2015-03-13 18:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-28 14:25 - 2015-03-13 18:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-28 14:25 - 2015-03-13 17:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-28 14:25 - 2015-03-13 17:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-28 14:25 - 2015-03-13 17:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-28 14:25 - 2015-03-13 17:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-05-28 14:25 - 2015-03-13 17:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-05-28 14:25 - 2015-03-13 17:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-28 14:25 - 2015-03-13 17:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-28 14:25 - 2015-03-13 17:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-28 14:25 - 2015-03-13 17:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-28 14:25 - 2015-03-13 17:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-28 14:25 - 2015-03-13 16:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-28 14:25 - 2015-03-13 16:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-28 14:25 - 2014-10-17 23:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-31 00:50 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-31 00:48 - 2014-12-10 21:33 - 01773577 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 00:39 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-30 20:01 - 2014-12-10 22:02 - 00106728 _____ () C:\Users\Public\CAFADEBUG.log
2015-05-30 19:29 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-05-30 19:26 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-30 19:04 - 2014-12-10 22:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-30 01:56 - 2014-03-18 02:53 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-30 01:50 - 2014-12-10 22:22 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-05-30 01:49 - 2014-03-18 02:44 - 00011282 _____ () C:\Windows\PFRO.log
2015-05-30 01:49 - 2013-08-22 07:44 - 00492784 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-30 01:28 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-05-29 21:05 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-29 14:45 - 2014-11-17 20:59 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-28 20:43 - 2014-12-10 22:03 - 00000000 ____D () C:\Users\Public\CyberLink
2015-05-28 20:43 - 2014-11-17 21:19 - 00000000 ____D () C:\ProgramData\CyberLink
2015-05-28 20:04 - 2014-12-10 22:22 - 00000000 ____D () C:\ProgramData\McAfee
2015-05-28 20:03 - 2014-12-10 22:22 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-05-28 20:03 - 2013-08-22 08:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2015-05-28 19:17 - 2013-08-22 07:46 - 00018884 _____ () C:\Windows\setupact.log
2015-05-28 14:48 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-28 14:41 - 2014-11-17 21:01 - 00000000 ____D () C:\ProgramData\Toshiba
2015-05-28 14:35 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-28 14:27 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\rescache
2015-05-28 14:25 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\restore
 
==================== Files in the root of some directories =======
 
2014-11-17 21:18 - 2014-11-17 21:18 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
 
Some files in TEMP:
====================
C:\Users\Phoebe\AppData\Local\Temp\oct32BE.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-17 19:36
 
==================== End of log ============================
 
 
Addition TXT:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Phoebe at 2015-05-31 00:52:59
Running from C:\Users\Phoebe\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-998093710-3193632456-2710228237-500 - Administrator - Disabled)
Guest (S-1-5-21-998093710-3193632456-2710228237-501 - Limited - Disabled)
Phoebe (S-1-5-21-998093710-3193632456-2710228237-1001 - Administrator - Enabled) => C:\Users\Phoebe
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-998093710-3193632456-2710228237-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.36.50 - Conexant)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.5524 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.4220 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3920.05 - CyberLink Corp.)
Dragons of Atlantis (HKU\S-1-5-21-998093710-3193632456-2710228237-1001\...\Pokki_cfada041afdc4a11092a096cac66ab6a0945d92b) (Version: v1.1.7 - Pokki)
DTS Sound (HKLM-x32\...\{5B54DDC3-0ACC-4722-9C23-C3F07AF4825D}) (Version: 1.01.6700 - DTS, Inc.)
Edgeworld (HKU\S-1-5-21-998093710-3193632456-2710228237-1001\...\Pokki_2e9d53cc2b402b6e65aa9551308ca17a19c4721a) (Version: v1.1.8 - Pokki)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
Flixster (HKU\S-1-5-21-998093710-3193632456-2710228237-1001\...\cde6baecc037497b) (Version: 2.5.0.352 - Flixster)
Goodgame Empire (HKU\S-1-5-21-998093710-3193632456-2710228237-1001\...\Pokki_149b46d4a102c0304583931ceaa3f0bf19785ee3) (Version: v1.1.7 - Pokki)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Host App Service (HKU\S-1-5-21-998093710-3193632456-2710228237-1001\...\Pokki) (Version: 0.269.7.660 - Pokki)
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1529 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.285.6 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.214 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MyMusicCloud Sync Agent (HKLM-x32\...\{E5A80308-AAAD-4FDF-B85D-6755CCABFC35}) (Version: 3.3.285.4991 - TriPlay)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Pirate Storm (HKU\S-1-5-21-998093710-3193632456-2710228237-1001\...\Pokki_17dd240efdb0c50e8a5015de26b6d100f1b1072c) (Version: v1.1.6 - Pokki)
Pokki Start Menu (HKU\S-1-5-21-998093710-3193632456-2710228237-1001\...\Pokki_Start_Menu) (Version: 0.269.7.660 - Pokki)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
The Godfather (HKU\S-1-5-21-998093710-3193632456-2710228237-1001\...\Pokki_923d0f1d35897f6a6a73ba838623cda94c4ab689) (Version: v1.2.5 - Pokki)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{26BB68BB-CF93-4A12-BC6D-A3B6F53AC8D9}) (Version: 6.0.3.0 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden
WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
ZUUS Music Video Player (HKLM-x32\...\{870B7B26-BBBE-4A0A-A030-B09F6CC9867D}) (Version: 1.0.0 - ZUUS Media, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
28-05-2015 14:25:37 Windows Modules Installer
29-05-2015 14:47:59 Installed Software Updater
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {139B58AC-8609-4B18-BE84-379C6DC3335F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {1508605F-B991-4F7C-A404-1068E4ACFBAB} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {2100A112-C30D-4823-90BB-40E751D42487} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-21] (Synaptics Incorporated)
Task: {24D30BC8-8F60-438D-A264-488C03517A49} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {330D10A4-B1E5-4C3D-B6AD-1DDC0C9BE86D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-28] (Avast Software s.r.o.)
Task: {630EF50C-CF1A-4D86-81F9-C933F3D420A8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {72C66813-0A72-471D-AB10-0249A1BA100B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {85CDCE2D-B321-4762-9E9B-42F8090381C2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-28] (Google Inc.)
Task: {87A76507-F163-4582-97B2-D6770F3DFBB5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-29] (Microsoft Corporation)
Task: {89661BD1-A9AC-4FF2-99EB-1F54C394C46F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-29] (Microsoft Corporation)
Task: {9CE5AFE2-70B8-444B-94EB-7838E2A1D958} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CC2F201D-3D3C-4B47-AB6D-8D267EF30F9B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-29] (Microsoft Corporation)
Task: {DC480B6E-85E0-4A5A-8638-EFF0F25BA7DC} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2014-03-12] (TOSHIBA Corporation)
Task: {EF9B1FBA-E73B-49B0-A8B5-FB086D60DCC8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-28 21:00 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-03-21 15:09 - 2014-03-21 15:09 - 00021840 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2014-11-17 21:22 - 2012-04-24 19:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-05-29 11:14 - 2015-05-29 11:14 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-05-29 15:03 - 2015-05-29 15:04 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\ErrorReporting.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-08-22 00:19 - 2013-08-21 23:54 - 00174592 _____ () C:\Windows\system32\WinMetadata\Windows.UI.winmd
2013-08-22 00:19 - 2013-08-21 23:54 - 00050176 _____ () C:\Windows\system32\WinMetadata\Windows.Data.winmd
2015-05-28 15:06 - 2015-05-28 15:06 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\057b7043f4868b76c209d9c426b80743\Windows.Foundation.ni.dll
2015-05-28 22:27 - 2015-05-28 22:27 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-28 22:27 - 2015-05-28 22:27 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-29 14:53 - 2015-05-29 14:53 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052901\algo.dll
2015-05-31 00:42 - 2015-05-31 00:42 - 02951680 _____ () C:\Program Files\AVAST Software\Avast\defs\15053001\algo.dll
2015-05-28 22:27 - 2015-05-28 22:27 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-28 13:15 - 2015-04-28 13:15 - 00569856 _____ () C:\Users\Phoebe\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 13:15 - 2015-04-28 13:15 - 01400846 _____ () C:\Users\Phoebe\AppData\Local\Pokki\Engine\avcodec-54.dll
2015-04-28 13:15 - 2015-04-28 13:15 - 00151054 _____ () C:\Users\Phoebe\AppData\Local\Pokki\Engine\avutil-51.dll
2015-04-28 13:15 - 2015-04-28 13:15 - 00222734 _____ () C:\Users\Phoebe\AppData\Local\Pokki\Engine\avformat-54.dll
2014-12-10 21:34 - 2014-03-06 14:15 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-05-28 14:49 - 2015-05-22 13:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-28 14:49 - 2015-05-22 13:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Phoebe\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-998093710-3193632456-2710228237-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{755889ED-0F11-4D1D-9291-71BF396FBDA3}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{4F6E4A84-12D0-4E6F-8CAA-160FB6907E6D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{A058D718-CB31-40A2-92FC-C67BF953A45F}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{32B69FEF-AD2B-4A49-B95E-5BFB79CC2BEA}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{AA0F1799-8506-4F42-91AE-FAF48F94A387}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{D30A5DA1-B5BE-4899-A961-C21951809652}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{E06EB845-E9F6-418C-BEC6-F10BB1B0C082}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6E480070-63DF-45BF-B410-7F58FC1AE7BF}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9D6B748C-57FB-4A0C-8B82-84B9F294D96B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{274A4432-8091-46BF-82A8-571091687C04}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BA8D902F-966D-4B0A-BC55-7B4D110201E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D6762ED9-7CBF-4BB3-98A1-7AD0DA283E84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CCC89BE6-FB90-4A50-A012-558A59C9AB23}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C975D82F-379D-4B98-93F3-EC0F38F1B22B}] => (Allow) C:\Users\Phoebe\Music\iTunes.exe
FirewallRules: [{35A4E2AD-5D2B-4368-8D47-A391FE124C4F}] => (Allow) C:\Users\Phoebe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{86B846A2-B065-493B-86F3-46F8450C101F}] => (Allow) C:\Users\Phoebe\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B54094E0-59E6-4EEF-915E-D6B1BC35C3D5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{A2F4CFA5-4361-4031-B856-598D5CDFD446}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9F5B2FA9-340A-43FC-9CE3-19B29E511E2A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{2B05866D-1BFE-4E6A-BCD8-E3A594E0D0FC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4B7E6A7F-7E4C-49A9-8471-504BFCD56106}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{055BE0CF-EF8B-45AD-8DE2-167852AB68BB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{EF85FB1F-987F-468D-9D17-3120D6392E46}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/31/2015 00:35:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 43.0.2357.81 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1c50
 
Start Time: 01d09b73eddd7d45
 
Termination Time: 60000
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 6944d847-0767-11e5-8262-2c600c1e4b03
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/31/2015 00:31:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 43.0.2357.81 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1350
 
Start Time: 01d09b73732c9495
 
Termination Time: 60000
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: def86851-0766-11e5-8262-2c600c1e4b03
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/31/2015 00:27:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 43.0.2357.81 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1b9c
 
Start Time: 01d09b72214d9202
 
Termination Time: 16
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: f6c209a2-0765-11e5-8262-2c600c1e4b03
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (05/30/2015 07:23:33 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/30/2015 06:35:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 58671515
 
Error: (05/30/2015 06:35:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 58671515
 
Error: (05/30/2015 06:35:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2015 08:00:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/29/2015 04:50:47 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (05/29/2015 04:40:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (05/31/2015 00:38:47 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (05/31/2015 00:39:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:32:51 AM on ‎5/‎31/‎2015 was unexpected.
 
Error: (05/30/2015 08:01:18 PM) (Source: DCOM) (EventID: 10010) (User: CANDY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (05/30/2015 08:01:18 PM) (Source: DCOM) (EventID: 10010) (User: CANDY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (05/29/2015 01:07:00 AM) (Source: DCOM) (EventID: 10010) (User: CANDY)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (05/29/2015 01:06:55 AM) (Source: DCOM) (EventID: 10010) (User: CANDY)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (05/29/2015 01:06:55 AM) (Source: DCOM) (EventID: 10010) (User: CANDY)
Description: {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}
 
Error: (05/29/2015 01:06:54 AM) (Source: DCOM) (EventID: 10010) (User: CANDY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (05/29/2015 01:06:54 AM) (Source: DCOM) (EventID: 10010) (User: CANDY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (05/29/2015 01:06:48 AM) (Source: DCOM) (EventID: 10010) (User: CANDY)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
 
Microsoft Office:
=========================
Error: (05/31/2015 00:35:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe43.0.2357.811c5001d09b73eddd7d4560000C:\Program Files (x86)\Google\Chrome\Application\chrome.exe6944d847-0767-11e5-8262-2c600c1e4b03
 
Error: (05/31/2015 00:31:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe43.0.2357.81135001d09b73732c949560000C:\Program Files (x86)\Google\Chrome\Application\chrome.exedef86851-0766-11e5-8262-2c600c1e4b03
 
Error: (05/31/2015 00:27:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe43.0.2357.811b9c01d09b72214d920216C:\Program Files (x86)\Google\Chrome\Application\chrome.exef6c209a2-0765-11e5-8262-2c600c1e4b03
 
Error: (05/30/2015 07:23:33 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/30/2015 06:35:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 58671515
 
Error: (05/30/2015 06:35:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 58671515
 
Error: (05/30/2015 06:35:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/29/2015 08:00:05 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (05/29/2015 04:50:47 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (05/29/2015 04:40:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 32%
Total physical RAM: 8112.14 MB
Available physical RAM: 5478.25 MB
Total Pagefile: 10032.14 MB
Available Pagefile: 7430.84 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (TI10707300B) (Fixed) (Total:687 GB) (Free:607.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End of log ============================

 


  • 0

Advertisements


#2
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Hello, phoebe_s78, and Welcome! :welcome:

My name is Dan, and I'll be helping you with your issues. If someone else is helping you, either here or at another malware removal assistance site, please let me know so that I may direct my efforts to helping another user.  The Staff at Geeks To Go are ALL volunteers; please keep that in mind if I don’t answer your post as quickly as you’d like. I give what time I can.  PLEASE be patient. ;)

I am currently in training, so there will be another person reviewing my work.  This may cause a bit of a delay in my responses, but on the positive side, you will have two sets of eyes reviewing your logs instead of one... :cool:
 

  • Please note that you should have Administrator rights to perform any fixes.
     
  • Before we proceed, you may wish to print instructions for easy reference during the fix.  Please be aware that many of the required URLs are hyperlinks in the blue names shown on your screen. Part of the fix may require you to be in Safe Mode, which might not allow you to access the internet, or my instructions.
     
  • Please understand that malware removal is a complicated, multi-step process.  Therefore please stay with me until I tell you that your system is clean.  
     
  • Please do not make any system or program changes, or run any tools unless I specifically ask you to.  Attempting malware removal or clean-up yourself will only extend the time it will take to get your system clean.    If you get stuck or have questions, please stop and ask so I can help you.
     
  • Be sure to back up any personal data files you need to keep (documents, photos, etc.) to a USB flash drive or external hard disk.  While every attempt will be made to precisely repair the infections on your computer, due to the complexity and unpredictability of malware clean-up, there is always a risk of data loss.
     
  • When posting logs, please Copy & Paste the log file contents into a reply.  Use multiple posts if necessary, but please do not attach them or post them on a file hosting site.

 

I am currently reviewing your case, and will be back shortly with some initial steps.  Thanks for your patience!

 


  • 0

#3
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

OK, first things first...

 

 

You have two anti-virus programs running on your computer.

Running two or more real-time anti-virus, anti-spyware or firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, program crashes or other types of failure. You will very likely end up with little or no protection.

You need to go to Start > Control Panel > Uninstall a program and uninstall either:

McAfee LiveSafe - Internet Security

Or

Avast Free Antivirus

They are both good programs but if you have a paid version with a current, non-expired subscription, I would keep that one.

 

 

Please let me know which you are keeping and tell me when you've uninstalled the other.


  • 0

#4
phoebe_s78

phoebe_s78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Thank you!

 

I've decided to uninstall the avast antivirus program and it just got done uninstalling.


  • 0

#5
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Hello phoebe_s78,
 
Very well then, thanks for letting me know that you've chosen to keep McAfee and uninstall Avast.  :D
 
First
P2P Software Warning:
It seems you have uTorrent P2P software installed.  While this software may have been intentionally installed on the system, and the program itself may be safe, the files shared with these programs often carry an unknown malware payload.  

Besides installing malware,  the use of these programs can expose sensitive information belonging to you or your employer to the Internet, make your system vulnerable to unwanted attacks by exploiting known security issues, block your Internet access, and can possibly subject you to copyright infringement prosecution.

If you do decide to keep any P2P programs, please uninstall them or disable and keep from using them until after we've finished and your system is declared clean.

You can read more about the risks of using P2P software at these links:

Second
Programs uninstall

Go to Control Panel > Programs and Features, and uninstall the following programs.  If you aren't sure how to get there, see this link.
These are all made by Pokki, who has somehow gotten their Adware teeth into Asus, Lenovo and Toshiba systems:

  • Dragons of Atlantis
  • Edgeworld
  • Goodgame Empire
  • Host App Service
  • Pirate Storm
  • Pokki Start Menu
  • The Godfather

Third
Run a FRST Fix

  • Download the attached fixlist.txt file and save it to the Desktop: Attached File  fixlist.txt   1.58KB   269 downloads

    (Note: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.)

    Notice: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.
  • Run FRST/FRST64 from your Desktop and press the Fix button just once and wait.
    FRST_Fix_zps8lrdygec.png
  • If for some reason the tool needs a restart, please make sure you let the system restart normally.  After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop named Fixlog.txt. Please post the contents of that log file into your next reply.

Fourth
Run Junkware Removal Tool:

Please download Junkware Removal Tool to your Desktop.

  • Shut down your protection software now to avoid potential conflicts.  See here for more information.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Fifth
AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    AdwCleaner_Scan_zpsvt1mvqxm.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

Finally
In your next reply, please copy/paste the contents of the following logs:

  • FRST fixlog
  • JRT log
  • AdwCleaner scan log

And tell me how the system is running. :)


  • 1

#6
phoebe_s78

phoebe_s78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

It seems to be running faster than before and the google chrome hasn't had any problems. 

 

  • FRST fixlog:
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Phoebe at 2015-05-31 19:34:08 Run:2
Running from C:\Users\Phoebe\Desktop
Loaded Profiles: Phoebe (Available Profiles: Phoebe)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:(Pokki) C:\Users\Phoebe\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Phoebe\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\Phoebe\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-998093710-3193632456-2710228237-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\S-1-5-21-998093710-3193632456-2710228237-1001 -> {890CE8C5-062C-11E5-8261-2C600C1E4B03} URL = http://search.homepa...erms}2015-05-2818:29 - 2015-05-28 18:29 - 00000871 _____ () C:\Users\Phoebe\Desktop\µTorrent.lnk2015-05-28 18:29 - 2015-05-28 18:29 - 00000851 _____ () C:\Users\Phoebe\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk2015-05-28 18:28 - 2015-05-30 01:27 - 00000000 ____D () C:\Users\Phoebe\AppData\Roaming\uTorrent2015-05-28 18:28 - 2015-05-28 18:28 - 01742928 _____ (BitTorrent Inc.) C:\Users\Phoebe\Downloads\uTorrent_3-4-2-build-38913.exe   2015-05-28 14:40 - 2015-05-28 14:40 - 00000000 ____D () C:\Users\Public\Pokki
2015-05-28 14:34 - 2015-05-31 00:46 - 00000000 ____D () C:\Users\Phoebe\AppData\Local\Pokki
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
EmptyTemp:
CMD: bitsadmin /reset /allusers
end
*****************
 
Restore point was successfully created.
C:\Users\Phoebe\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe => No running process found
C:\Users\Phoebe\AppData\Local\Pokki\Engine\StartMenuIndexer.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-998093710-3193632456-2710228237-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-998093710-3193632456-2710228237-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{890CE8C5-062C-11E5-8261-2C600C1E4B03} => key not found. 
HKCR\CLSID\{890CE8C5-062C-11E5-8261-2C600C1E4B03} => key not found. 
"C:\Users\Phoebe\AppData\Local\Pokki" => File/Folder not found.
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 10.5 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 19:35:36 ====
 
 
 
 
 
  • JRT log
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.6 (05.31.2015:1)
OS: Windows 8.1 x64
Ran by Phoebe on Sun 05/31/2015 at 19:51:51.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
 
 
 
~~~ Chrome
 
 
[C:\Users\Phoebe\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Phoebe\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Phoebe\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Phoebe\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 05/31/2015 at 19:54:38.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
  • AdwCleaner scan log

 

 

 

# AdwCleaner v4.206 - Logfile created 31/05/2015 at 20:03:31

# Updated 01/06/2015 by Xplode
# Database : 2015-05-31.5 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Phoebe - CANDY
# Running from : C:\Users\Phoebe\Desktop\adwcleaner_4.206.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v43.0.2357.81
 
 
*************************
 
AdwCleaner[R0].txt - [776 bytes] - [31/05/2015 20:03:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [834 bytes] ##########

  • 0

#7
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Excellent, phoebe_s78! :thumbsup:

 

I will return with some further steps for you, but it will likely be 12 hours or more from now before I am able to post them.  We are getting close here.  Thanks for your patience. :)


  • 0

#8
phoebe_s78

phoebe_s78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Alright, thank you for the help! 

 

I'll be waiting for your directions  :spoton:


  • 0

#9
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Hello phoebe_s78,
 
Thanks for your patience.  Here are the next steps I'd like you to complete:
 
First
Programs uninstall

Go to Control Panel > Programs and Features, and uninstall the following programs.  If you aren't sure how to get there, see this link.

  • McAfee Security Scan Plus (this was likely installed as an optional package when you installed Adobe Reader, and is an on-demand scanner that you don't need)

Second
Run AdwCleaner

  • Close all open windows and browsers.
  • Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Cleaning button will be activated.
  • Click the Cleaning button.
    AdwCleaner_Clean_zpsmn8bl7wa.png
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this
    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Third
Install and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here

  • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application.  (x.x.x.xxxx represents the current version number).
  • If prompted to uninstall a previous version, please do so.
  • During installation, make sure to uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish.  You can always upgrade later ;) :
    MBAM1_zps65d773c0.png
     
  • If an update is found, it should download and install the latest updates automatically:
    MBAM_Dash_zpsd9c2j7gn.png
     
  • Now select the Settings tab, and check the box next to Scan for rootkits:
    MBAM_ScanSettings_zpsobmtmm4g.png
     
  • Go back to the Dashboard tab, and click the Scan Now button:
    MBAM_Dash_zpsd9c2j7gn.png
     
  • The scan may take some time to finish,so please be patient.
    MBAM_Scanning_zps7ytxgci2.png
     
  • When the scan is complete, it will show you the results:
    MBAM_Remove_zpszsjiczt4.png
     
  • Make sure that everything is checked, and click Remove Selected (or similar).
  • When disinfection is completed, a log may open in Notepad and you may be prompted to Restart.  (See Extra Note below)
  • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs.
  • Choose the latest Scan Log:
    MBAM_ScanLog_zpslkvxr7dk.png
     
  • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt).  Save the report to your Desktop.
    MBAM_ExportLog_zpswbzi1y40.png
  • Copy & Paste the entire contents of the report log in your next reply.

Fourth
Please update and run a full scan with your installed version of McAfee LiveSafe - Internet Security, and post any detected items back here.
 
Finally
In your next reply, please copy/paste the contents of the following logs:

  • AdwCleaner log
  • MBAM log
  • McAfee LiveSafe scan results (if anything was found)

And tell me how the system is running. :)


  • 0

#10
phoebe_s78

phoebe_s78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

My system seems to be running great so far!! Thank you!  :D

 

  • AdwCleaner log
 
 
# AdwCleaner v4.206 - Logfile created 01/06/2015 at 13:20:07
# Updated 01/06/2015 by Xplode
# Database : 2015-06-01.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Phoebe - CANDY
# Running from : C:\Users\Phoebe\Desktop\adwcleaner_4.206.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v43.0.2357.81
 
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_dnldstr_14_35_ch&cd=2XzuyEtN2Y1L1QzuzztD0CtCyC0EyEtByEyDyB0E0B0E0A0CtN0D0Tzu0SzyyBtDtN1L2XzutAtFtBtFtCtFtCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtA0E0Bzz0DtAyBtG0E0CyD0CtG0E0A0B0FtGyBzy0CyBtGyDyE0FzzyD0BtA0DtD0B0BtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StC0F0E0A0FtA0BtBtG0E0DzzzytGyE0FyEzztGzy0D0DzztG0F0Ezz0CyB0ByE0A0FtByCtB2Q&cr=447651281&ir=
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzuzztD0CtCyC0EyEtByEyDyB0E0B0E0A0CtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1209738023
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3061355
[C:\Users\Phoebe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [916 bytes] - [31/05/2015 20:03:31]
AdwCleaner[R1].txt - [2404 bytes] - [01/06/2015 13:15:30]
AdwCleaner[R2].txt - [2463 bytes] - [01/06/2015 13:17:00]
AdwCleaner[S0].txt - [2393 bytes] - [01/06/2015 13:20:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2452  bytes] ##########
 
 
 
 
  • MBAM log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/1/2015
Scan Time: 1:28:26 PM
Logfile: Malwarebytes.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.01.05
Rootkit Database: v2015.05.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Phoebe
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352538
Time Elapsed: 23 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 

 

(end)

 

 

 

 

  • McAfee LiveSafe scan results (if anything was found)

 

0 Viruses were detected in the scan!  :)


  • 0

#11
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

Hello phoebe_s78,
 
A couple of quick things to cover here:

  • Please be advised that your version of Flash Player is severely outdated (Version 14), so be sure to update it as explained in the Other Program updates section below. 
  • You should also read the CryptoLocker Warning section to learn how to help protect your system and data from possible damage from this horrible malware.

Everything looks good here, so I'm happy to tell you:
 
Congratulations, your log is clean! :thumbsup:

Now, let's cover some additional steps to clean up your computer and help you avoid getting infected again...

Tools Cleanup and Housekeeping
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

Tool Removal
We need to remove the tools we've used during cleaning your machine

  • Download DelFix from here
  • Ensure Remove disinfection tools is ticked
  • Also check these options:
    • Activate UAC
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix_zpsjnkukbim.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log.

Please paste the log in your next reply, and delete any logs that you have left over on your desktop.

Now let's take a few preventative measures to reduce the risk of further infections. :cool:


Automatic Updates for Windows 8
Another essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help keep your computer from becoming vulnerable. It is best if you have these set to download automatically.

Turn ON Automatic Updates in Windows 8


Keep Java Updated
Warning: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java.
See this article

You do not have Java installed, but the following is FYI in case you end up needing it for some software you are running.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser and How to unplug Java from the browser).

If you do need to keep Java then download JavaRa.
Run the program and select Remove Java Runtime.  Uninstall all versions of Java present.
Once done then run it again and select Update Java runtime > Download and install Latest version.
javara.JPG


Web Browser security
Most malware is exploiting Internet Explorer's vulnerabilities, with Firefox you will likely be more secure.

Note: If you are going to use Firefox, I would suggest the use of these add-ons:

  • NoScript - for blocking ads and other potential website attacks.
  • AdBlock Plus - block annoying ads that cost you expensive bandwith, with the added benefit of faster page loading.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling. (You have this already :) )

Other Program updates
If you use any Adobe software make sure to keep them updated.  Best of all, they are FREE.
Note: Make sure to uncheck the check box labelled "Yes, install McAfee Security Scan Plus - optional", or any other optional "features".

Anti Virus Programs
On to personal Anti Virus programs. One AV is a must have, but never more than one, as this can and will cause conflicts, system slow-downs, and false readings.

If you wish to keep using your current program (you have McAfee LiveSafe Internet Security), always make sure it is up to date and enabled.
- OR -
These FREE ones are as good as any paid subscription AV, as long as you allow them to update themselves:

Anti Spyware Programs
You already have an excellent preventative program that will help to keep the nasties away - Malwarebytes Anti-Malware.  I would advise running this at least once a month.  If you need to download it again, you can get it from here:  
Malwarebytes Anti-Malware


Instant Messengers
Almost done! If you like to use chat, MSN and Yahoo have vulnerabilities that can leave you open to infections. There are however a couple of very good, malware-free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

File/System Cleaners
Finally, it is a good idea to clear out all your temp files every now and again. This will help keep your computer running optimally. It can detect registry errors, missing shortcuts, invalid files, etc. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

CryptoLocker Warning
CryptoLocker is a particularly nasty infection which is becoming more prevalent...
 
Go here for information about CryptoLocker Ransomware. Learning about what is out there may help you prevent infection. The best protection against this infection is to backup your files often. If you're using an external drive, keep it unplugged from the computer when you're not backing up files or using it. This will prevent the infection from getting to your backed up files if you ever have the frustrating experience of contracting it.
 
It is suggested to Download CryptoPrevent, which is free for home use. It will help prevent CryptoLocker infection.


Further Reading
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this excellent article, originally written by Tony Klein, and updated by SpySentinel.

I will keep this log open for the next couple of days, so if you have any further problems, you can post another reply here.

OK, happy computing, and stay safe! :cool:

Please reply again to this thread to acknowledge you have read my last post.  If you have no further questions, this thread will be closed to prevent others from posting here.

Thanks!

 


  • 1

#12
phoebe_s78

phoebe_s78

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

Thank you so much! I've taken your advice on the programs to get, which is what I just finished doing.  :)

 

Here's the log you asked for:

 

# DelFix v1.010 - Logfile created 02/06/2015 at 23:36:34
# Updated 26/04/2015 by Xplode
# Username : Phoebe - CANDY
# Operating System : Windows 8.1  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Phoebe\Desktop\adwcleaner_4.206.exe
Deleted : C:\Users\Phoebe\Desktop\FRST64.exe
Deleted : C:\Users\Phoebe\Desktop\JRT.exe
Deleted : C:\Users\Phoebe\Downloads\Addition.txt
Deleted : C:\Users\Phoebe\Downloads\FRST.txt
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #2 [Windows Modules Installer | 05/28/2015 21:25:37]
Deleted : RP #3 [Installed Software Updater | 05/29/2015 21:47:59]
Deleted : RP #4 [avast! antivirus system restore point | 05/31/2015 23:39:08]
Deleted : RP #6 [Restore Point Created by FRST | 06/01/2015 02:24:04]
Deleted : RP #8 [Restore Point Created by FRST | 06/01/2015 02:34:21]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#13
DanoNH

DanoNH

    Trusted Helper

  • Malware Removal
  • 2,155 posts

You're welcome!  Glad we could help! :thumbsup:


  • 1

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: maleware, google chrome, virus, infection, windows 8.1

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP